|Linux & Unix Commands - Search Man Pages
rndc-confgen - rndc key generation tool
rndc-confgen [ -a ] [ -b keysize ] [ -c keyfile ] [ -h ] [ -k keyname ] [ -p port ]
[ -r randomfile ] [ -s address ] [ -t chrootdir ] [ -u user ]
rndc-confgen generates configuration files for rndc. It can be used as a convenient alter-
native to writing the rndc.conf file and the corresponding controls and key statements in
named.conf by hand. Alternatively, it can be run with the -a option to set up a rndc.key
file and avoid the need for a rndc.conf file and a controls statement altogether.
-a Do automatic rndc configuration. This creates a file rndc.key in /etc (or whatever
sysconfdir was specified as when BIND was built) that is read by both rndc and
named on startup. The rndc.key file defines a default command channel and authenti-
cation key allowing rndc to communicate with named with no further configuration.
Running rndc-confgen -a allows BIND 9 and rndc to be used as drop-in replacements
for BIND 8 and ndc, with no changes to the existing BIND 8 named.conf file.
Specifies the size of the authentication key in bits. Must be between 1 and 512
bits; the default is 128.
Used with the -a option to specify an alternate location for rndc.key.
-h Prints a short summary of the options and arguments to rndc-confgen.
Specifies the key name of the rndc authentication key. This must be a valid domain
name. The default is rndc-key.
Specifies the command channel port where named listens for connections from rndc.
The default is 953.
Specifies a source of random data for generating the authoriazation. If the operat-
ing system does not provide a /dev/random or equivalent device, the default source
of randomness is keyboard input. randomdev specifies the name of a character device
or file containing random data to be used instead of the default. The special value
keyboard indicates that keyboard input should be used.
Specifies the IP address where named listens for command channel connections from
rndc. The default is the loopback address 127.0.0.1.
Used with the -a option to specify a directory where named will run chrooted. An
additional copy of the rndc.key will be written relative to this directory so that
it will be found by the chrooted named.
Used with the -a option to set the owner of the rndc.key file generated. If -t is
also specified only the file in the chroot area has its owner changed.
To allow rndc to be used with no manual configuration, run
To print a sample rndc.conf file and corresponding controls and key statements to be manu-
ally inserted into named.conf, run
rndc(8), rndc.conf(5), named(8), BIND 9 Administrator Reference Manual.
Internet Software Consortium
BIND9 Aug 27, 2001 RNDC-CONFGEN(8)
All times are GMT -4. The time now is 08:15 PM.