DDNS-CONFGEN(8) BIND 9 DDNS-CONFGEN(8)
NAME
ddns-confgen - ddns key generation tool
SYNOPSIS
tsig-keygen [-a algorithm] [-h] [-r randomfile] [name]
ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-r randomfile] [-s
name] [-z zone]
DESCRIPTION
tsig-keygen and ddns-confgen are invocation methods for a utility that
generates keys for use in TSIG signing. The resulting keys can be used,
for example, to secure dynamic DNS updates to a zone or for the rndc
command channel.
When run as tsig-keygen, a domain name can be specified on the command
line which will be used as the name of the generated key. If no name is
specified, the default is tsig-key.
When run as ddns-confgen, the generated key is accompanied by configu-
ration text and instructions that can be used with nsupdate and named
when setting up dynamic DNS, including an example update-policy state-
ment. (This usage similar to the rndc-confgen command for setting up
command channel security.)
Note that named itself can configure a local DDNS key for use with
nsupdate -l: it does this when a zone is configured with update-policy
local;. ddns-confgen is only needed when a more elaborate configuration
is required: for instance, if nsupdate is to be used from a remote sys-
tem.
OPTIONS
-a algorithm
Specifies the algorithm to use for the TSIG key. Available
choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
hmac-sha384 and hmac-sha512. The default is hmac-sha256. Options
are case-insensitive, and the "hmac-" prefix may be omitted.
-h Prints a short summary of options and arguments.
-k keyname
Specifies the key name of the DDNS authentication key. The de-
fault is ddns-key when neither the -s nor -z option is speci-
fied; otherwise, the default is ddns-key as a separate label
followed by the argument of the option, e.g., ddns-key.exam-
ple.com. The key name must have the format of a valid domain
name, consisting of letters, digits, hyphens and periods.
-q (ddns-confgen only.) Quiet mode: Print only the key, with no ex-
planatory text or usage examples; This is essentially identical
to tsig-keygen.
-s name
(ddns-confgen only.) Generate configuration example to allow dy-
namic updates of a single hostname. The example named.conf text
shows how to set an update policy for the specified name using
the "name" nametype. The default key name is ddns-key.name. Note
that the "self" nametype cannot be used, since the name to be
updated may differ from the key name. This option cannot be used
with the -z option.
-z zone
(ddns-confgen only.) Generate configuration example to allow dy-
namic updates of a zone: The example named.conf text shows how
to set an update policy for the specified zone using the "zone-
sub" nametype, allowing updates to all subdomain names within
that zone. This option cannot be used with the -s option.
SEE ALSO
nsupdate(1), named.conf(5), named(8), BIND 9 Administrator Reference
Manual.
AUTHOR
Internet Systems Consortium
COPYRIGHT
2020, Internet Systems Consortium
9.16.8-Debian 2020-10-13 DDNS-CONFGEN(8)