rndc-confgen(1) rndc-confgen(1)
NAME [Toc] [Back]
rndc-confgen - rndc key generation tool
SYNOPSIS [Toc] [Back]
rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port]
[-r randomfile] [-s address] [-t chrootdir] [-u user]
DESCRIPTION [Toc] [Back]
rndc-confgen can be used to generate rndc.conf, the configuration file
for rndc. Alternatively, it can be run with the -a option to set up a
rndc.key file and avoid the need for a rndc.conf file and a controls
statement altogether.
Options [Toc] [Back]
-a This option is used to configure rndc automatically.
This creates a file rndc.key in /etc (or whatever
sysconfdir was specified when BIND was built) that is
read by both rndc and named on startup. The rndc.key
file defines a default command channel and
authentication key allowing rndc to communicate with
named with no further configuration. Running rndc-
confgen -a allows BIND 9 and rndc to be used as drop-in
replacements for BIND 8 and ndc, with no changes to the
existing BIND 8 named.conf file.
-b keysize
This option is used to specify the size of the
authentication key in bits. The value must range
between 1 and 512 bits. Default is 128 bits.
-c keyfile
This option is used with the -a option to specify an
alternate location for rndc.key.
-h This option is used to print a short summary of the
options and arguments to rndc-confgen.
-k keyname
This option is used to specify the key name of the rndc
authentication key. This must be a valid domain name.
Default is rndc-key.
-p port This option is used to specify the command channel port
where named listens for connections from rndc. Default
is 953.
-r randomfile
This option is used to specify a source file of random
data for generating the authorization. If the
operating system does not provide a /dev/random or
equivalent device, the default source of randomness is
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
rndc-confgen(1) rndc-confgen(1)
keyboard input. randomdev specifies the name of a
character device or a file containing random data to be
used instead of the default. The special value
keyboard indicates that keyboard input needs to be
used.
-s address
This option is used to specify the IP address where
named listens for command channel connections from
rndc. Default is the loopback address 127.0.0.1.
-t chrootdir
This option is used with the -a option to specify a
directory where named will run chrooted. An additional
copy of the rndc.key will be written relative to this
directory so that it will be found by the chrooted
named.
-u user This option is used with the -a option to set the owner
of the rndc.key file generated. If -t is also
specified, only the file in the chroot area has its
owner changed.
EXAMPLES [Toc] [Back]
To allow rndc to be used with no manual configuration, run:
rndc-confgen -a
To print a sample rndc.conf file and corresponding controls and key
statements to be manually inserted into named.conf, run:
rndc-confgen
AUTHOR [Toc] [Back]
rndc-confgen was developed by the Hewlett-Packard Company.
SEE ALSO [Toc] [Back]
rndc(1), named(1M), rndc.conf(4), and BIND 9 Administrator Reference
Manual.
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003 [ Back ] |
