<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-->
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc-confgen</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.rndc.conf.html" title="rndc.conf">
<link rel="next" href="man.ddns-confgen.html" title="ddns-confgen">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
<table width="100%" summary="Navigation header">
<tr><th colspan="3" align="center"><span class="application">rndc-confgen</span></th></tr>
<tr>
<td width="20%" align="left">
<a accesskey="p" href="man.rndc.conf.html">Prev</a>�</td>
<th width="60%" align="center">Manual pages</th>
<td width="20%" align="right">�<a accesskey="n" href="man.ddns-confgen.html">Next</a>
</td>
</tr>
</table>
<hr>
</div>
<div class="refentry">
<a name="man.rndc-confgen"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>
<span class="application">rndc-confgen</span>
— rndc key generation tool
</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p>
<code class="command">rndc-confgen</code>
[<code class="option">-a</code>]
[<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>]
[<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>]
[<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>]
[<code class="option">-h</code>]
[<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
[<code class="option">-p <em class="replaceable"><code>port</code></em></code>]
[<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
[<code class="option">-s <em class="replaceable"><code>address</code></em></code>]
[<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>]
[<code class="option">-u <em class="replaceable"><code>user</code></em></code>]
</p></div>
</div>
<div class="refsection">
<a name="id-1.14.29.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>rndc-confgen</strong></span>
generates configuration files
for <span class="command"><strong>rndc</strong></span>. It can be used as a
convenient alternative to writing the
<code class="filename">rndc.conf</code> file
and the corresponding <span class="command"><strong>controls</strong></span>
and <span class="command"><strong>key</strong></span>
statements in <code class="filename">named.conf</code> by hand.
Alternatively, it can be run with the <span class="command"><strong>-a</strong></span>
option to set up a <code class="filename">rndc.key</code> file and
avoid the need for a <code class="filename">rndc.conf</code> file
and a <span class="command"><strong>controls</strong></span> statement altogether.
</p>
</div>
<div class="refsection">
<a name="id-1.14.29.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-a</span></dt>
<dd>
<p>
Do automatic <span class="command"><strong>rndc</strong></span> configuration.
This creates a file <code class="filename">rndc.key</code>
in <code class="filename">/etc</code> (or whatever
<code class="varname">sysconfdir</code>
was specified as when <acronym class="acronym">BIND</acronym> was
built)
that is read by both <span class="command"><strong>rndc</strong></span>
and <span class="command"><strong>named</strong></span> on startup. The
<code class="filename">rndc.key</code> file defines a default
command channel and authentication key allowing
<span class="command"><strong>rndc</strong></span> to communicate with
<span class="command"><strong>named</strong></span> on the local host
with no further configuration.
</p>
<p>
Running <span class="command"><strong>rndc-confgen -a</strong></span> allows
BIND 9 and <span class="command"><strong>rndc</strong></span> to be used as
drop-in
replacements for BIND 8 and <span class="command"><strong>ndc</strong></span>,
with no changes to the existing BIND 8
<code class="filename">named.conf</code> file.
</p>
<p>
If a more elaborate configuration than that
generated by <span class="command"><strong>rndc-confgen -a</strong></span>
is required, for example if rndc is to be used remotely,
you should run <span class="command"><strong>rndc-confgen</strong></span> without
the
<span class="command"><strong>-a</strong></span> option and set up a
<code class="filename">rndc.conf</code> and
<code class="filename">named.conf</code>
as directed.
</p>
</dd>
<dt><span class="term">-A <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
Specifies the algorithm to use for the TSIG key. Available
choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
hmac-sha384 and hmac-sha512. The default is hmac-md5 or
if MD5 was disabled hmac-sha256.
</p>
</dd>
<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
<dd>
<p>
Specifies the size of the authentication key in bits.
Must be between 1 and 512 bits; the default is the
hash size.
