RNDC-CONFGEN(8)



RNDC-CONFGEN(8)                     BIND 9                     RNDC-CONFGEN(8)

NAME
       rndc-confgen - rndc key generation tool

SYNOPSIS
       rndc-confgen  [-a]  [-A  algorithm]  [-b keysize] [-c keyfile] [-h] [-k
       keyname] [-p port] [-s address] [-t chrootdir] [-u user]

DESCRIPTION
       rndc-confgen generates configuration files for rndc. It can be used  as
       a  convenient  alternative to writing the rndc.conf file and the corre-
       sponding controls and key statements in named.conf  by  hand.  Alterna-
       tively,  it can be run with the -a option to set up a rndc.key file and
       avoid the need for a rndc.conf file  and  a  controls  statement  alto-
       gether.

ARGUMENTS
       -a     Do automatic rndc configuration. This creates a file rndc.key in
              /etc (or whatever sysconfdir was  specified  as  when  BIND  was
              built)  that  is  read  by  both rndc and named on startup.  The
              rndc.key file defines a default command channel and  authentica-
              tion  key  allowing  rndc to communicate with named on the local
              host with no further configuration.

              Running rndc-confgen -a allows BIND 9 and rndc  to  be  used  as
              drop-in  replacements for BIND 8 and ndc, with no changes to the
              existing BIND 8 named.conf file.

              If  a  more  elaborate  configuration  than  that  generated  by
              rndc-confgen  -a  is required, for example if rndc is to be used
              remotely, you should run rndc-confgen without the -a option  and
              set up a rndc.conf and named.conf as directed.

       -A algorithm
              Specifies  the  algorithm  to  use  for  the TSIG key. Available
              choices  are:  hmac-md5,  hmac-sha1,  hmac-sha224,  hmac-sha256,
              hmac-sha384 and hmac-sha512. The default is hmac-sha256.

       -b keysize
              Specifies  the  size  of the authentication key in bits. Must be
              between 1 and 512 bits; the default is the hash size.

       -c keyfile
              Used with the -a option to specify  an  alternate  location  for
              rndc.key.

       -h     Prints a short summary of the options and arguments to rndc-con-
              fgen.

       -k keyname
              Specifies the key name of the rndc authentication key. This must
              be a valid domain name. The default is rndc-key.

       -p port
              Specifies  the command channel port where named listens for con-
              nections from rndc. The default is 953.

       -s address
              Specifies the IP address where named listens for command channel
              connections  from  rndc.  The  default  is  the loopback address
              127.0.0.1.

       -t chrootdir
              Used with the -a option to specify a directory where named  will
              run chrooted. An additional copy of the rndc.key will be written
              relative to this directory so that it will be found by  the  ch-
              rooted named.

       -u user
              Used  with  the  -a option to set the owner of the rndc.key file
              generated. If -t is also specified only the file in  the  chroot
              area has its owner changed.

EXAMPLES
       To allow rndc to be used with no manual configuration, run

       rndc-confgen -a

       To  print  a  sample  rndc.conf file and corresponding controls and key
       statements to be manually inserted into named.conf, run

       rndc-confgen

SEE ALSO
       rndc(8), rndc.conf(5), named(8), BIND 9 Administrator Reference Manual.

AUTHOR
       Internet Systems Consortium

COPYRIGHT
       2020, Internet Systems Consortium

9.16.8-Debian                     2020-10-13                   RNDC-CONFGEN(8)

Man(1) output converted with man2html
list of all man pages