1RNDC-CONFGEN(8) BIND9 RNDC-CONFGEN(8)
2
6 rndc-confgen - rndc key generation tool
7
9 rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port]
10 [-r randomfile] [-s address] [-t chrootdir] [-u user]
11
13 rndc-confgen generates configuration files for rndc. It can be used as
14 a convenient alternative to writing the rndc.conf file and the
15 corresponding controls and key statements in named.conf by hand.
16 Alternatively, it can be run with the -a option to set up a rndc.key
17 file and avoid the need for a rndc.conf file and a controls statement
18 altogether.
19
21 -a
22 Do automatic rndc configuration. This creates a file rndc.key in
23 /etc (or whatever sysconfdir was specified as when BIND was built)
24 that is read by both rndc and named on startup. The rndc.key file
25 defines a default command channel and authentication key allowing
26 rndc to communicate with named on the local host with no further
27 configuration.
28 Running rndc-confgen -a allows BIND 9 and rndc to be used as
30 drop-in replacements for BIND 8 and ndc, with no changes to the
31 existing BIND 8 named.conf file.
32 If a more elaborate configuration than that generated by
34 rndc-confgen -a is required, for example if rndc is to be used
35 remotely, you should run rndc-confgen without the -a option and set
36 up a rndc.conf and named.conf as directed.
37 -b keysize
39 Specifies the size of the authentication key in bits. Must be
40 between 1 and 512 bits; the default is 128.
41 -c keyfile
43 Used with the -a option to specify an alternate location for
44 rndc.key.
45 -h
47 Prints a short summary of the options and arguments to
48 rndc-confgen.
49 -k keyname
51 Specifies the key name of the rndc authentication key. This must be
52 a valid domain name. The default is rndc-key.
53 -p port
55 Specifies the command channel port where named listens for
56 connections from rndc. The default is 953.
57 -r randomfile
59 Specifies a source of random data for generating the authorization.
60 If the operating system does not provide a /dev/random or
61 equivalent device, the default source of randomness is keyboard
62 input. randomdev specifies the name of a character device or file
63 containing random data to be used instead of the default. The
64 special value keyboard indicates that keyboard input should be
65 used.
66 -s address
68 Specifies the IP address where named listens for command channel
69 connections from rndc. The default is the loopback address
70 127.0.0.1.
71 -t chrootdir
73 Used with the -a option to specify a directory where named will run
74 chrooted. An additional copy of the rndc.key will be written
75 relative to this directory so that it will be found by the chrooted
76 named.
77 -u user
79 Used with the -a option to set the owner of the rndc.key file
80 generated. If -t is also specified only the file in the chroot area
81 has its owner changed.
82
84 To allow rndc to be used with no manual configuration, run
85 rndc-confgen -a
87 To print a sample rndc.conf file and corresponding controls and key
89 statements to be manually inserted into named.conf, run
90 rndc-confgen
92
94 rndc(8), rndc.conf(5), named(8), BIND 9 Administrator Reference Manual.
95
97 Internet Systems Consortium
98
100 Copyright © 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc.
101 ("ISC")
102 Copyright © 2001, 2003 Internet Software Consortium.
103BIND9 Aug 27, 2001 RNDC-CONFGEN(8)