</p>
</dd>
<dt><span class="term">-c <em class="replaceable"><code>keyfile</code></em></span></dt>
<dd>
<p>
Used with the <span class="command"><strong>-a</strong></span> option to specify
an alternate location for <code class="filename">rndc.key</code>.
</p>
</dd>
<dt><span class="term">-h</span></dt>
<dd>
<p>
Prints a short summary of the options and arguments to
<span class="command"><strong>rndc-confgen</strong></span>.
</p>
</dd>
<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
<dd>
<p>
Specifies the key name of the rndc authentication key.
This must be a valid domain name.
The default is <code class="constant">rndc-key</code>.
</p>
</dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
<dd>
<p>
Specifies the command channel port where <span class="command"><strong>named</strong></span>
listens for connections from <span class="command"><strong>rndc</strong></span>.
The default is 953.
</p>
</dd>
<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
<dd>
<p>
Specifies a source of random data for generating the
authorization. If the operating
system does not provide a <code class="filename">/dev/random</code>
or equivalent device, the default source of randomness
is keyboard input. <code class="filename">randomdev</code>
specifies
the name of a character device or file containing random
data to be used instead of the default. The special value
<code class="filename">keyboard</code> indicates that keyboard
input should be used.
</p>
</dd>
<dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
<dd>
<p>
Specifies the IP address where <span class="command"><strong>named</strong></span>
listens for command channel connections from
<span class="command"><strong>rndc</strong></span>. The default is the loopback
address 127.0.0.1.
</p>
</dd>
<dt><span class="term">-t <em class="replaceable"><code>chrootdir</code></em></span></dt>
<dd>
<p>
Used with the <span class="command"><strong>-a</strong></span> option to specify
a directory where <span class="command"><strong>named</strong></span> will run
chrooted. An additional copy of the <code class="filename">rndc.key</code>
will be written relative to this directory so that
it will be found by the chrooted <span class="command"><strong>named</strong></span>.
</p>
</dd>
<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
<dd>
<p>
Used with the <span class="command"><strong>-a</strong></span> option to set the
owner
of the <code class="filename">rndc.key</code> file generated.
If
<span class="command"><strong>-t</strong></span> is also specified only the file
in
the chroot area has its owner changed.
</p>
</dd>
</dl></div>
</div>
<div class="refsection">
<a name="id-1.14.29.9"></a><h2>EXAMPLES</h2>
<p>
To allow <span class="command"><strong>rndc</strong></span> to be used with
no manual configuration, run
</p>
<p><strong class="userinput"><code>rndc-confgen -a</code></strong>
</p>
<p>
To print a sample <code class="filename">rndc.conf</code> file and
corresponding <span class="command"><strong>controls</strong></span> and <span class="command"><strong>key</strong></span>
statements to be manually inserted into <code class="filename">named.conf</code>,
run
</p>
<p><strong class="userinput"><code>rndc-confgen</code></strong>
</p>
</div>
<div class="refsection">
<a name="id-1.14.29.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">rndc</span>(8)
</span>,
<span class="citerefentry">
<span class="refentrytitle">rndc.conf</span>(5)
</span>,
<span class="citerefentry">
