NAME
rndc-confgen - rndc key generation tool
SYNOPSIS
rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]
DESCRIPTION
rndc-confgen
generates configuration files for
rndc. It can be used as a convenient alternative to writing the
rndc.conf
file and the corresponding
controls
and
key
statements in
named.conf
by hand. Alternatively, it can be run with the
-a
option to set up a
rndc.key
file and avoid the need for a
rndc.conf
file and a
controls
statement altogether.
OPTIONS
-a
Do automatic
rndc
configuration. This creates a file
rndc.key
in
/etc
(or whatever
sysconfdir
was specified as when
BIND
was built) that is read by both
rndc
and
named
on startup. The
rndc.key
file defines a default command channel and authentication key allowing
rndc
to communicate with
named
on the local host with no further configuration.
Running
rndc-confgen -a
allows BIND 9 and
rndc
to be used as drop-in replacements for BIND 8 and
ndc, with no changes to the existing BIND 8
named.conf
file.
If a more elaborate configuration than that generated by
rndc-confgen -a
is required, for example if rndc is to be used remotely, you should run
rndc-confgen
without the
-a
option and set up a
rndc.conf
and
named.conf
as directed.
-b
keysize
Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.
-c
keyfile
Used with the
-a
option to specify an alternate location for
rndc.key.
-h
Prints a short summary of the options and arguments to
rndc-confgen.
-k
keyname
Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is
rndc-key.
-p
port
Specifies the command channel port where
named
listens for connections from
rndc. The default is 953.
-r
randomfile
Specifies a source of random data for generating the authorization. If the operating system does not provide a
/dev/random
or equivalent device, the default source of randomness is keyboard input.
randomdev
specifies the name of a character device or file containing random data to be used instead of the default. The special value
keyboard
indicates that keyboard input should be used.
-s
address
Specifies the IP address where
named
listens for command channel connections from
rndc. The default is the loopback address 127.0.0.1.
-t
chrootdir
Used with the
-a
option to specify a directory where
named
will run chrooted. An additional copy of the
rndc.key
will be written relative to this directory so that it will be found by the chrooted
named.
-u
user
Used with the
-a
option to set the owner of the
rndc.key
file generated. If
-t
is also specified only the file in the chroot area has its owner changed.
EXAMPLES
To allow
rndc
to be used with no manual configuration, run
rndc-confgen -a
To print a sample
rndc.conf
file and corresponding
controls
and
key
statements to be manually inserted into
named.conf, run
rndc-confgen
SEE ALSO
rndc(8),
rndc.conf(5),
named(8),
BIND 9 Administrator Reference Manual.
AUTHOR
Internet Systems Consortium
COPYRIGHT
Copyright 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
Copyright 2001, 2003 Internet Software Consortium.
