Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
RNDC-CONFGEN(8)			    BIND 9		       RNDC-CONFGEN(8)

       rndc-confgen - rndc key generation tool

       rndc-confgen  [-a]  [-A	algorithm]  [-b	keysize] [-c keyfile] [-h] [-k
       keyname]	[-p port] [-s address] [-t chrootdir] [-u user]

       rndc-confgen generates configuration files for rndc. It can be used  as
       a  convenient  alternative to writing the rndc.conf file	and the	corre-
       sponding	controls and key statements in named.conf  by  hand.  Alterna-
       tively,	it can be run with the -a option to set	up a rndc.key file and
       avoid the need for a rndc.conf file  and	 a  controls  statement	 alto-

       -a     Do automatic rndc	configuration. This creates a file rndc.key in
	      /etc (or whatever	sysconfdir was	specified  as  when  BIND  was
	      built)  that  is	read  by  both rndc and	named on startup.  The
	      rndc.key file defines a default command channel and  authentica-
	      tion  key	 allowing  rndc	to communicate with named on the local
	      host with	no further configuration.

	      Running rndc-confgen -a allows BIND 9 and	rndc  to  be  used  as
	      drop-in  replacements for	BIND 8 and ndc,	with no	changes	to the
	      existing BIND 8 named.conf file.

	      If  a  more  elaborate  configuration  than  that	 generated  by
	      rndc-confgen  -a	is required, for example if rndc is to be used
	      remotely,	you should run rndc-confgen without the	-a option  and
	      set up a rndc.conf and named.conf	as directed.

       -A algorithm
	      Specifies	 the  algorithm	 to  use  for  the TSIG	key. Available
	      choices  are:  hmac-md5,	hmac-sha1,  hmac-sha224,  hmac-sha256,
	      hmac-sha384 and hmac-sha512. The default is hmac-sha256.

       -b keysize
	      Specifies	 the  size  of the authentication key in bits. Must be
	      between 1	and 512	bits; the default is the hash size.

       -c keyfile
	      Used with	the -a option to specify  an  alternate	 location  for

       -h     Prints a short summary of	the options and	arguments to rndc-con-

       -k keyname
	      Specifies	the key	name of	the rndc authentication	key. This must
	      be a valid domain	name. The default is rndc-key.

       -p port
	      Specifies	 the command channel port where	named listens for con-
	      nections from rndc. The default is 953.

       -s address
	      Specifies	the IP address where named listens for command channel
	      connections  from	 rndc.	The  default  is  the loopback address

       -t chrootdir
	      Used with	the -a option to specify a directory where named  will
	      run chrooted. An additional copy of the rndc.key will be written
	      relative to this directory so that it will be found by  the  ch-
	      rooted named.

       -u user
	      Used  with  the  -a option to set	the owner of the rndc.key file
	      generated. If -t is also specified only the file in  the	chroot
	      area has its owner changed.

       To allow	rndc to	be used	with no	manual configuration, run

       rndc-confgen -a

       To  print  a  sample  rndc.conf file and	corresponding controls and key
       statements to be	manually inserted into named.conf, run


       rndc(8),	rndc.conf(5), named(8),	BIND 9 Administrator Reference Manual.

       Internet	Systems	Consortium

       2020, Internet Systems Consortium

9.16.6				  2020-08-10		       RNDC-CONFGEN(8)


Want to link to this manual page? Use this URL:

home | help