NAME

rndc-confgen - rndc key generation tool

SYNOPSIS

rrnnddcc--ccoonnffggeenn [--aa] [--bb _k_e_y_s_i_z_e] [--cc _k_e_y_f_i_l_e] [--hh] [--kk _k_e_y_n_a_m_e] [--pp _p_o_r_t] [--rr _r_a_n_d_o_m_f_i_l_e] [--ss _a_d_d_r_e_s_s] [--tt _c_h_r_o_o_t_d_i_r] [--uu _u_s_e_r]

DESCRIPTION

rrnnddcc--ccoonnffggeenn generates configuration files for rrnnddcc. It can be used as a convenient alternative to writing the _r_n_d_c_._c_o_n_f file and the corresponding ccoonnttrroollss and kkeeyy statements in _n_a_m_e_d_._c_o_n_f by hand. Alternatively, it can be run with the --aa option to set up a _r_n_d_c_._k_e_y file and avoid the need for a _r_n_d_c_._c_o_n_f file and a ccoonnttrroollss statement altogether.

OPTIONS

-a Do automatic rrnnddcc configuration. This creates a file _r_n_d_c_._k_e_y in _/_e_t_c (or whatever _s_y_s_c_o_n_f_d_i_r was specified as when BIND was built) that is read by both rrnnddcc and nnaammeedd on startup. The _r_n_d_c_._k_e_y file defines a default command channel and authentication key allowing rrnnddcc to communicate with nnaammeedd on the local host with no further configuration.

Running rrnnddcc--ccoonnffggeenn --aa allows BIND 9 and rrnnddcc to be used as drop-in replacements for BIND 8 and nnddcc, with no changes to the existing BIND 8 _n_a_m_e_d_._c_o_n_f file.

If a more elaborate configuration than that generated by rrnnddcc--ccoonnffggeenn --aa is required, for example if rndc is to be used remotely, you should run rrnnddcc--ccoonnffggeenn without the --aa option and set up a _r_n_d_c_._c_o_n_f and _n_a_m_e_d_._c_o_n_f as directed.

-b _k_e_y_s_i_z_e Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.

-c _k_e_y_f_i_l_e Used with the --aa option to specify an alternate location for _r_n_d_c_._k_e_y.

-h Prints a short summary of the options and arguments to rrnnddcc--ccoonnffggeenn.

-k _k_e_y_n_a_m_e Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is rrnnddcc--kkeeyy.

-p _p_o_r_t Specifies the command channel port where nnaammeedd listens for connections from rrnnddcc. The default is 953.

-r _r_a_n_d_o_m_f_i_l_e Specifies a source of random data for generating the authorization. If the operating system does not provide a _/_d_e_v_/_r_a_n_d_o_m or equivalent device, the default source of randomness is keyboard input. _r_a_n_d_o_m_d_e_v specifies the name of a character device or file containing random data to be used instead of the default. The special value _k_e_y_b_o_a_r_d indicates that keyboard input should be used.

-s _a_d_d_r_e_s_s Specifies the IP address where nnaammeedd listens for command channel connections from rrnnddcc. The default is the loopback address 127.0.0.1.

-t _c_h_r_o_o_t_d_i_r Used with the --aa option to specify a directory where nnaammeedd will run chrooted. An additional copy of the _r_n_d_c_._k_e_y will be written relative to this directory so that it will be found by the chrooted nnaammeedd.

-u _u_s_e_r Used with the --aa option to set the owner of the _r_n_d_c_._k_e_y file generated. If --tt is also specified only the file in the chroot area has its owner changed.

EXAMPLES

To allow rrnnddcc to be used with no manual configuration, run

rrnnddcc--ccoonnffggeenn --aa

To print a sample _r_n_d_c_._c_o_n_f file and corresponding ccoonnttrroollss and kkeeyy statements to be manually inserted into _n_a_m_e_d_._c_o_n_f, run

rrnnddcc--ccoonnffggeenn

SEE ALSO

rrnnddcc(8), rrnnddcc..ccoonnff(5), nnaammeedd(8), BIND 9 Administrator Reference Manual.

AUTHOR

Internet Systems Consortium

Copyright © 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
Copyright © 2001, 2003 Internet Software Consortium.