1.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2.. 3.. SPDX-License-Identifier: MPL-2.0 4.. 5.. This Source Code Form is subject to the terms of the Mozilla Public 6.. License, v. 2.0. If a copy of the MPL was not distributed with this 7.. file, you can obtain one at https://mozilla.org/MPL/2.0/. 8.. 9.. See the COPYRIGHT file distributed with this work for additional 10.. information regarding copyright ownership. 11 12.. highlight: console 13 14.. iscman:: rndc-confgen 15.. program:: rndc-confgen 16.. _man_rndc-confgen: 17 18rndc-confgen - rndc key generation tool 19--------------------------------------- 20 21Synopsis 22~~~~~~~~ 23 24:program:`rndc-confgen` [**-a**] [**-A** algorithm] [**-b** keysize] [**-c** keyfile] [**-h**] [**-k** keyname] [**-p** port] [**-s** address] [**-t** chrootdir] [**-u** user] 25 26Description 27~~~~~~~~~~~ 28 29:program:`rndc-confgen` generates configuration files for :iscman:`rndc`. It can be 30used as a convenient alternative to writing the :iscman:`rndc.conf` file and 31the corresponding ``controls`` and ``key`` statements in :iscman:`named.conf` 32by hand. Alternatively, it can be run with the :option:`-a` option to set up a 33``rndc.key`` file and avoid the need for a :iscman:`rndc.conf` file and a 34``controls`` statement altogether. 35 36Options 37~~~~~~~ 38 39.. option:: -a 40 41 This option sets automatic :iscman:`rndc` configuration, which creates a file 42 |rndc_key| that is read by both :iscman:`rndc` and :iscman:`named` on startup. 43 The ``rndc.key`` file defines a default command channel and 44 authentication key allowing :iscman:`rndc` to communicate with :iscman:`named` on 45 the local host with no further configuration. 46 47 If a more elaborate configuration than that generated by 48 :option:`rndc-confgen -a` is required, for example if rndc is to be used 49 remotely, run :program:`rndc-confgen` without the :option:`-a` option 50 and set up :iscman:`rndc.conf` and :iscman:`named.conf` as directed. 51 52.. option:: -A algorithm 53 54 This option specifies the algorithm to use for the TSIG key. Available choices 55 are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, and 56 hmac-sha512. The default is hmac-sha256. 57 58.. option:: -b keysize 59 60 This option specifies the size of the authentication key in bits. The size must be between 61 1 and 512 bits; the default is the hash size. 62 63.. option:: -c keyfile 64 65 This option is used with the :option:`-a` option to specify an alternate location for 66 ``rndc.key``. 67 68.. option:: -h 69 70 This option prints a short summary of the options and arguments to 71 :program:`rndc-confgen`. 72 73.. option:: -k keyname 74 75 This option specifies the key name of the :iscman:`rndc` authentication key. This must be a 76 valid domain name. The default is ``rndc-key``. 77 78.. option:: -p port 79 80 This option specifies the command channel port where :iscman:`named` listens for 81 connections from :iscman:`rndc`. The default is 953. 82 83.. option:: -q 84 85 This option prevets printing the written path in automatic configuration mode. 86 87.. option:: -s address 88 89 This option specifies the IP address where :iscman:`named` listens for command-channel 90 connections from :iscman:`rndc`. The default is the loopback address 91 127.0.0.1. 92 93.. option:: -t chrootdir 94 95 This option is used with the :option:`-a` option to specify a directory where :iscman:`named` 96 runs chrooted. An additional copy of the ``rndc.key`` is 97 written relative to this directory, so that it is found by the 98 chrooted :iscman:`named`. 99 100.. option:: -u user 101 102 This option is used with the :option:`-a` option to set the owner of the generated ``rndc.key`` file. 103 If :option:`-t` is also specified, only the file in the chroot 104 area has its owner changed. 105 106Examples 107~~~~~~~~ 108 109To allow :iscman:`rndc` to be used with no manual configuration, run: 110 111``rndc-confgen -a`` 112 113To print a sample :iscman:`rndc.conf` file and the corresponding ``controls`` and 114``key`` statements to be manually inserted into :iscman:`named.conf`, run: 115 116:program:`rndc-confgen` 117 118See Also 119~~~~~~~~ 120 121:iscman:`rndc(8) <rndc>`, :iscman:`rndc.conf(5) <rndc.conf>`, :iscman:`named(8) <named>`, BIND 9 Administrator Reference Manual. 122