| blob | ef7b0426725cdc93bbe255565dbd782cfd55b2a6 |
1 .\" $NetBSD$
2 .\"
3 .\" Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
4 .\" Copyright (C) 2001, 2003 Internet Software Consortium.
5 .\"
6 .\" Permission to use, copy, modify, and/or distribute this software for any
7 .\" purpose with or without fee is hereby granted, provided that the above
8 .\" copyright notice and this permission notice appear in all copies.
9 .\"
10 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12 .\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 .\" PERFORMANCE OF THIS SOFTWARE.
17 .\"
18 .\" Id: rndc-confgen.8,v 1.7 2009/07/11 01:12:45 tbox Exp
19 .\"
20 .hy 0
21 .ad l
22 .\" Title: rndc\-confgen
23 .\" Author:
24 .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
25 .\" Date: Aug 27, 2001
26 .\" Manual: BIND9
27 .\" Source: BIND9
28 .\"
29 .TH "RNDC\-CONFGEN" "8" "Aug 27, 2001" "BIND9" "BIND9"
30 .\" disable hyphenation
31 .nh
32 .\" disable justification (adjust text to left margin only)
33 .ad l
34 .SH "NAME"
35 rndc\-confgen \- rndc key generation tool
36 .SH "SYNOPSIS"
37 .HP 13
38 \fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
39 .SH "DESCRIPTION"
40 .PP
41 \fBrndc\-confgen\fR
42 generates configuration files for
43 \fBrndc\fR. It can be used as a convenient alternative to writing the
44 \fIrndc.conf\fR
45 file and the corresponding
46 \fBcontrols\fR
47 and
48 \fBkey\fR
49 statements in
50 \fInamed.conf\fR
51 by hand. Alternatively, it can be run with the
52 \fB\-a\fR
53 option to set up a
54 \fIrndc.key\fR
55 file and avoid the need for a
56 \fIrndc.conf\fR
57 file and a
58 \fBcontrols\fR
59 statement altogether.
60 .SH "OPTIONS"
61 .PP
62 \-a
63 .RS 4
64 Do automatic
65 \fBrndc\fR
66 configuration. This creates a file
67 \fIrndc.key\fR
68 in
69 \fI/etc\fR
70 (or whatever
71 \fIsysconfdir\fR
72 was specified as when
73 BIND
74 was built) that is read by both
75 \fBrndc\fR
76 and
77 \fBnamed\fR
78 on startup. The
79 \fIrndc.key\fR
80 file defines a default command channel and authentication key allowing
81 \fBrndc\fR
82 to communicate with
83 \fBnamed\fR
84 on the local host with no further configuration.
85 .sp
86 Running
87 \fBrndc\-confgen \-a\fR
88 allows BIND 9 and
89 \fBrndc\fR
90 to be used as drop\-in replacements for BIND 8 and
91 \fBndc\fR, with no changes to the existing BIND 8
92 \fInamed.conf\fR
93 file.
94 .sp
95 If a more elaborate configuration than that generated by
96 \fBrndc\-confgen \-a\fR
97 is required, for example if rndc is to be used remotely, you should run
98 \fBrndc\-confgen\fR
99 without the
100 \fB\-a\fR
101 option and set up a
102 \fIrndc.conf\fR
103 and
104 \fInamed.conf\fR
105 as directed.
106 .RE
107 .PP
108 \-b \fIkeysize\fR
109 .RS 4
110 Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.
111 .RE
112 .PP
113 \-c \fIkeyfile\fR
114 .RS 4
115 Used with the
116 \fB\-a\fR
117 option to specify an alternate location for
118 \fIrndc.key\fR.
119 .RE
120 .PP
121 \-h
122 .RS 4
123 Prints a short summary of the options and arguments to
124 \fBrndc\-confgen\fR.
125 .RE
126 .PP
127 \-k \fIkeyname\fR
128 .RS 4
129 Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is
130 \fBrndc\-key\fR.
131 .RE
132 .PP
133 \-p \fIport\fR
134 .RS 4
135 Specifies the command channel port where
136 \fBnamed\fR
137 listens for connections from
138 \fBrndc\fR. The default is 953.
139 .RE
140 .PP
141 \-r \fIrandomfile\fR
142 .RS 4
143 Specifies a source of random data for generating the authorization. If the operating system does not provide a
144 \fI/dev/random\fR
145 or equivalent device, the default source of randomness is keyboard input.
146 \fIrandomdev\fR
147 specifies the name of a character device or file containing random data to be used instead of the default. The special value
148 \fIkeyboard\fR
149 indicates that keyboard input should be used.
150 .RE
151 .PP
152 \-s \fIaddress\fR
153 .RS 4
154 Specifies the IP address where
155 \fBnamed\fR
156 listens for command channel connections from
157 \fBrndc\fR. The default is the loopback address 127.0.0.1.
158 .RE
159 .PP
160 \-t \fIchrootdir\fR
161 .RS 4
162 Used with the
163 \fB\-a\fR
164 option to specify a directory where
165 \fBnamed\fR
166 will run chrooted. An additional copy of the
167 \fIrndc.key\fR
168 will be written relative to this directory so that it will be found by the chrooted
169 \fBnamed\fR.
170 .RE
171 .PP
172 \-u \fIuser\fR
173 .RS 4
174 Used with the
175 \fB\-a\fR
176 option to set the owner of the
177 \fIrndc.key\fR
178 file generated. If
179 \fB\-t\fR
180 is also specified only the file in the chroot area has its owner changed.
181 .RE
182 .SH "EXAMPLES"
183 .PP
184 To allow
185 \fBrndc\fR
186 to be used with no manual configuration, run
187 .PP
188 \fBrndc\-confgen \-a\fR
189 .PP
190 To print a sample
191 \fIrndc.conf\fR
192 file and corresponding
193 \fBcontrols\fR
194 and
195 \fBkey\fR
196 statements to be manually inserted into
197 \fInamed.conf\fR, run
198 .PP
199 \fBrndc\-confgen\fR
200 .SH "SEE ALSO"
201 .PP
202 \fBrndc\fR(8),
203 \fBrndc.conf\fR(5),
204 \fBnamed\fR(8),
205 BIND 9 Administrator Reference Manual.
206 .SH "AUTHOR"
207 .PP
208 Internet Systems Consortium
209 .SH "COPYRIGHT"
210 Copyright \(co 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
211 .br
212 Copyright \(co 2001, 2003 Internet Software Consortium.
213 .br