1.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2.. 3.. SPDX-License-Identifier: MPL-2.0 4.. 5.. This Source Code Form is subject to the terms of the Mozilla Public 6.. License, v. 2.0. If a copy of the MPL was not distributed with this 7.. file, you can obtain one at https://mozilla.org/MPL/2.0/. 8.. 9.. See the COPYRIGHT file distributed with this work for additional 10.. information regarding copyright ownership. 11 12.. highlight: console 13 14.. _man_rndc-confgen: 15 16rndc-confgen - rndc key generation tool 17--------------------------------------- 18 19Synopsis 20~~~~~~~~ 21 22:program:`rndc-confgen` [**-a**] [**-A** algorithm] [**-b** keysize] [**-c** keyfile] [**-h**] [**-k** keyname] [**-p** port] [**-s** address] [**-t** chrootdir] [**-u** user] 23 24Description 25~~~~~~~~~~~ 26 27``rndc-confgen`` generates configuration files for ``rndc``. It can be 28used as a convenient alternative to writing the ``rndc.conf`` file and 29the corresponding ``controls`` and ``key`` statements in ``named.conf`` 30by hand. Alternatively, it can be run with the ``-a`` option to set up a 31``rndc.key`` file and avoid the need for a ``rndc.conf`` file and a 32``controls`` statement altogether. 33 34Options 35~~~~~~~ 36 37``-a`` 38 This option sets automatic ``rndc`` configuration, which creates a file ``rndc.key`` 39 in ``/etc`` (or a different ``sysconfdir`` specified when BIND 40 was built) that is read by both ``rndc`` and ``named`` on startup. 41 The ``rndc.key`` file defines a default command channel and 42 authentication key allowing ``rndc`` to communicate with ``named`` on 43 the local host with no further configuration. 44 45 If a more elaborate configuration than that generated by 46 ``rndc-confgen -a`` is required, for example if rndc is to be used 47 remotely, run ``rndc-confgen`` without the ``-a`` option 48 and set up ``rndc.conf`` and ``named.conf`` as directed. 49 50``-A algorithm`` 51 This option specifies the algorithm to use for the TSIG key. Available choices 52 are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, and 53 hmac-sha512. The default is hmac-sha256. 54 55``-b keysize`` 56 This option specifies the size of the authentication key in bits. The size must be between 57 1 and 512 bits; the default is the hash size. 58 59``-c keyfile`` 60 This option is used with the ``-a`` option to specify an alternate location for 61 ``rndc.key``. 62 63``-h`` 64 This option prints a short summary of the options and arguments to 65 ``rndc-confgen``. 66 67``-k keyname`` 68 This option specifies the key name of the ``rndc`` authentication key. This must be a 69 valid domain name. The default is ``rndc-key``. 70 71``-p port`` 72 This option specifies the command channel port where ``named`` listens for 73 connections from ``rndc``. The default is 953. 74 75``-s address`` 76 This option specifies the IP address where ``named`` listens for command-channel 77 connections from ``rndc``. The default is the loopback address 78 127.0.0.1. 79 80``-t chrootdir`` 81 This option is used with the ``-a`` option to specify a directory where ``named`` 82 runs chrooted. An additional copy of the ``rndc.key`` is 83 written relative to this directory, so that it is found by the 84 chrooted ``named``. 85 86``-u user`` 87 This option is used with the ``-a`` option to set the owner of the generated ``rndc.key`` file. 88 If ``-t`` is also specified, only the file in the chroot 89 area has its owner changed. 90 91Examples 92~~~~~~~~ 93 94To allow ``rndc`` to be used with no manual configuration, run: 95 96``rndc-confgen -a`` 97 98To print a sample ``rndc.conf`` file and the corresponding ``controls`` and 99``key`` statements to be manually inserted into ``named.conf``, run: 100 101``rndc-confgen`` 102 103See Also 104~~~~~~~~ 105 106:manpage:`rndc(8)`, :manpage:`rndc.conf(5)`, :manpage:`named(8)`, BIND 9 Administrator Reference Manual. 107