1224090Sdougb<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 2224090Sdougb "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 3224090Sdougb [<!ENTITY mdash "—">]> 4224090Sdougb<!-- 5224090Sdougb - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") 6224090Sdougb - Copyright (C) 2001, 2003 Internet Software Consortium. 7224090Sdougb - 8224090Sdougb - Permission to use, copy, modify, and/or distribute this software for any 9224090Sdougb - purpose with or without fee is hereby granted, provided that the above 10224090Sdougb - copyright notice and this permission notice appear in all copies. 11224090Sdougb - 12224090Sdougb - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 13224090Sdougb - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 14224090Sdougb - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 15224090Sdougb - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 16224090Sdougb - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 17224090Sdougb - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 18224090Sdougb - PERFORMANCE OF THIS SOFTWARE. 19224090Sdougb--> 20224090Sdougb 21234010Sdougb<!-- $Id: rndc-confgen.docbook,v 1.4 2009/06/15 23:47:59 tbox Exp $ --> 22224090Sdougb<refentry id="man.rndc-confgen"> 23224090Sdougb <refentryinfo> 24224090Sdougb <date>Aug 27, 2001</date> 25224090Sdougb </refentryinfo> 26224090Sdougb 27224090Sdougb <refmeta> 28224090Sdougb <refentrytitle><application>rndc-confgen</application></refentrytitle> 29224090Sdougb <manvolnum>8</manvolnum> 30224090Sdougb <refmiscinfo>BIND9</refmiscinfo> 31224090Sdougb </refmeta> 32224090Sdougb 33224090Sdougb <refnamediv> 34224090Sdougb <refname><application>rndc-confgen</application></refname> 35224090Sdougb <refpurpose>rndc key generation tool</refpurpose> 36224090Sdougb </refnamediv> 37224090Sdougb 38224090Sdougb <docinfo> 39224090Sdougb <copyright> 40224090Sdougb <year>2004</year> 41224090Sdougb <year>2005</year> 42224090Sdougb <year>2007</year> 43224090Sdougb <year>2009</year> 44224090Sdougb <holder>Internet Systems Consortium, Inc. ("ISC")</holder> 45224090Sdougb </copyright> 46224090Sdougb <copyright> 47224090Sdougb <year>2001</year> 48224090Sdougb <year>2003</year> 49224090Sdougb <holder>Internet Software Consortium.</holder> 50224090Sdougb </copyright> 51224090Sdougb </docinfo> 52224090Sdougb 53224090Sdougb <refsynopsisdiv> 54224090Sdougb <cmdsynopsis> 55224090Sdougb <command>rndc-confgen</command> 56224090Sdougb <arg><option>-a</option></arg> 57224090Sdougb <arg><option>-b <replaceable class="parameter">keysize</replaceable></option></arg> 58224090Sdougb <arg><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg> 59224090Sdougb <arg><option>-h</option></arg> 60224090Sdougb <arg><option>-k <replaceable class="parameter">keyname</replaceable></option></arg> 61224090Sdougb <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg> 62224090Sdougb <arg><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg> 63224090Sdougb <arg><option>-s <replaceable class="parameter">address</replaceable></option></arg> 64224090Sdougb <arg><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg> 65224090Sdougb <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg> 66224090Sdougb </cmdsynopsis> 67224090Sdougb </refsynopsisdiv> 68224090Sdougb 69224090Sdougb <refsect1> 70224090Sdougb <title>DESCRIPTION</title> 71224090Sdougb <para><command>rndc-confgen</command> 72224090Sdougb generates configuration files 73224090Sdougb for <command>rndc</command>. It can be used as a 74224090Sdougb convenient alternative to writing the 75224090Sdougb <filename>rndc.conf</filename> file 76224090Sdougb and the corresponding <command>controls</command> 77224090Sdougb and <command>key</command> 78224090Sdougb statements in <filename>named.conf</filename> by hand. 79224090Sdougb Alternatively, it can be run with the <command>-a</command> 80224090Sdougb option to set up a <filename>rndc.key</filename> file and 81224090Sdougb avoid the need for a <filename>rndc.conf</filename> file 82224090Sdougb and a <command>controls</command> statement altogether. 