diff options
Diffstat (limited to 'doc/man/rndc-confgen.8in')
-rw-r--r-- | doc/man/rndc-confgen.8in | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/doc/man/rndc-confgen.8in b/doc/man/rndc-confgen.8in new file mode 100644 index 0000000..fa20381 --- /dev/null +++ b/doc/man/rndc-confgen.8in @@ -0,0 +1,141 @@ +.\" Man page generated from reStructuredText. +. +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.TH "RNDC-CONFGEN" "8" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9" +.SH NAME +rndc-confgen \- rndc key generation tool +.SH SYNOPSIS +.sp +\fBrndc\-confgen\fP [\fB\-a\fP] [\fB\-A\fP algorithm] [\fB\-b\fP keysize] [\fB\-c\fP keyfile] [\fB\-h\fP] [\fB\-k\fP keyname] [\fB\-p\fP port] [\fB\-s\fP address] [\fB\-t\fP chrootdir] [\fB\-u\fP user] +.SH DESCRIPTION +.sp +\fBrndc\-confgen\fP generates configuration files for \fI\%rndc\fP\&. It can be +used as a convenient alternative to writing the \fI\%rndc.conf\fP file and +the corresponding \fBcontrols\fP and \fBkey\fP statements in \fI\%named.conf\fP +by hand. Alternatively, it can be run with the \fI\%\-a\fP option to set up a +\fBrndc.key\fP file and avoid the need for a \fI\%rndc.conf\fP file and a +\fBcontrols\fP statement altogether. +.SH OPTIONS +.INDENT 0.0 +.TP +.B \-a +This option sets automatic \fI\%rndc\fP configuration, which creates a file +\fB@sysconfdir@/rndc.key\fP that is read by both \fI\%rndc\fP and \fI\%named\fP on startup. +The \fBrndc.key\fP file defines a default command channel and +authentication key allowing \fI\%rndc\fP to communicate with \fI\%named\fP on +the local host with no further configuration. +.sp +If a more elaborate configuration than that generated by +\fI\%rndc\-confgen \-a\fP is required, for example if rndc is to be used +remotely, run \fBrndc\-confgen\fP without the \fI\%\-a\fP option +and set up \fI\%rndc.conf\fP and \fI\%named.conf\fP as directed. +.UNINDENT +.INDENT 0.0 +.TP +.B \-A algorithm +This option specifies the algorithm to use for the TSIG key. Available choices +are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384, and +hmac\-sha512. The default is hmac\-sha256. +.UNINDENT +.INDENT 0.0 +.TP +.B \-b keysize +This option specifies the size of the authentication key in bits. The size must be between +1 and 512 bits; the default is the hash size. +.UNINDENT +.INDENT 0.0 +.TP +.B \-c keyfile +This option is used with the \fI\%\-a\fP option to specify an alternate location for +\fBrndc.key\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-h +This option prints a short summary of the options and arguments to +\fBrndc\-confgen\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-k keyname +This option specifies the key name of the \fI\%rndc\fP authentication key. This must be a +valid domain name. The default is \fBrndc\-key\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-p port +This option specifies the command channel port where \fI\%named\fP listens for +connections from \fI\%rndc\fP\&. The default is 953. +.UNINDENT +.INDENT 0.0 +.TP +.B \-q +This option prevets printing the written path in automatic configuration mode. +.UNINDENT +.INDENT 0.0 +.TP +.B \-s address +This option specifies the IP address where \fI\%named\fP listens for command\-channel +connections from \fI\%rndc\fP\&. The default is the loopback address +127.0.0.1. +.UNINDENT +.INDENT 0.0 +.TP +.B \-t chrootdir +This option is used with the \fI\%\-a\fP option to specify a directory where \fI\%named\fP +runs chrooted. An additional copy of the \fBrndc.key\fP is +written relative to this directory, so that it is found by the +chrooted \fI\%named\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-u user +This option is used with the \fI\%\-a\fP option to set the owner of the generated \fBrndc.key\fP file. +If \fI\%\-t\fP is also specified, only the file in the chroot +area has its owner changed. +.UNINDENT +.SH EXAMPLES +.sp +To allow \fI\%rndc\fP to be used with no manual configuration, run: +.sp +\fBrndc\-confgen \-a\fP +.sp +To print a sample \fI\%rndc.conf\fP file and the corresponding \fBcontrols\fP and +\fBkey\fP statements to be manually inserted into \fI\%named.conf\fP, run: +.sp +\fBrndc\-confgen\fP +.SH SEE ALSO +.sp +\fI\%rndc(8)\fP, \fI\%rndc.conf(5)\fP, \fI\%named(8)\fP, BIND 9 Administrator Reference Manual. +.SH AUTHOR +Internet Systems Consortium +.SH COPYRIGHT +2023, Internet Systems Consortium +.\" Generated by docutils manpage writer. +. |