unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OpenBSD-3.6)
Page:
Section:
Apropos / Subsearch:
optional field































































                                                                1





RNDC-CONFGEN(8)                                   RNDC-CONFGEN(8)


NAME
       rndc-confgen - rndc key generation tool

SYNOPSIS
       rndc-confgen  [ -a ]  [ -b keysize ]  [ -c keyfile ]  [ -h
       ]  [ -k keyname ]  [ -p port ]  [ -r randomfile  ]   [  -s
       address ]  [ -t chrootdir ]  [ -u user ]

DESCRIPTION
       rndc-confgen  generates  configuration  files for rndc. It
       can be used as a convenient  alternative  to  writing  the
       rndc.conf  file  and  the  corresponding  controls and key
       statements in named.conf by hand.  Alternatively,  it  can
       be  run  with  the -a option to set up a rndc.key file and
       avoid the need for a rndc.conf file and a controls  state-
       ment altogether.

OPTIONS
       -a     Do  automatic  rndc  configuration.  This creates a
              file rndc.key in /etc (or whatever  sysconfdir  was
              specified  as  when BIND was built) that is read by
              both rndc and named on startup. The  rndc.key  file
              defines  a  default command channel and authentica-
              tion key allowing rndc to  communicate  with  named
              with no further configuration.

              Running  rndc-confgen  -a allows BIND 9 and rndc to
              be used as drop-in replacements for BIND 8 and ndc,
              with  no  changes to the existing BIND 8 named.conf
              file.

       -b keysize
              Specifies the size of  the  authentication  key  in
              bits.   Must be between 1 and 512 bits; the default
              is 128.

       -c keyfile
              Used with the -a option  to  specify  an  alternate
              location for rndc.key.

       -h     Prints a short summary of the options and arguments
              to rndc-confgen.

       -k keyname
              Specifies the key name of the  rndc  authentication
              key.   This  must  be  a  valid  domain  name.  The
              default is rndc-key.

       -p port
              Specifies the command channel port where named lis-
              tens  for  connections  from  rndc.  The default is
              953.





BIND9                      Aug 27, 2001                         1





RNDC-CONFGEN(8)                                   RNDC-CONFGEN(8)


       -r randomfile
              Specifies a source of random  data  for  generating
              the authorization. If the operating system does not
              provide a /dev/random  or  equivalent  device,  the
              default  source  of  randomness  is keyboard input.
              randomdev specifies the name of a character  device
              or  file  containing random data to be used instead
              of the default. The special  value  keyboard  indi-
              cates that keyboard input should be used.

       -s address
              Specifies  the  IP  address where named listens for
              command channel connections from rndc. The  default
              is the loopback address 127.0.0.1.

       -t chrootdir
              Used  with  the  -a  option  to specify a directory
              where named will run chrooted. An  additional  copy
              of  the  rndc.key  will be written relative to this
              directory so that it will be found by the  chrooted
              named.

       -u user
              Used  with  the  -a  option to set the owner of the
              rndc.key file generated. If -t  is  also  specified
              only  the  file  in  the  chroot area has its owner
              changed.

EXAMPLES
       To allow rndc to be used with no manual configuration, run

       rndc-confgen -a

       To  print  a  sample rndc.conf file and corresponding con-
       trols and key statements  to  be  manually  inserted  into
       named.conf, run

       rndc-confgen

SEE ALSO
       rndc(8), rndc.conf(5), named(8), BIND 9 Administrator Ref-
       erence Manual.

AUTHOR
       Internet Software Consortium












BIND9                      Aug 27, 2001                         2