1rndc-confgen(1M) System Administration Commands rndc-confgen(1M)
2
6 rndc-confgen - rndc key generation tool
7
9 rndc-confgen [-ah] [-b keysize] [-c keyfile] [-k keyname]
10 [-p port] [-r randomfile] [-s address] [-t chrootdir]
11 [-u user]
12
15 The rndc-confgen utility generates configuration files for rndc(1M).
16 This utility can be used as a convenient alternative to writing by
17 hand the rndc.conf(4) file and the corresponding controls and key
18 statements in named.conf. It can also be run with the -a option to set
19 up a rndc.key file and avoid altogether the need for a rndc.conf file
20 and a controls statement.
21
23 The following options are supported:
24 -a Perform automatic rndc configuration. This option cre‐
26 ates a file rndc.key in /etc (or however sysconfdir
27 was specified when BIND was built) that is read by
28 both rndc and named(1M) on startup. The rndc.key file
29 defines a default command channel and authentication
30 key allowing rndc to communicate with named with no
31 further configuration. Running rndc-confgen with -a
32 specified allows BIND 9 and rndc to be used as drop-in
33 replacements for BIND 8 and ndc, with no changes to
34 the existing BIND 8 named.conf file.
35 -b keysize Specify the size of the authentication key in bits.
38 The keysize argument must be between 1 and 512 bits;
39 the default is 128.
40 -c keyfile Used with the -a option to specify an alternate loca‐
43 tion for rndc.key.
44 -h Print a short summary of the options and arguments to
47 rndc-confgen.
48 -k keyname Specify the key name of the rndc authentication key.
51 The keyname argument must be a valid domain name. The
52 default is rndc-key.
53 -p port Specify the command channel port where named listens
56 for connections from rndc. The default is 953.
57 -r randomfile Specify a source of random data for generating the
60 authorization. By default, /dev/random is used. The
61 randomdev argument specifies the name of a character
62 device or file containing random data to be used
63 instead of the default. The special value keyboard
64 indicates that keyboard input should be used.
65 -s address Specify the IP address where named listens for command
68 channel connections from rndc. The default is the
69 loopback address 127.0.0.1.
70 -t chrootdir Used with the -a option to specify a directory where
73 named will run after the root directory is changed
74 with chroot(1M). An additional copy of the rndc.key
75 will be written relative to this directory so that it
76 will be found by the named in the new directory.
77 -u user Used with the -a option to set the owner of the
80 rndc.key file generated. If -t is also specified only
81 the file in the chroot area has its owner changed.
82
85 Example 1 Create Automatic rndc Configuration
86 The following command creates an automatic rndc configuration, so that
89 rndc can be used immediately.
90 # rndc-confgen -a
93 Example 2 Print a Sample rndc.conf File
97 The following command prints a sample rndc.conf file with corresponding
100 controls and key statements. These statements can subsequently be manu‐
101 ally inserted in the file named.conf.
102 # rndc-confgen
105
109 See attributes(5) for descriptions of the following attributes:
110 ┌─────────────────────────────┬─────────────────────────────┐
115 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
116 ├─────────────────────────────┼─────────────────────────────┤
117 │Availability │SUNWbind │
118 ├─────────────────────────────┼─────────────────────────────┤
119 │Interface Stability │External │
120 └─────────────────────────────┴─────────────────────────────┘
121
123 chroot(1M), named(1M), rndc(1M), rndc.conf(4), attributes(5)
124 BIND 9 Administrator Reference Manual, available at the ISC web site
127SunOS 5.11 24 Dec 2008 rndc-confgen(1M)