1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3 [<!ENTITY mdash "—">]>
5 - Copyright (C) 2004, 2005, 2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
6 - Copyright (C) 2001, 2003 Internet Software Consortium.
8 - Permission to use, copy, modify, and/or distribute this software for any
9 - purpose with or without fee is hereby granted, provided that the above
10 - copyright notice and this permission notice appear in all copies.
12 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
13 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
14 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
16 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
17 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
18 - PERFORMANCE OF THIS SOFTWARE.
21 <refentry id="man.rndc-confgen">
23 <date>March 14, 2013</date>
27 <refentrytitle><application>rndc-confgen</application></refentrytitle>
28 <manvolnum>8</manvolnum>
29 <refmiscinfo>BIND9</refmiscinfo>
33 <refname><application>rndc-confgen</application></refname>
34 <refpurpose>rndc key generation tool</refpurpose>
45 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
50 <holder>Internet Software Consortium.</holder>
56 <command>rndc-confgen</command>
57 <arg><option>-a</option></arg>
58 <arg><option>-A <replaceable class="parameter">algorithm</replaceable></option></arg>
59 <arg><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
60 <arg><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg>
61 <arg><option>-h</option></arg>
62 <arg><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
63 <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
64 <arg><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
65 <arg><option>-s <replaceable class="parameter">address</replaceable></option></arg>
66 <arg><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
67 <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
72 <title>DESCRIPTION</title>
73 <para><command>rndc-confgen</command>
74 generates configuration files
75 for <command>rndc</command>. It can be used as a
76 convenient alternative to writing the
77 <filename>rndc.conf</filename> file
78 and the corresponding <command>controls</command>
79 and <command>key</command>
80 statements in <filename>named.conf</filename> by hand.
81 Alternatively, it can be run with the <command>-a</command>
82 option to set up a <filename>rndc.key</filename> file and
83 avoid the need for a <filename>rndc.conf</filename> file
84 and a <command>controls</command> statement altogether.
90 <title>OPTIONS</title>
97 Do automatic <command>rndc</command> configuration.
98 This creates a file <filename>rndc.key</filename>
99 in <filename>/etc</filename> (or whatever
100 <varname>sysconfdir</varname>
101 was specified as when <acronym>BIND</acronym> was
103 that is read by both <command>rndc</command>
104 and <command>named</command> on startup. The
105 <filename>rndc.key</filename> file defines a default
106 command channel and authentication key allowing
107 <command>rndc</command> to communicate with
108 <command>named</command> on the local host
109 with no further configuration.
112 Running <command>rndc-confgen -a</command> allows
113 BIND 9 and <command>rndc</command> to be used as
115 replacements for BIND 8 and <command>ndc</command>,
116 with no changes to the existing BIND 8
117 <filename>named.conf</filename> file.
120 If a more elaborate configuration than that
121 generated by <command>rndc-confgen -a</command>
122 is required, for example if rndc is to be used remotely,
123 you should run <command>rndc-confgen</command> without
125 <command>-a</command> option and set up a
126 <filename>rndc.conf</filename> and
127 <filename>named.conf</filename>
134 <term>-A <replaceable class="parameter">algorithm</replaceable></term>
137 Specifies the algorithm to use for the TSIG key. Available
138 choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
139 hmac-sha384 and hmac-sha512. The default is hmac-md5.
145 <term>-b <replaceable class="parameter">keysize</replaceable></term>
148 Specifies the size of the authentication key in bits.
149 Must be between 1 and 512 bits; the default is the
156 <term>-c <replaceable class="parameter">keyfile</replaceable></term>
159 Used with the <command>-a</command> option to specify
160 an alternate location for <filename>rndc.key</filename>.
169 Prints a short summary of the options and arguments to
170 <command>rndc-confgen</command>.
176 <term>-k <replaceable class="parameter">keyname</replaceable></term>
179 Specifies the key name of the rndc authentication key.
180 This must be a valid domain name.
181 The default is <constant>rndc-key</constant>.
187 <term>-p <replaceable class="parameter">port</replaceable></term>
190 Specifies the command channel port where <command>named</command>
191 listens for connections from <command>rndc</command>.
198 <term>-r <replaceable class="parameter">randomfile</replaceable></term>
201 Specifies a source of random data for generating the
202 authorization. If the operating
203 system does not provide a <filename>/dev/random</filename>
204 or equivalent device, the default source of randomness
205 is keyboard input. <filename>randomdev</filename>
207 the name of a character device or file containing random
208 data to be used instead of the default. The special value
209 <filename>keyboard</filename> indicates that keyboard
210 input should be used.
216 <term>-s <replaceable class="parameter">address</replaceable></term>
219 Specifies the IP address where <command>named</command>
220 listens for command channel connections from
221 <command>rndc</command>. The default is the loopback
228 <term>-t <replaceable class="parameter">chrootdir</replaceable></term>
231 Used with the <command>-a</command> option to specify
232 a directory where <command>named</command> will run
233 chrooted. An additional copy of the <filename>rndc.key</filename>
234 will be written relative to this directory so that
235 it will be found by the chrooted <command>named</command>.
241 <term>-u <replaceable class="parameter">user</replaceable></term>
244 Used with the <command>-a</command> option to set the
246 of the <filename>rndc.key</filename> file generated.
248 <command>-t</command> is also specified only the file
250 the chroot area has its owner changed.
259 <title>EXAMPLES</title>
261 To allow <command>rndc</command> to be used with
262 no manual configuration, run
264 <para><userinput>rndc-confgen -a</userinput>
267 To print a sample <filename>rndc.conf</filename> file and
268 corresponding <command>controls</command> and <command>key</command>
269 statements to be manually inserted into <filename>named.conf</filename>,
272 <para><userinput>rndc-confgen</userinput>
277 <title>SEE ALSO</title>
279 <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
282 <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
285 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
287 <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
292 <title>AUTHOR</title>
293 <para><corpauthor>Internet Systems Consortium</corpauthor>