1RNDC-CONFGEN(8) BIND 9 RNDC-CONFGEN(8)
2
3
4
6 rndc-confgen - rndc key generation tool
7
9 rndc-confgen [-a] [-A algorithm] [-b keysize] [-c keyfile] [-h] [-k
10 keyname] [-p port] [-s address] [-t chrootdir] [-u user]
11
13 rndc-confgen generates configuration files for rndc. It can be used as
14 a convenient alternative to writing the rndc.conf file and the corre‐
15 sponding controls and key statements in named.conf by hand. Alterna‐
16 tively, it can be run with the -a option to set up a rndc.key file and
17 avoid the need for a rndc.conf file and a controls statement alto‐
18 gether.
19
21 -a This option sets automatic rndc configuration, which creates a
22 file rndc.key in /etc (or a different sysconfdir specified when
23 BIND was built) that is read by both rndc and named on startup.
24 The rndc.key file defines a default command channel and authen‐
25 tication key allowing rndc to communicate with named on the lo‐
26 cal host with no further configuration.
27
28 If a more elaborate configuration than that generated by
29 rndc-confgen -a is required, for example if rndc is to be used
30 remotely, run rndc-confgen without the -a option and set up
31 rndc.conf and named.conf as directed.
32
33 -A algorithm
34 This option specifies the algorithm to use for the TSIG key.
35 Available choices are: hmac-md5, hmac-sha1, hmac-sha224,
36 hmac-sha256, hmac-sha384, and hmac-sha512. The default is
37 hmac-sha256.
38
39 -b keysize
40 This option specifies the size of the authentication key in
41 bits. The size must be between 1 and 512 bits; the default is
42 the hash size.
43
44 -c keyfile
45 This option is used with the -a option to specify an alternate
46 location for rndc.key.
47
48 -h This option prints a short summary of the options and arguments
49 to rndc-confgen.
50
51 -k keyname
52 This option specifies the key name of the rndc authentication
53 key. This must be a valid domain name. The default is rndc-key.
54
55 -p port
56 This option specifies the command channel port where named lis‐
57 tens for connections from rndc. The default is 953.
58
59 -s address
60 This option specifies the IP address where named listens for
61 command-channel connections from rndc. The default is the loop‐
62 back address 127.0.0.1.
63
64 -t chrootdir
65 This option is used with the -a option to specify a directory
66 where named runs chrooted. An additional copy of the rndc.key is
67 written relative to this directory, so that it is found by the
68 chrooted named.
69
70 -u user
71 This option is used with the -a option to set the owner of the
72 generated rndc.key file. If -t is also specified, only the file
73 in the chroot area has its owner changed.
74
76 To allow rndc to be used with no manual configuration, run:
77
78 rndc-confgen -a
79
80 To print a sample rndc.conf file and the corresponding controls and key
81 statements to be manually inserted into named.conf, run:
82
83 rndc-confgen
84
86 rndc(8), rndc.conf(5), named(8), BIND 9 Administrator Reference Manual.
87
89 Internet Systems Consortium
90
92 2021, Internet Systems Consortium
93
94
95
96
979.16.23-RH RNDC-CONFGEN(8)