83224090Sdougb </para> 84224090Sdougb 85224090Sdougb </refsect1> 86224090Sdougb 87224090Sdougb <refsect1> 88224090Sdougb <title>OPTIONS</title> 89224090Sdougb 90224090Sdougb <variablelist> 91224090Sdougb <varlistentry> 92224090Sdougb <term>-a</term> 93224090Sdougb <listitem> 94224090Sdougb <para> 95224090Sdougb Do automatic <command>rndc</command> configuration. 96224090Sdougb This creates a file <filename>rndc.key</filename> 97224090Sdougb in <filename>/etc</filename> (or whatever 98224090Sdougb <varname>sysconfdir</varname> 99224090Sdougb was specified as when <acronym>BIND</acronym> was 100224090Sdougb built) 101224090Sdougb that is read by both <command>rndc</command> 102224090Sdougb and <command>named</command> on startup. The 103224090Sdougb <filename>rndc.key</filename> file defines a default 104224090Sdougb command channel and authentication key allowing 105224090Sdougb <command>rndc</command> to communicate with 106224090Sdougb <command>named</command> on the local host 107224090Sdougb with no further configuration. 108224090Sdougb </para> 109224090Sdougb <para> 110224090Sdougb Running <command>rndc-confgen -a</command> allows 111224090Sdougb BIND 9 and <command>rndc</command> to be used as 112224090Sdougb drop-in 113224090Sdougb replacements for BIND 8 and <command>ndc</command>, 114224090Sdougb with no changes to the existing BIND 8 115224090Sdougb <filename>named.conf</filename> file. 116224090Sdougb </para> 117224090Sdougb <para> 118224090Sdougb If a more elaborate configuration than that 119224090Sdougb generated by <command>rndc-confgen -a</command> 120224090Sdougb is required, for example if rndc is to be used remotely, 121224090Sdougb you should run <command>rndc-confgen</command> without 122224090Sdougb the 123224090Sdougb <command>-a</command> option and set up a 124224090Sdougb <filename>rndc.conf</filename> and 125224090Sdougb <filename>named.conf</filename> 126224090Sdougb as directed. 127224090Sdougb </para> 128224090Sdougb </listitem> 129224090Sdougb </varlistentry> 130224090Sdougb 131224090Sdougb <varlistentry> 132224090Sdougb <term>-b <replaceable class="parameter">keysize</replaceable></term> 133224090Sdougb <listitem> 134224090Sdougb <para> 135224090Sdougb Specifies the size of the authentication key in bits. 136224090Sdougb Must be between 1 and 512 bits; the default is 128. 137224090Sdougb </para> 138224090Sdougb </listitem> 139224090Sdougb </varlistentry> 140224090Sdougb 141224090Sdougb <varlistentry> 142224090Sdougb <term>-c <replaceable class="parameter">keyfile</replaceable></term> 143224090Sdougb <listitem> 144224090Sdougb <para> 145224090Sdougb Used with the <command>-a</command> option to specify 146224090Sdougb an alternate location for <filename>rndc.key</filename>. 147224090Sdougb </para> 148224090Sdougb </listitem> 149224090Sdougb </varlistentry> 150224090Sdougb 151224090Sdougb <varlistentry> 152224090Sdougb <term>-h</term> 153224090Sdougb <listitem> 154224090Sdougb <para> 155224090Sdougb Prints a short summary of the options and arguments to 156224090Sdougb <command>rndc-confgen</command>. 157224090Sdougb </para> 158224090Sdougb </listitem> 159224090Sdougb </varlistentry> 160224090Sdougb 161224090Sdougb <varlistentry> 162224090Sdougb <term>-k <replaceable class="parameter">keyname</replaceable></term> 163224090Sdougb <listitem> 164224090Sdougb <para> 165224090Sdougb Specifies the key name of the rndc authentication key. 166224090Sdougb This must be a valid domain name. 167224090Sdougb The default is <constant>rndc-key</constant>. 168224090Sdougb </para> 169224090Sdougb </listitem> 170224090Sdougb </varlistentry> 171224090Sdougb 172224090Sdougb <varlistentry> 173224090Sdougb <term>-p <replaceable class="parameter">port</replaceable></term> 174224090Sdougb <listitem> 175224090Sdougb <para> 176224090Sdougb Specifies the command channel port where <command>named</command> 177224090Sdougb listens for connections from <command>rndc</command>. 178224090Sdougb The default is 953. 