NAME
rndc-confgen — rndc key generation tool
SYNOPSIS
rndc-confgen
[-a]
[-b
keysize]
[-c
keyfile]
[-h]
[-k
keyname]
[-p
port]
[-r
randomfile]
[-s
address]
[-t
chrootdir]
[-u
user]
DESCRIPTION
rndc-confgen
can be used to generate
rndc.conf,
the configuration file
for
rndc.
Alternatively, it can be run with the
-a
option to set up a
rndc.key
file and
avoid the need for a
rndc.conf
file
and a
controls
statement altogether.
Options
- -a
This option is used to configure
rndc
automatically. This
creates a file
rndc.key
in
/etc
(or whatever
sysconfdir
was specified when BIND was built)
that is read by both
rndc
and
named
on startup. The
rndc.key
file defines a default command channel and authentication key allowing
rndc
to communicate with
named
with no further configuration.
Running
rndc-confgen -a
allows
BIND 9 and
rndc
to be used as drop-in
replacements for BIND 8 and
ndc,
with no changes to the existing BIND 8
named.conf
file.
- -b keysize
This option is used to specify the size of the authentication key in bits.
The value must range between 1 and 512 bits. Default is 128 bits.
- -c keyfile
This option is used with the
-a
option to specify
an alternate location for
rndc.key.
- -h
This option is used to print a short summary of the options and arguments to
rndc-confgen.
- -k keyname
This option is used to specify the key name of the
rndc
authentication key. This must be a valid domain name. Default is
rndc-key.
- -p port
This option is used to specify the command channel port where
named
listens for connections from
rndc.
Default is 953.
- -r randomfile
This option is used to specify a source file of random data for generating the
authorization. If the operating
system does not provide a
/dev/random
or equivalent device, the default source of randomness
is keyboard input.
randomdev
specifies
the name of a character device or a file containing random
data to be used instead of the default. The special value
keyboard
indicates that keyboard
input needs to be used.
- -s address
This option is used to specify the IP address where
named
listens for command channel connections from
rndc.
Default is the loopback
address
127.0.0.1.
- -t chrootdir
This option is used with the
-a
option to specify
a directory where
named
will run
chrooted.
An additional copy of the
rndc.key
will be written relative to this directory so that
it will be found by the
chrooted
named.
- -u user
This option is used with the
-a
option to set the owner
of the
rndc.key
file generated. If
-t
is also specified, only the file in
the chroot area has its owner changed.
EXAMPLES
To allow
rndc
to be used with
no manual configuration, run:
To print a sample
rndc.conf
file and
corresponding
controls
and
key
statements to be manually inserted into
named.conf,
run:
AUTHOR
rndc-confgen
was developed by the Hewlett-Packard Company.