bin/confgen/rndc-confgen.docbook

<!--
 - Copyright (C) 2004, 2005, 2007, 2009, 2014, 2015  Internet Systems Consortium, Inc. ("ISC")
 - Copyright (C) 2001, 2003  Internet Software Consortium.
 -
 - Permission to use, copy, modify, and/or distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 -
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->

<!-- Converted by db4-upgrade version 1.0 -->
<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc-confgen">
  <info>
    <date>2009-06-15</date>
  </info>
  <refentryinfo>
    <corpname>ISC</corpname>
    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
  </refentryinfo>

  <refmeta>
    <refentrytitle><application>rndc-confgen</application></refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo>BIND9</refmiscinfo>
  </refmeta>

  <refnamediv>
    <refname><application>rndc-confgen</application></refname>
    <refpurpose>rndc key generation tool</refpurpose>
  </refnamediv>

  <docinfo>
    <copyright>
      <year>2004</year>
      <year>2005</year>
      <year>2007</year>
      <year>2009</year>
      <year>2014</year>
      <year>2015</year>
      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
    </copyright>
    <copyright>
      <year>2001</year>
      <year>2003</year>
      <holder>Internet Software Consortium.</holder>
    </copyright>
  </docinfo>

  <refsynopsisdiv>
    <cmdsynopsis sepchar=" ">
      <command>rndc-confgen</command>
      <arg choice="opt" rep="norepeat"><option>-a</option></arg>
      <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
      <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">address</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsection><info><title>DESCRIPTION</title></info>

    <para><command>rndc-confgen</command>
      generates configuration files
      for <command>rndc</command>.  It can be used as a
      convenient alternative to writing the
      <filename>rndc.conf</filename> file
      and the corresponding <command>controls</command>
      and <command>key</command>
      statements in <filename>named.conf</filename> by hand.
      Alternatively, it can be run with the <command>-a</command>
      option to set up a <filename>rndc.key</filename> file and
      avoid the need for a <filename>rndc.conf</filename> file
      and a <command>controls</command> statement altogether.
    </para>

  </refsection>

  <refsection><info><title>OPTIONS</title></info>


    <variablelist>
      <varlistentry>
        <term>-a</term>
        <listitem>
          <para>
            Do automatic <command>rndc</command> configuration.
            This creates a file <filename>rndc.key</filename>
            in <filename>/etc</filename> (or whatever
            <varname>sysconfdir</varname>
            was specified as when <acronym>BIND</acronym> was
            built)
            that is read by both <command>rndc</command>
            and <command>named</command> on startup.  The
            <filename>rndc.key</filename> file defines a default
            command channel and authentication key allowing
            <command>rndc</command> to communicate with
            <command>named</command> on the local host
            with no further configuration.
          </para>
          <para>
            Running <command>rndc-confgen -a</command> allows
            BIND 9 and <command>rndc</command> to be used as
            drop-in
            replacements for BIND 8 and <command>ndc</command>,
            with no changes to the existing BIND 8
            <filename>named.conf</filename> file.
          </para>
          <para>
            If a more elaborate configuration than that
            generated by <command>rndc-confgen -a</command>
            is required, for example if rndc is to be used remotely,
            you should run <command>rndc-confgen</command> without
            the
            <command>-a</command> option and set up a
            <filename>rndc.conf</filename> and
            <filename>named.conf</filename>
            as directed.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-b <replaceable class="parameter">keysize</replaceable></term>
        <listitem>
          <para>
            Specifies the size of the authentication key in bits.
            Must be between 1 and 512 bits; the default is 128.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-c <replaceable class="parameter">keyfile</replaceable></term>
        <listitem>
          <para>
            Used with the <command>-a</command> option to specify
            an alternate location for <filename>rndc.key</filename>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-h</term>
        <listitem>
          <para>
            Prints a short summary of the options and arguments to
            <command>rndc-confgen</command>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-k <replaceable class="parameter">keyname</replaceable></term>
        <listitem>
          <para>
            Specifies the key name of the rndc authentication key.
            This must be a valid domain name.
            The default is <constant>rndc-key</constant>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-p <replaceable class="parameter">port</replaceable></term>
        <listitem>
          <para>
            Specifies the command channel port where <command>named</command>
            listens for connections from <command>rndc</command>.
            The default is 953.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-r <replaceable class="parameter">randomfile</replaceable></term>
        <listitem>
          <para>
            Specifies a source of random data for generating the
            authorization.  If the operating
            system does not provide a <filename>/dev/random</filename>
            or equivalent device, the default source of randomness
            is keyboard input.  <filename>randomdev</filename>
            specifies
            the name of a character device or file containing random
            data to be used instead of the default.  The special value
            <filename>keyboard</filename> indicates that keyboard
            input should be used.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-s <replaceable class="parameter">address</replaceable></term>
        <listitem>
          <para>
            Specifies the IP address where <command>named</command>
            listens for command channel connections from
            <command>rndc</command>.  The default is the loopback
            address 127.0.0.1.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-t <replaceable class="parameter">chrootdir</replaceable></term>
        <listitem>
          <para>
            Used with the <command>-a</command> option to specify
            a directory where <command>named</command> will run
            chrooted.  An additional copy of the <filename>rndc.key</filename>
            will be written relative to this directory so that
            it will be found by the chrooted <command>named</command>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-u <replaceable class="parameter">user</replaceable></term>
        <listitem>
          <para>
            Used with the <command>-a</command> option to set the
            owner
            of the <filename>rndc.key</filename> file generated.
            If
            <command>-t</command> is also specified only the file
            in
            the chroot area has its owner changed.
          </para>
        </listitem>
      </varlistentry>

