rndc-confgen — rndc key generation tool
rndc-confgen [-a] [-b ] [keysize-c ] [keyfile-h] [-k ] [keyname-p ] [port-r ] [randomfile-s ] [address-t ] [chrootdir-u ]user
rndc-confgen
generates configuration files
for rndc. It can be used as a
convenient alternative to writing the
rndc.conf file
and the corresponding controls
and key
statements in named.conf by hand.
Alternatively, it can be run with the -a
option to set up a rndc.key file and
avoid the need for a rndc.conf file
and a controls statement altogether.
Do automatic rndc configuration.
This creates a file rndc.key
in /etc (or whatever
sysconfdir
was specified as when BIND was
built)
that is read by both rndc
and named on startup. The
rndc.key file defines a default
command channel and authentication key allowing
rndc to communicate with
named on the local host
with no further configuration.
Running rndc-confgen -a allows
BIND 9 and rndc to be used as
drop-in
replacements for BIND 8 and ndc,
with no changes to the existing BIND 8
named.conf file.
If a more elaborate configuration than that
generated by rndc-confgen -a
is required, for example if rndc is to be used remotely,
you should run rndc-confgen without
the
-a option and set up a
rndc.conf and
named.conf
as directed.
keysizeSpecifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.
keyfile
Used with the -a option to specify
an alternate location for rndc.key.
Prints a short summary of the options and arguments to rndc-confgen.
keyname
Specifies the key name of the rndc authentication key.
This must be a valid domain name.
The default is rndc-key.
portSpecifies the command channel port where named listens for connections from rndc. The default is 953.
randomfile
Specifies a source of random data for generating the
authorization. If the operating
system does not provide a /dev/random
or equivalent device, the default source of randomness
is keyboard input. randomdev
specifies
the name of a character device or file containing random
data to be used instead of the default. The special value
keyboard indicates that keyboard
input should be used.
addressSpecifies the IP address where named listens for command channel connections from rndc. The default is the loopback address 127.0.0.1.
chrootdir
Used with the -a option to specify
a directory where named will run
chrooted. An additional copy of the rndc.key
will be written relative to this directory so that
it will be found by the chrooted named.
user
Used with the -a option to set the
owner
of the rndc.key file generated.
If
-t is also specified only the file
in
the chroot area has its owner changed.
rndc-confgen — rndc key generation tool
rndc-confgen [-a] [-b ] [keysize-c ] [keyfile-h] [-k ] [keyname-p ] [port-r ] [randomfile-s ] [address-t ] [chrootdir-u ]user
rndc-confgen
generates configuration files
for rndc. It can be used as a
convenient alternative to writing the
rndc.conf file
and the corresponding controls
and key
statements in named.conf by hand.
Alternatively, it can be run with the -a
option to set up a rndc.key file and
avoid the need for a rndc.conf file
and a controls statement altogether.
Do automatic rndc configuration.
This creates a file rndc.key
in /etc (or whatever
sysconfdir
was specified as when BIND was
built)
that is read by both rndc
and named on startup. The
rndc.key file defines a default
command channel and authentication key allowing
rndc to communicate with
named on the local host
with no further configuration.
Running rndc-confgen -a allows
BIND 9 and rndc to be used as
drop-in
replacements for BIND 8 and ndc,
with no changes to the existing BIND 8
named.conf file.
If a more elaborate configuration than that
generated by rndc-confgen -a
is required, for example if rndc is to be used remotely,
you should run rndc-confgen without
the
-a option and set up a
rndc.conf and
named.conf
as directed.
keysizeSpecifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.
keyfile
Used with the -a option to specify
an alternate location for rndc.key.
Prints a short summary of the options and arguments to rndc-confgen.
keyname
Specifies the key name of the rndc authentication key.
This must be a valid domain name.
The default is rndc-key.
portSpecifies the command channel port where named listens for connections from rndc. The default is 953.
randomfile
Specifies a source of random data for generating the
authorization. If the operating
system does not provide a /dev/random
or equivalent device, the default source of randomness
is keyboard input. randomdev
specifies
the name of a character device or file containing random
data to be used instead of the default. The special value
keyboard indicates that keyboard
input should be used.
addressSpecifies the IP address where named listens for command channel connections from rndc. The default is the loopback address 127.0.0.1.
chrootdir
Used with the -a option to specify
a directory where named will run
chrooted. An additional copy of the rndc.key
will be written relative to this directory so that
it will be found by the chrooted named.
user
Used with the -a option to set the
owner
of the rndc.key file generated.
If
-t is also specified only the file
in
the chroot area has its owner changed.