1RNDC-CONFGEN(8) BIND9 RNDC-CONFGEN(8)
2
3
4
6 rndc-confgen - rndc key generation tool
7
9 rndc-confgen [-a] [-A algorithm] [-b keysize] [-c keyfile] [-h]
10 [-k keyname] [-p port] [-r randomfile] [-s address]
11 [-t chrootdir] [-u user]
12
14 rndc-confgen generates configuration files for rndc. It can be used as
15 a convenient alternative to writing the rndc.conf file and the
16 corresponding controls and key statements in named.conf by hand.
17 Alternatively, it can be run with the -a option to set up a rndc.key
18 file and avoid the need for a rndc.conf file and a controls statement
19 altogether.
20
22 -a
23 Do automatic rndc configuration. This creates a file rndc.key in
24 /etc (or whatever sysconfdir was specified as when BIND was built)
25 that is read by both rndc and named on startup. The rndc.key file
26 defines a default command channel and authentication key allowing
27 rndc to communicate with named on the local host with no further
28 configuration.
29
30 Running rndc-confgen -a allows BIND 9 and rndc to be used as
31 drop-in replacements for BIND 8 and ndc, with no changes to the
32 existing BIND 8 named.conf file.
33
34 If a more elaborate configuration than that generated by
35 rndc-confgen -a is required, for example if rndc is to be used
36 remotely, you should run rndc-confgen without the -a option and set
37 up a rndc.conf and named.conf as directed.
38
39 -A algorithm
40 Specifies the algorithm to use for the TSIG key. Available choices
41 are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and
42 hmac-sha512. The default is hmac-md5 or if MD5 was disabled
43 hmac-sha256.
44
45 -b keysize
46 Specifies the size of the authentication key in bits. Must be
47 between 1 and 512 bits; the default is the hash size.
48
49 -c keyfile
50 Used with the -a option to specify an alternate location for
51 rndc.key.
52
53 -h
54 Prints a short summary of the options and arguments to
55 rndc-confgen.
56
57 -k keyname
58 Specifies the key name of the rndc authentication key. This must be
59 a valid domain name. The default is rndc-key.
60
61 -p port
62 Specifies the command channel port where named listens for
63 connections from rndc. The default is 953.
64
65 -r randomfile
66 Specifies a source of random data for generating the authorization.
67 If the operating system does not provide a /dev/random or
68 equivalent device, the default source of randomness is keyboard
69 input. randomdev specifies the name of a character device or file
70 containing random data to be used instead of the default. The
71 special value keyboard indicates that keyboard input should be
72 used.
73
74 -s address
75 Specifies the IP address where named listens for command channel
76 connections from rndc. The default is the loopback address
77 127.0.0.1.
78
79 -t chrootdir
80 Used with the -a option to specify a directory where named will run
81 chrooted. An additional copy of the rndc.key will be written
82 relative to this directory so that it will be found by the chrooted
83 named.
84
85 -u user
86 Used with the -a option to set the owner of the rndc.key file
87 generated. If -t is also specified only the file in the chroot area
88 has its owner changed.
89
91 To allow rndc to be used with no manual configuration, run
92
93 rndc-confgen -a
94
95 To print a sample rndc.conf file and corresponding controls and key
96 statements to be manually inserted into named.conf, run
97
98 rndc-confgen
99
101 rndc(8), rndc.conf(5), named(8), BIND 9 Administrator Reference Manual.
102
104 Internet Systems Consortium, Inc.
105
107 Copyright © 2001, 2003-2005, 2007, 2009, 2013-2016, 2018, 2019 Internet
108 Systems Consortium, Inc. ("ISC")
109
110
111
112ISC 2013-03-14 RNDC-CONFGEN(8)