<span class="refentrytitle">named</span>(8)
</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.rndc.conf.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.ddns-confgen.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<code class="filename">rndc.conf</code>�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<span class="application">ddns-confgen</span>
</td>
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4-P2 (Extended Support Version)</p>
</body>
</html>
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| sample | Folder | 0755 |
|
|
| Bv9ARM.ch01.html | File | 26.11 KB | 0644 |
|
| Bv9ARM.ch02.html | File | 7.18 KB | 0644 |
|
| Bv9ARM.ch03.html | File | 30.38 KB | 0644 |
|
| Bv9ARM.ch04.html | File | 129.65 KB | 0644 |
|
| Bv9ARM.ch05.html | File | 6.29 KB | 0644 |
|
| Bv9ARM.ch06.html | File | 684.15 KB | 0644 |
|
| Bv9ARM.ch07.html | File | 19.56 KB | 0644 |
|
| Bv9ARM.ch08.html | File | 6.32 KB | 0644 |
|
| Bv9ARM.ch09.html | File | 10.27 KB | 0644 |
|
| Bv9ARM.ch10.html | File | 6.92 KB | 0644 |
|
| Bv9ARM.ch11.html | File | 53.24 KB | 0644 |
|
| Bv9ARM.ch12.html | File | 20.45 KB | 0644 |
|
| Bv9ARM.ch13.html | File | 9.88 KB | 0644 |
|
| Bv9ARM.html | File | 29.71 KB | 0644 |
|
| Bv9ARM.pdf | File | 1.24 MB | 0644 |
|
| CHANGES | File | 528.76 KB | 0644 |
|
| README | File | 22.46 KB | 0644 |
|
| isc-logo.pdf | File | 281.24 KB | 0644 |
|
| man.arpaname.html | File | 3.01 KB | 0644 |
|
| man.ddns-confgen.html | File | 9.49 KB | 0644 |
|
| man.delv.html | File | 23.87 KB | 0644 |
|
| man.dig.html | File | 40.63 KB | 0644 |
|
| man.dnssec-checkds.html | File | 5.35 KB | 0644 |
|
| man.dnssec-coverage.html | File | 11.35 KB | 0644 |
|
| man.dnssec-dsfromkey.html | File | 9.68 KB | 0644 |
|
| man.dnssec-importkey.html | File | 9.58 KB | 0644 |
|
| man.dnssec-keyfromlabel.html | File | 19.12 KB | 0644 |
|
| man.dnssec-keygen.html | File | 22.31 KB | 0644 |
|
| man.dnssec-keymgr.html | File | 15.15 KB | 0644 |
|
| man.dnssec-revoke.html | File | 5.62 KB | 0644 |
|
| man.dnssec-settime.html | File | 14.55 KB | 0644 |
|
| man.dnssec-signzone.html | File | 30.69 KB | 0644 |
|
| man.dnssec-verify.html | File | 7.43 KB | 0644 |
|
| man.dnstap-read.html | File | 4.39 KB | 0644 |
|
| man.genrandom.html | File | 4.13 KB | 0644 |
|
| man.host.html | File | 12.74 KB | 0644 |
|
| man.isc-hmac-fixup.html | File | 4.6 KB | 0644 |
|
| man.lwresd.html | File | 12.45 KB | 0644 |
|
| man.mdig.html | File | 23.18 KB | 0644 |
|
| man.named-checkconf.html | File | 6.77 KB | 0644 |
|
| man.named-checkzone.html | File | 20.21 KB | 0644 |
|
| man.named-journalprint.html | File | 4.2 KB | 0644 |
|
| man.named-nzd2nzf.html | File | 3.86 KB | 0644 |
|
| man.named-rrchecker.html | File | 4.21 KB | 0644 |
|
| man.named.conf.html | File | 73.42 KB | 0644 |
|
| man.named.html | File | 19.07 KB | 0644 |
|
| man.nsec3hash.html | File | 4.17 KB | 0644 |
|
| man.nslookup.html | File | 14.49 KB | 0644 |
|
| man.nsupdate.html | File | 28.11 KB | 0644 |
|
| man.pkcs11-destroy.html | File | 5.57 KB | 0644 |
|
| man.pkcs11-keygen.html | File | 7.13 KB | 0644 |
|
| man.pkcs11-list.html | File | 5.46 KB | 0644 |
|
| man.pkcs11-tokens.html | File | 3.73 KB | 0644 |
|
| man.rndc-confgen.html | File | 11.48 KB | 0644 |
|
| man.rndc.conf.html | File | 10.17 KB | 0644 |
|
| man.rndc.html | File | 39.89 KB | 0644 |
|
| named.conf.default | File | 1.76 KB | 0644 |
|
| notes.html | File | 7.31 KB | 0644 |
|
| notes.pdf | File | 50.96 KB | 0644 |
|