1RNDC-CONFGEN(8)                     BIND 9                     RNDC-CONFGEN(8)
2
3
4

NAME

6       rndc-confgen - rndc key generation tool
7

SYNOPSIS

9       rndc-confgen  [-a]  [-A  algorithm]  [-b keysize] [-c keyfile] [-h] [-k
10       keyname] [-p port] [-s address] [-t chrootdir] [-u user]
11

DESCRIPTION

13       rndc-confgen generates configuration files for rndc. It can be used  as
14       a  convenient  alternative to writing the rndc.conf file and the corre‐
15       sponding controls and key statements in named.conf  by  hand.  Alterna‐
16       tively,  it can be run with the -a option to set up a rndc.key file and
17       avoid the need for a rndc.conf file  and  a  controls  statement  alto‐
18       gether.
19

OPTIONS

21       -a     This  option  sets automatic rndc configuration, which creates a
22              file /etc/rndc.key that is  read  by  both  rndc  and  named  on
23              startup.   The  rndc.key  file defines a default command channel
24              and authentication key allowing rndc to communicate  with  named
25              on the local host with no further configuration.
26
27              If  a  more  elaborate  configuration  than  that  generated  by
28              rndc-confgen -a is required, for example if rndc is to  be  used
29              remotely,  run  rndc-confgen  without  the  -a option and set up
30              rndc.conf and named.conf as directed.
31
32       -A algorithm
33              This option specifies the algorithm to use  for  the  TSIG  key.
34              Available   choices   are:   hmac-md5,  hmac-sha1,  hmac-sha224,
35              hmac-sha256,  hmac-sha384,  and  hmac-sha512.  The  default   is
36              hmac-sha256.
37
38       -b keysize
39              This  option  specifies  the  size  of the authentication key in
40              bits. The size must be between 1 and 512 bits;  the  default  is
41              the hash size.
42
43       -c keyfile
44              This  option  is used with the -a option to specify an alternate
45              location for rndc.key.
46
47       -h     This option prints a short summary of the options and  arguments
48              to rndc-confgen.
49
50       -k keyname
51              This  option  specifies  the key name of the rndc authentication
52              key. This must be a valid domain name. The default is rndc-key.
53
54       -p port
55              This option specifies the command channel port where named  lis‐
56              tens for connections from rndc. The default is 953.
57
58       -q     This  option prevets printing the written path in automatic con‐
59              figuration mode.
60
61       -s address
62              This option specifies the IP address  where  named  listens  for
63              command-channel  connections from rndc. The default is the loop‐
64              back address 127.0.0.1.
65
66       -t chrootdir
67              This option is used with the -a option to  specify  a  directory
68              where named runs chrooted. An additional copy of the rndc.key is
69              written relative to this directory, so that it is found  by  the
70              chrooted named.
71
72       -u user
73              This  option  is used with the -a option to set the owner of the
74              generated rndc.key file.  If -t is also specified, only the file
75              in the chroot area has its owner changed.
76

EXAMPLES

78       To allow rndc to be used with no manual configuration, run:
79
80       rndc-confgen -a
81
82       To print a sample rndc.conf file and the corresponding controls and key
83       statements to be manually inserted into named.conf, run:
84
85       rndc-confgen
86

SEE ALSO

88       rndc(8), rndc.conf(5), named(8), BIND 9 Administrator Reference Manual.
89

AUTHOR

91       Internet Systems Consortium
92

COPYRIGHT

94       2023, Internet Systems Consortium
95
96
97
98
999.18.11                                                        RNDC-CONFGEN(8)