summaryrefslogtreecommitdiffstats
path: root/bin/confgen/rndc-confgen.rst
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--bin/confgen/rndc-confgen.rst106
1 files changed, 106 insertions, 0 deletions
diff --git a/bin/confgen/rndc-confgen.rst b/bin/confgen/rndc-confgen.rst
new file mode 100644
index 0000000..d90acba
--- /dev/null
+++ b/bin/confgen/rndc-confgen.rst
@@ -0,0 +1,106 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0. If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+.. highlight: console
+
+.. _man_rndc-confgen:
+
+rndc-confgen - rndc key generation tool
+---------------------------------------
+
+Synopsis
+~~~~~~~~
+
+:program:`rndc-confgen` [**-a**] [**-A** algorithm] [**-b** keysize] [**-c** keyfile] [**-h**] [**-k** keyname] [**-p** port] [**-s** address] [**-t** chrootdir] [**-u** user]
+
+Description
+~~~~~~~~~~~
+
+``rndc-confgen`` generates configuration files for ``rndc``. It can be
+used as a convenient alternative to writing the ``rndc.conf`` file and
+the corresponding ``controls`` and ``key`` statements in ``named.conf``
+by hand. Alternatively, it can be run with the ``-a`` option to set up a
+``rndc.key`` file and avoid the need for a ``rndc.conf`` file and a
+``controls`` statement altogether.
+
+Options
+~~~~~~~
+
+``-a``
+ This option sets automatic ``rndc`` configuration, which creates a file ``rndc.key``
+ in ``/etc`` (or a different ``sysconfdir`` specified when BIND
+ was built) that is read by both ``rndc`` and ``named`` on startup.
+ The ``rndc.key`` file defines a default command channel and
+ authentication key allowing ``rndc`` to communicate with ``named`` on
+ the local host with no further configuration.
+
+ If a more elaborate configuration than that generated by
+ ``rndc-confgen -a`` is required, for example if rndc is to be used
+ remotely, run ``rndc-confgen`` without the ``-a`` option
+ and set up ``rndc.conf`` and ``named.conf`` as directed.
+
+``-A algorithm``
+ This option specifies the algorithm to use for the TSIG key. Available choices
+ are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, and
+ hmac-sha512. The default is hmac-sha256.
+
+``-b keysize``
+ This option specifies the size of the authentication key in bits. The size must be between
+ 1 and 512 bits; the default is the hash size.
+
+``-c keyfile``
+ This option is used with the ``-a`` option to specify an alternate location for
+ ``rndc.key``.
+
+``-h``
+ This option prints a short summary of the options and arguments to
+ ``rndc-confgen``.
+
+``-k keyname``
+ This option specifies the key name of the ``rndc`` authentication key. This must be a
+ valid domain name. The default is ``rndc-key``.
+
+``-p port``
+ This option specifies the command channel port where ``named`` listens for
+ connections from ``rndc``. The default is 953.
+
+``-s address``
+ This option specifies the IP address where ``named`` listens for command-channel
+ connections from ``rndc``. The default is the loopback address
+ 127.0.0.1.
+
+``-t chrootdir``
+ This option is used with the ``-a`` option to specify a directory where ``named``
+ runs chrooted. An additional copy of the ``rndc.key`` is
+ written relative to this directory, so that it is found by the
+ chrooted ``named``.
+
+``-u user``
+ This option is used with the ``-a`` option to set the owner of the generated ``rndc.key`` file.
+ If ``-t`` is also specified, only the file in the chroot
+ area has its owner changed.
+
+Examples
+~~~~~~~~
+
+To allow ``rndc`` to be used with no manual configuration, run:
+
+``rndc-confgen -a``
+
+To print a sample ``rndc.conf`` file and the corresponding ``controls`` and
+``key`` statements to be manually inserted into ``named.conf``, run:
+
+``rndc-confgen``
+
+See Also
+~~~~~~~~
+
+:manpage:`rndc(8)`, :manpage:`rndc.conf(5)`, :manpage:`named(8)`, BIND 9 Administrator Reference Manual.