2 - Copyright (C) 2004, 2005, 2007, 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
3 - Copyright (C) 2001, 2003 Internet Software Consortium.
5 - Permission to use, copy, modify, and/or distribute this software for any
6 - purpose with or without fee is hereby granted, provided that the above
7 - copyright notice and this permission notice appear in all copies.
9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 - PERFORMANCE OF THIS SOFTWARE.
18 <!-- Converted by db4-upgrade version 1.0 -->
19 <refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc-confgen">
21 <date>2009-06-15</date>
24 <corpname>ISC</corpname>
25 <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
29 <refentrytitle><application>rndc-confgen</application></refentrytitle>
30 <manvolnum>8</manvolnum>
31 <refmiscinfo>BIND9</refmiscinfo>
35 <refname><application>rndc-confgen</application></refname>
36 <refpurpose>rndc key generation tool</refpurpose>
47 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
52 <holder>Internet Software Consortium.</holder>
57 <cmdsynopsis sepchar=" ">
58 <command>rndc-confgen</command>
59 <arg choice="opt" rep="norepeat"><option>-a</option></arg>
60 <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
61 <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg>
62 <arg choice="opt" rep="norepeat"><option>-h</option></arg>
63 <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
64 <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
65 <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
66 <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">address</replaceable></option></arg>
67 <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
68 <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
72 <refsection><info><title>DESCRIPTION</title></info>
74 <para><command>rndc-confgen</command>
75 generates configuration files
76 for <command>rndc</command>. It can be used as a
77 convenient alternative to writing the
78 <filename>rndc.conf</filename> file
79 and the corresponding <command>controls</command>
80 and <command>key</command>
81 statements in <filename>named.conf</filename> by hand.
82 Alternatively, it can be run with the <command>-a</command>
83 option to set up a <filename>rndc.key</filename> file and
84 avoid the need for a <filename>rndc.conf</filename> file
85 and a <command>controls</command> statement altogether.
90 <refsection><info><title>OPTIONS</title></info>
98 Do automatic <command>rndc</command> configuration.
99 This creates a file <filename>rndc.key</filename>
100 in <filename>/etc</filename> (or whatever
101 <varname>sysconfdir</varname>
102 was specified as when <acronym>BIND</acronym> was
104 that is read by both <command>rndc</command>
105 and <command>named</command> on startup. The
106 <filename>rndc.key</filename> file defines a default
107 command channel and authentication key allowing
108 <command>rndc</command> to communicate with
109 <command>named</command> on the local host
110 with no further configuration.
113 Running <command>rndc-confgen -a</command> allows
114 BIND 9 and <command>rndc</command> to be used as
116 replacements for BIND 8 and <command>ndc</command>,
117 with no changes to the existing BIND 8
118 <filename>named.conf</filename> file.
121 If a more elaborate configuration than that
122 generated by <command>rndc-confgen -a</command>
123 is required, for example if rndc is to be used remotely,
124 you should run <command>rndc-confgen</command> without
126 <command>-a</command> option and set up a
127 <filename>rndc.conf</filename> and
128 <filename>named.conf</filename>
135 <term>-b <replaceable class="parameter">keysize</replaceable></term>
138 Specifies the size of the authentication key in bits.
139 Must be between 1 and 512 bits; the default is 128.
145 <term>-c <replaceable class="parameter">keyfile</replaceable></term>
148 Used with the <command>-a</command> option to specify
149 an alternate location for <filename>rndc.key</filename>.
158 Prints a short summary of the options and arguments to
159 <command>rndc-confgen</command>.
165 <term>-k <replaceable class="parameter">keyname</replaceable></term>
168 Specifies the key name of the rndc authentication key.
169 This must be a valid domain name.
170 The default is <constant>rndc-key</constant>.
176 <term>-p <replaceable class="parameter">port</replaceable></term>
179 Specifies the command channel port where <command>named</command>
180 listens for connections from <command>rndc</command>.
187 <term>-r <replaceable class="parameter">randomfile</replaceable></term>
190 Specifies a source of random data for generating the
191 authorization. If the operating
192 system does not provide a <filename>/dev/random</filename>
193 or equivalent device, the default source of randomness
194 is keyboard input. <filename>randomdev</filename>
196 the name of a character device or file containing random
197 data to be used instead of the default. The special value
198 <filename>keyboard</filename> indicates that keyboard
199 input should be used.
205 <term>-s <replaceable class="parameter">address</replaceable></term>
208 Specifies the IP address where <command>named</command>
209 listens for command channel connections from
210 <command>rndc</command>. The default is the loopback
217 <term>-t <replaceable class="parameter">chrootdir</replaceable></term>
220 Used with the <command>-a</command> option to specify
221 a directory where <command>named</command> will run
222 chrooted. An additional copy of the <filename>rndc.key</filename>
223 will be written relative to this directory so that
224 it will be found by the chrooted <command>named</command>.
230 <term>-u <replaceable class="parameter">user</replaceable></term>
233 Used with the <command>-a</command> option to set the
235 of the <filename>rndc.key</filename> file generated.
237 <command>-t</command> is also specified only the file
239 the chroot area has its owner changed.
247 <refsection><info><title>EXAMPLES</title></info>
250 To allow <command>rndc</command> to be used with
251 no manual configuration, run
253 <para><userinput>rndc-confgen -a</userinput>
256 To print a sample <filename>rndc.conf</filename> file and
257 corresponding <command>controls</command> and <command>key</command>
258 statements to be manually inserted into <filename>named.conf</filename>,
261 <para><userinput>rndc-confgen</userinput>
265 <refsection><info><title>SEE ALSO</title></info>
268 <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
271 <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
274 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
276 <citetitle>BIND 9 Administrator Reference Manual</citetitle>.