    </variablelist>
  </refsection>

  <refsection><info><title>EXAMPLES</title></info>

    <para>
      To allow <command>rndc</command> to be used with
      no manual configuration, run
    </para>
    <para><userinput>rndc-confgen -a</userinput>
    </para>
    <para>
      To print a sample <filename>rndc.conf</filename> file and
      corresponding <command>controls</command> and <command>key</command>
      statements to be manually inserted into <filename>named.conf</filename>,
      run
    </para>
    <para><userinput>rndc-confgen</userinput>
    </para>
  </refsection>

  <refsection><info><title>SEE ALSO</title></info>

    <para><citerefentry>
        <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
    </para>
  </refsection>

</refentry>
Revision:	9209
Committed:	Sat Nov 5 14:29:41 2016 UTC (7 years, 5 months ago) by laffer1
File size:	10502 byte(s)
Log Message:	bind 9.9.9-p4
#	Content
1	<!--
2	- Copyright (C) 2004, 2005, 2007, 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
3	- Copyright (C) 2001, 2003 Internet Software Consortium.
4	-
5	- Permission to use, copy, modify, and/or distribute this software for any
6	- purpose with or without fee is hereby granted, provided that the above
7	- copyright notice and this permission notice appear in all copies.
8	-
9	- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10	- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11	- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12	- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13	- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14	- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15	- PERFORMANCE OF THIS SOFTWARE.
16	-->
17
18	<!-- Converted by db4-upgrade version 1.0 -->
19	<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc-confgen">
20	<info>
21	<date>2009-06-15</date>
22	</info>
23	<refentryinfo>
24	<corpname>ISC</corpname>
25	<corpauthor>Internet Systems Consortium, Inc.</corpauthor>
26	</refentryinfo>
27
28	<refmeta>
29	<refentrytitle><application>rndc-confgen</application></refentrytitle>
30	<manvolnum>8</manvolnum>
31	<refmiscinfo>BIND9</refmiscinfo>
32	</refmeta>
33
34	<refnamediv>
35	<refname><application>rndc-confgen</application></refname>
36	<refpurpose>rndc key generation tool</refpurpose>
37	</refnamediv>
38
39	<docinfo>
40	<copyright>
41	<year>2004</year>
42	<year>2005</year>
43	<year>2007</year>
44	<year>2009</year>
45	<year>2014</year>
46	<year>2015</year>
47	<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
48	</copyright>
49	<copyright>
50	<year>2001</year>
51	<year>2003</year>
52	<holder>Internet Software Consortium.</holder>
53	</copyright>
54	</docinfo>
55
56	<refsynopsisdiv>
57	<cmdsynopsis sepchar=" ">
58	<command>rndc-confgen</command>
59	<arg choice="opt" rep="norepeat"><option>-a</option></arg>
60	<arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
61	<arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg>
62	<arg choice="opt" rep="norepeat"><option>-h</option></arg>
63	<arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
64	<arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
65	<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
66	<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">address</replaceable></option></arg>
67	<arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
68	<arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
69	</cmdsynopsis>
70	</refsynopsisdiv>
71
72	<refsection><info><title>DESCRIPTION</title></info>
73
74	<para><command>rndc-confgen</command>
75	generates configuration files
76	for <command>rndc</command>. It can be used as a
77	convenient alternative to writing the
78	<filename>rndc.conf</filename> file
79	and the corresponding <command>controls</command>
80	and <command>key</command>
81	statements in <filename>named.conf</filename> by hand.
82	Alternatively, it can be run with the <command>-a</command>
83	option to set up a <filename>rndc.key</filename> file and
84	avoid the need for a <filename>rndc.conf</filename> file
85	and a <command>controls</command> statement altogether.
86	</para>
87
88	</refsection>
89
90	<refsection><info><title>OPTIONS</title></info>
91
92
93	<variablelist>
94	<varlistentry>
95	<term>-a</term>
96	<listitem>
97	<para>
98	Do automatic <command>rndc</command> configuration.
99	This creates a file <filename>rndc.key</filename>
100	in <filename>/etc</filename> (or whatever
101	<varname>sysconfdir</varname>
102	was specified as when <acronym>BIND</acronym> was
103	built)
104	that is read by both <command>rndc</command>
105	and <command>named</command> on startup. The
106	<filename>rndc.key</filename> file defines a default
107	command channel and authentication key allowing
108	<command>rndc</command> to communicate with
109	<command>named</command> on the local host
110	with no further configuration.
111	</para>
112	<para>
113	Running <command>rndc-confgen -a</command> allows
114	BIND 9 and <command>rndc</command> to be used as
