Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
DDNS-CONFGEN(8)			    BIND 9		       DDNS-CONFGEN(8)

NAME
       ddns-confgen - ddns key generation tool

SYNOPSIS
       tsig-keygen [-a algorithm] [-h] [-r randomfile] [-s name]

       ddns-confgen  [-a algorithm] [-h] [-k keyname] [-q] [-r randomfile] [-s
       name] [-z zone]

DESCRIPTION
       tsig-keygen and ddns-confgen are	invocation methods for a utility  that
       generates keys for use in TSIG signing. The resulting keys can be used,
       for example, to secure dynamic DNS updates to a zone or	for  the  rndc
       command channel.

       When  run as tsig-keygen, a domain name can be specified	on the command
       line which will be used as the name of the generated key. If no name is
       specified, the default is tsig-key.

       When  run as ddns-confgen, the generated	key is accompanied by configu-
       ration text and instructions that can be	used with nsupdate  and	 named
       when  setting up	dynamic	DNS, including an example update-policy	state-
       ment. (This usage similar to the	rndc-confgen command  for  setting  up
       command channel security.)

       Note  that  named  itself  can  configure a local DDNS key for use with
       nsupdate	-l: it does this when a	zone is	configured with	 update-policy
       local;. ddns-confgen is only needed when	a more elaborate configuration
       is required: for	instance, if nsupdate is to be used from a remote sys-
       tem.

OPTIONS
       -a algorithm
	      Specifies	 the  algorithm	 to  use  for  the TSIG	key. Available
	      choices  are:  hmac-md5,	hmac-sha1,  hmac-sha224,  hmac-sha256,
	      hmac-sha384 and hmac-sha512. The default is hmac-sha256. Options
	      are case-insensitive, and	the "hmac-" prefix may be omitted.

       -h     Prints a short summary of	options	and arguments.

       -k keyname
	      Specifies	the key	name of	the DDNS authentication	key.  The  de-
	      fault  is	 ddns-key  when	neither	the -s nor -z option is	speci-
	      fied; otherwise, the default is ddns-key	as  a  separate	 label
	      followed	by  the	 argument  of the option, e.g.,	ddns-key.exam-
	      ple.com. The key name must have the format  of  a	 valid	domain
	      name, consisting of letters, digits, hyphens and periods.

       -q     (ddns-confgen only.) Quiet mode: Print only the key, with	no ex-
	      planatory	text or	usage examples;	This is	essentially  identical
	      to tsig-keygen.

       -s name
	      (ddns-confgen only.) Generate configuration example to allow dy-
	      namic updates of a single	hostname. The example named.conf  text
	      shows  how  to set an update policy for the specified name using
	      the "name" nametype. The default key name	is ddns-key.name. Note
	      that  the	 "self"	 nametype cannot be used, since	the name to be
	      updated may differ from the key name. This option	cannot be used
	      with the -z option.

       -z zone
	      (ddns-confgen only.) Generate configuration example to allow dy-
	      namic updates of a zone: The example named.conf text  shows  how
	      to  set an update	policy for the specified zone using the	"zone-
	      sub" nametype, allowing updates to all  subdomain	 names	within
	      that zone.  This option cannot be	used with the -s option.

SEE ALSO
       nsupdate(1),  named.conf(5),  named(8),	BIND 9 Administrator Reference
       Manual.

AUTHOR
       Internet	Systems	Consortium

COPYRIGHT
       2020, Internet Systems Consortium

9.16.6				  2020-08-10		       DDNS-CONFGEN(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ddns-confgen&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help