179224090Sdougb </para> 180224090Sdougb </listitem> 181224090Sdougb </varlistentry> 182224090Sdougb 183224090Sdougb <varlistentry> 184224090Sdougb <term>-r <replaceable class="parameter">randomfile</replaceable></term> 185224090Sdougb <listitem> 186224090Sdougb <para> 187224090Sdougb Specifies a source of random data for generating the 188224090Sdougb authorization. If the operating 189224090Sdougb system does not provide a <filename>/dev/random</filename> 190224090Sdougb or equivalent device, the default source of randomness 191224090Sdougb is keyboard input. <filename>randomdev</filename> 192224090Sdougb specifies 193224090Sdougb the name of a character device or file containing random 194224090Sdougb data to be used instead of the default. The special value 195224090Sdougb <filename>keyboard</filename> indicates that keyboard 196224090Sdougb input should be used. 197224090Sdougb </para> 198224090Sdougb </listitem> 199224090Sdougb </varlistentry> 200224090Sdougb 201224090Sdougb <varlistentry> 202224090Sdougb <term>-s <replaceable class="parameter">address</replaceable></term> 203224090Sdougb <listitem> 204224090Sdougb <para> 205224090Sdougb Specifies the IP address where <command>named</command> 206224090Sdougb listens for command channel connections from 207224090Sdougb <command>rndc</command>. The default is the loopback 208224090Sdougb address 127.0.0.1. 209224090Sdougb </para> 210224090Sdougb </listitem> 211224090Sdougb </varlistentry> 212224090Sdougb 213224090Sdougb <varlistentry> 214224090Sdougb <term>-t <replaceable class="parameter">chrootdir</replaceable></term> 215224090Sdougb <listitem> 216224090Sdougb <para> 217224090Sdougb Used with the <command>-a</command> option to specify 218224090Sdougb a directory where <command>named</command> will run 219224090Sdougb chrooted. An additional copy of the <filename>rndc.key</filename> 220224090Sdougb will be written relative to this directory so that 221224090Sdougb it will be found by the chrooted <command>named</command>. 222224090Sdougb </para> 223224090Sdougb </listitem> 224224090Sdougb </varlistentry> 225224090Sdougb 226224090Sdougb <varlistentry> 227224090Sdougb <term>-u <replaceable class="parameter">user</replaceable></term> 228224090Sdougb <listitem> 229224090Sdougb <para> 230224090Sdougb Used with the <command>-a</command> option to set the 231224090Sdougb owner 232224090Sdougb of the <filename>rndc.key</filename> file generated. 233224090Sdougb If 234224090Sdougb <command>-t</command> is also specified only the file 235224090Sdougb in 236224090Sdougb the chroot area has its owner changed. 237224090Sdougb </para> 238224090Sdougb </listitem> 239224090Sdougb </varlistentry> 240224090Sdougb 241224090Sdougb </variablelist> 242224090Sdougb </refsect1> 243224090Sdougb 244224090Sdougb <refsect1> 245224090Sdougb <title>EXAMPLES</title> 246224090Sdougb <para> 247224090Sdougb To allow <command>rndc</command> to be used with 248224090Sdougb no manual configuration, run 249224090Sdougb </para> 250224090Sdougb <para><userinput>rndc-confgen -a</userinput> 251224090Sdougb </para> 252224090Sdougb <para> 253224090Sdougb To print a sample <filename>rndc.conf</filename> file and 254224090Sdougb corresponding <command>controls</command> and <command>key</command> 255224090Sdougb statements to be manually inserted into <filename>named.conf</filename>, 256224090Sdougb run 257224090Sdougb </para> 258224090Sdougb <para><userinput>rndc-confgen</userinput> 259224090Sdougb </para> 260224090Sdougb </refsect1> 261224090Sdougb 262224090Sdougb <refsect1> 263224090Sdougb <title>SEE ALSO</title> 264224090Sdougb <para><citerefentry> 265224090Sdougb <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum> 266224090Sdougb </citerefentry>, 267224090Sdougb <citerefentry> 268224090Sdougb <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum> 269224090Sdougb </citerefentry>, 270224090Sdougb <citerefentry> 271224090Sdougb <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> 272224090Sdougb </citerefentry>, 273224090Sdougb <citetitle>BIND 9 Administrator Reference Manual</citetitle>. 274224090Sdougb </para> 275224090Sdougb </refsect1> 276224090Sdougb 277224090Sdougb <refsect1> 278224090Sdougb <title>AUTHOR</title> 279224090Sdougb <para><corpauthor>Internet Systems Consortium</corpauthor> 280224090Sdougb </para> 281224090Sdougb </refsect1> 282224090Sdougb 283224090Sdougb</refentry><!-- 284224090Sdougb - Local variables: 285224090Sdougb - mode: sgml 286224090Sdougb - End: 287224090Sdougb--> 288