115	drop-in
116	replacements for BIND 8 and <command>ndc</command>,
117	with no changes to the existing BIND 8
118	<filename>named.conf</filename> file.
119	</para>
120	<para>
121	If a more elaborate configuration than that
122	generated by <command>rndc-confgen -a</command>
123	is required, for example if rndc is to be used remotely,
124	you should run <command>rndc-confgen</command> without
125	the
126	<command>-a</command> option and set up a
127	<filename>rndc.conf</filename> and
128	<filename>named.conf</filename>
129	as directed.
130	</para>
131	</listitem>
132	</varlistentry>
133
134	<varlistentry>
135	<term>-b <replaceable class="parameter">keysize</replaceable></term>
136	<listitem>
137	<para>
138	Specifies the size of the authentication key in bits.
139	Must be between 1 and 512 bits; the default is 128.
140	</para>
141	</listitem>
142	</varlistentry>
143
144	<varlistentry>
145	<term>-c <replaceable class="parameter">keyfile</replaceable></term>
146	<listitem>
147	<para>
148	Used with the <command>-a</command> option to specify
149	an alternate location for <filename>rndc.key</filename>.
150	</para>
151	</listitem>
152	</varlistentry>
153
154	<varlistentry>
155	<term>-h</term>
156	<listitem>
157	<para>
158	Prints a short summary of the options and arguments to
159	<command>rndc-confgen</command>.
160	</para>
161	</listitem>
162	</varlistentry>
163
164	<varlistentry>
165	<term>-k <replaceable class="parameter">keyname</replaceable></term>
166	<listitem>
167	<para>
168	Specifies the key name of the rndc authentication key.
169	This must be a valid domain name.
170	The default is <constant>rndc-key</constant>.
171	</para>
172	</listitem>
173	</varlistentry>
174
175	<varlistentry>
176	<term>-p <replaceable class="parameter">port</replaceable></term>
177	<listitem>
178	<para>
179	Specifies the command channel port where <command>named</command>
180	listens for connections from <command>rndc</command>.
181	The default is 953.
182	</para>
183	</listitem>
184	</varlistentry>
185
186	<varlistentry>
187	<term>-r <replaceable class="parameter">randomfile</replaceable></term>
188	<listitem>
189	<para>
190	Specifies a source of random data for generating the
191	authorization. If the operating
192	system does not provide a <filename>/dev/random</filename>
193	or equivalent device, the default source of randomness
194	is keyboard input. <filename>randomdev</filename>
195	specifies
196	the name of a character device or file containing random
197	data to be used instead of the default. The special value
198	<filename>keyboard</filename> indicates that keyboard
199	input should be used.
200	</para>
201	</listitem>
202	</varlistentry>
203
204	<varlistentry>
205	<term>-s <replaceable class="parameter">address</replaceable></term>
206	<listitem>
207	<para>
208	Specifies the IP address where <command>named</command>
209	listens for command channel connections from
210	<command>rndc</command>. The default is the loopback
211	address 127.0.0.1.
212	</para>
213	</listitem>
214	</varlistentry>
215
216	<varlistentry>
217	<term>-t <replaceable class="parameter">chrootdir</replaceable></term>
218	<listitem>
219	<para>
220	Used with the <command>-a</command> option to specify
221	a directory where <command>named</command> will run
222	chrooted. An additional copy of the <filename>rndc.key</filename>
223	will be written relative to this directory so that
224	it will be found by the chrooted <command>named</command>.
225	</para>
226	</listitem>
227	</varlistentry>
228
229	<varlistentry>
230	<term>-u <replaceable class="parameter">user</replaceable></term>
231	<listitem>
232	<para>
233	Used with the <command>-a</command> option to set the
234	owner
235	of the <filename>rndc.key</filename> file generated.
236	If
237	<command>-t</command> is also specified only the file
238	in
239	the chroot area has its owner changed.
240	</para>
241	</listitem>
242	</varlistentry>
243
244	</variablelist>
245	</refsection>
246
247	<refsection><info><title>EXAMPLES</title></info>
248
249	<para>
250	To allow <command>rndc</command> to be used with
251	no manual configuration, run
252	</para>
253	<para><userinput>rndc-confgen -a</userinput>
254	</para>
255	<para>
256	To print a sample <filename>rndc.conf</filename> file and
257	corresponding <command>controls</command> and <command>key</command>
258	statements to be manually inserted into <filename>named.conf</filename>,
259	run
260	</para>
261	<para><userinput>rndc-confgen</userinput>
262	</para>
263	</refsection>
264
265	<refsection><info><title>SEE ALSO</title></info>
266
267	<para><citerefentry>
268	<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
269	</citerefentry>,
270	<citerefentry>
271	<refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
272	</citerefentry>,
273	<citerefentry>
274	<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
275	</citerefentry>,
276	<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
277	</para>
278	</refsection>
279
280	</refentry>