summaryrefslogtreecommitdiff
path: root/usr.sbin/bind/bin/rndc/rndc-confgen.html
blob: e839c4b0422f2bb60eb2326f8f62fb94acaa2f3d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
<!--
 - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
 - Copyright (C) 2001, 2003 Internet Software Consortium.
 - 
 - Permission to use, copy, modify, and distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 - 
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $ISC: rndc-confgen.html,v 1.3.2.5.2.13 2006/06/29 13:02:31 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc-confgen</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
<a name="id2482688"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">rndc-confgen</span> &#8212; rndc key generation tool</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code>  [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2549476"></a><h2>DESCRIPTION</h2>
<p>
        <span><strong class="command">rndc-confgen</strong></span> generates configuration files
	for <span><strong class="command">rndc</strong></span>.  It can be used as a
        convenient alternative to writing the
        <code class="filename">rndc.conf</code> file
        and the corresponding <span><strong class="command">controls</strong></span>
        and <span><strong class="command">key</strong></span>
	statements in <code class="filename">named.conf</code> by hand.
        Alternatively, it can be run with the <span><strong class="command">-a</strong></span>
        option to set up a <code class="filename">rndc.key</code> file and
        avoid the need for a <code class="filename">rndc.conf</code> file
        and a <span><strong class="command">controls</strong></span> statement altogether.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2549522"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
<p>
	      Do automatic <span><strong class="command">rndc</strong></span> configuration.
	      This creates a file <code class="filename">rndc.key</code>
	      in <code class="filename">/etc</code> (or whatever
              <code class="varname">sysconfdir</code>
	      was specified as when <acronym class="acronym">BIND</acronym> was built)
              that is read by both <span><strong class="command">rndc</strong></span>
              and <span><strong class="command">named</strong></span> on startup.  The
	      <code class="filename">rndc.key</code> file defines a default
              command channel and authentication key allowing
	      <span><strong class="command">rndc</strong></span> to communicate with
	      <span><strong class="command">named</strong></span> on the local host
	      with no further configuration.  
	  </p>
<p>
	      Running <span><strong class="command">rndc-confgen -a</strong></span> allows
	      BIND 9 and <span><strong class="command">rndc</strong></span> to be used as drop-in
	      replacements for BIND 8 and <span><strong class="command">ndc</strong></span>,
	      with no changes to the existing BIND 8
	      <code class="filename">named.conf</code> file.
	  </p>
<p>
	      If a more elaborate configuration than that
	      generated by <span><strong class="command">rndc-confgen -a</strong></span>
	      is required, for example if rndc is to be used remotely,
	      you should run <span><strong class="command">rndc-confgen</strong></span> without the
	      <span><strong class="command">-a</strong></span> option and set up a
	      <code class="filename">rndc.conf</code> and
	      <code class="filename">named.conf</code>
	      as directed.
          </p>
</dd>
<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
<dd><p>
	       Specifies the size of the authentication key in bits.
	       Must be between 1 and 512 bits; the default is 128.
	  </p></dd>
<dt><span class="term">-c <em class="replaceable"><code>keyfile</code></em></span></dt>
<dd><p>
	       Used with the <span><strong class="command">-a</strong></span> option to specify
	       an alternate location for <code class="filename">rndc.key</code>.
	  </p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
	       Prints a short summary of the options and arguments to
	       <span><strong class="command">rndc-confgen</strong></span>.
	  </p></dd>
<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
<dd><p>
	       Specifies the key name of the rndc authentication key.
	       This must be a valid domain name.
	       The default is <code class="constant">rndc-key</code>.
	  </p></dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
<dd><p>
	       Specifies the command channel port where <span><strong class="command">named</strong></span>
	       listens for connections from <span><strong class="command">rndc</strong></span>.
	       The default is 953.
	  </p></dd>
<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
<dd><p>
	       Specifies a source of random data for generating the
	       authorization.  If the operating
	       system does not provide a <code class="filename">/dev/random</code>
	       or equivalent device, the default source of randomness
	       is keyboard input.  <code class="filename">randomdev</code> specifies
	       the name of a character device or file containing random
	       data to be used instead of the default.  The special value
	       <code class="filename">keyboard</code> indicates that keyboard
	       input should be used.
	  </p></dd>
<dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
<dd><p>
	       Specifies the IP address where <span><strong class="command">named</strong></span>
	       listens for command channel connections from
	       <span><strong class="command">rndc</strong></span>.  The default is the loopback
	       address 127.0.0.1.
	  </p></dd>
<dt><span class="term">-t <em class="replaceable"><code>chrootdir</code></em></span></dt>
<dd><p>
	       Used with the <span><strong class="command">-a</strong></span> option to specify
	       a directory where <span><strong class="command">named</strong></span> will run
	       chrooted.  An additional copy of the <code class="filename">rndc.key</code>
	       will be written relative to this directory so that
	       it will be found by the chrooted <span><strong class="command">named</strong></span>.
	  </p></dd>
<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
<dd><p>
	       Used with the <span><strong class="command">-a</strong></span> option to set the owner
	       of the <code class="filename">rndc.key</code> file generated.  If
	       <span><strong class="command">-t</strong></span> is also specified only the file in
	       the chroot area has its owner changed.
	  </p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2549972"></a><h2>EXAMPLES</h2>
<p>
        To allow <span><strong class="command">rndc</strong></span> to be used with
	no manual configuration, run
    </p>
<p>
        <strong class="userinput"><code>rndc-confgen -a</code></strong>
    </p>
<p>
        To print a sample <code class="filename">rndc.conf</code> file and
	corresponding <span><strong class="command">controls</strong></span> and <span><strong class="command">key</strong></span>
	statements to be manually inserted into <code class="filename">named.conf</code>,
	run
    </p>
<p>
        <strong class="userinput"><code>rndc-confgen</code></strong>
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2550016"></a><h2>SEE ALSO</h2>
<p>
      <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2550058"></a><h2>AUTHOR</h2>
<p>
        <span class="corpauthor">Internet Systems Consortium</span>
    </p>
</div>
</div></body>
</html>