Unix/Linux Go Back    


NetBSD 6.1.5 - man page for rndc-confgen (netbsd section 8)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


RNDC-CONFGEN(8) 			      BIND9				  RNDC-CONFGEN(8)

NAME
       rndc-confgen - rndc key generation tool

SYNOPSIS
       rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile]
		    [-s address] [-t chrootdir] [-u user]

DESCRIPTION
       rndc-confgen generates configuration files for rndc. It can be used as a convenient
       alternative to writing the rndc.conf file and the corresponding controls and key
       statements in named.conf by hand. Alternatively, it can be run with the -a option to set
       up a rndc.key file and avoid the need for a rndc.conf file and a controls statement
       altogether.

OPTIONS
       -a
	   Do automatic rndc configuration. This creates a file rndc.key in /etc (or whatever
	   sysconfdir was specified as when BIND was built) that is read by both rndc and named
	   on startup. The rndc.key file defines a default command channel and authentication key
	   allowing rndc to communicate with named on the local host with no further
	   configuration.

	   Running rndc-confgen -a allows BIND 9 and rndc to be used as drop-in replacements for
	   BIND 8 and ndc, with no changes to the existing BIND 8 named.conf file.

	   If a more elaborate configuration than that generated by rndc-confgen -a is required,
	   for example if rndc is to be used remotely, you should run rndc-confgen without the -a
	   option and set up a rndc.conf and named.conf as directed.

       -b keysize
	   Specifies the size of the authentication key in bits. Must be between 1 and 512 bits;
	   the default is 128.

       -c keyfile
	   Used with the -a option to specify an alternate location for rndc.key.

       -h
	   Prints a short summary of the options and arguments to rndc-confgen.

       -k keyname
	   Specifies the key name of the rndc authentication key. This must be a valid domain
	   name. The default is rndc-key.

       -p port
	   Specifies the command channel port where named listens for connections from rndc. The
	   default is 953.

       -r randomfile
	   Specifies a source of random data for generating the authorization. If the operating
	   system does not provide a /dev/random or equivalent device, the default source of
	   randomness is keyboard input.  randomdev specifies the name of a character device or
	   file containing random data to be used instead of the default. The special value
	   keyboard indicates that keyboard input should be used.

       -s address
	   Specifies the IP address where named listens for command channel connections from
	   rndc. The default is the loopback address 127.0.0.1.

       -t chrootdir
	   Used with the -a option to specify a directory where named will run chrooted. An
	   additional copy of the rndc.key will be written relative to this directory so that it
	   will be found by the chrooted named.

       -u user
	   Used with the -a option to set the owner of the rndc.key file generated. If -t is also
	   specified only the file in the chroot area has its owner changed.

EXAMPLES
       To allow rndc to be used with no manual configuration, run

       rndc-confgen -a

       To print a sample rndc.conf file and corresponding controls and key statements to be
       manually inserted into named.conf, run

       rndc-confgen

SEE ALSO
       rndc(8), rndc.conf(5), named(8), BIND 9 Administrator Reference Manual.

AUTHOR
       Internet Systems Consortium

COPYRIGHT
       Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
       Copyright (C) 2001, 2003 Internet Software Consortium.

BIND9					   Aug 27, 2001 			  RNDC-CONFGEN(8)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 07:59 AM.