1RNDC-CONFGEN(8)                     BIND 9                     RNDC-CONFGEN(8)
2
3
4

NAME

6       rndc-confgen - rndc key generation tool
7

SYNOPSIS

9       rndc-confgen  [-a]  [-A  algorithm]  [-b keysize] [-c keyfile] [-h] [-k
10       keyname] [-p port] [-s address] [-t chrootdir] [-u user]
11

DESCRIPTION

13       rndc-confgen generates configuration files for rndc. It can be used  as
14       a  convenient  alternative to writing the rndc.conf file and the corre‐
15       sponding controls and key statements in named.conf  by  hand.  Alterna‐
16       tively,  it can be run with the -a option to set up a rndc.key file and
17       avoid the need for a rndc.conf file  and  a  controls  statement  alto‐
18       gether.
19

OPTIONS

21       -a     This  option  sets automatic rndc configuration, which creates a
22              file rndc.key in /etc (or a different sysconfdir specified  when
23              BIND  was built) that is read by both rndc and named on startup.
24              The rndc.key file defines a default command channel and  authen‐
25              tication  key allowing rndc to communicate with named on the lo‐
26              cal host with no further configuration.
27
28              If  a  more  elaborate  configuration  than  that  generated  by
29              rndc-confgen  -a  is required, for example if rndc is to be used
30              remotely, run rndc-confgen without the  -a  option  and  set  up
31              rndc.conf and named.conf as directed.
32
33       -A algorithm
34              This  option  specifies  the  algorithm to use for the TSIG key.
35              Available  choices  are:   hmac-md5,   hmac-sha1,   hmac-sha224,
36              hmac-sha256,   hmac-sha384,  and  hmac-sha512.  The  default  is
37              hmac-sha256.
38
39       -b keysize
40              This option specifies the size  of  the  authentication  key  in
41              bits.  The  size  must be between 1 and 512 bits; the default is
42              the hash size.
43
44       -c keyfile
45              This option is used with the -a option to specify  an  alternate
46              location for rndc.key.
47
48       -h     This  option prints a short summary of the options and arguments
49              to rndc-confgen.
50
51       -k keyname
52              This option specifies the key name of  the  rndc  authentication
53              key. This must be a valid domain name. The default is rndc-key.
54
55       -p port
56              This  option specifies the command channel port where named lis‐
57              tens for connections from rndc. The default is 953.
58
59       -s address
60              This option specifies the IP address  where  named  listens  for
61              command-channel  connections from rndc. The default is the loop‐
62              back address 127.0.0.1.
63
64       -t chrootdir
65              This option is used with the -a option to  specify  a  directory
66              where named runs chrooted. An additional copy of the rndc.key is
67              written relative to this directory, so that it is found  by  the
68              chrooted named.
69
70       -u user
71              This  option  is used with the -a option to set the owner of the
72              generated rndc.key file.  If -t is also specified, only the file
73              in the chroot area has its owner changed.
74

EXAMPLES

76       To allow rndc to be used with no manual configuration, run:
77
78       rndc-confgen -a
79
80       To print a sample rndc.conf file and the corresponding controls and key
81       statements to be manually inserted into named.conf, run:
82
83       rndc-confgen
84

SEE ALSO

86       rndc(8), rndc.conf(5), named(8), BIND 9 Administrator Reference Manual.
87

AUTHOR

89       Internet Systems Consortium
90

COPYRIGHT

92       2021, Internet Systems Consortium
93
94
95
96
979.16.16-RH                                                     RNDC-CONFGEN(8)