184 lines
5.0 KiB
Groff
184 lines
5.0 KiB
Groff
.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
|
|
.\" Copyright (C) 2001, 2003 Internet Software Consortium.
|
|
.\"
|
|
.\" Permission to use, copy, modify, and distribute this software for any
|
|
.\" purpose with or without fee is hereby granted, provided that the above
|
|
.\" copyright notice and this permission notice appear in all copies.
|
|
.\"
|
|
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
.\" PERFORMANCE OF THIS SOFTWARE.
|
|
.\"
|
|
.\" $Id: rndc-confgen.8,v 1.3.2.5.2.7 2005/10/13 02:33:50 marka Exp $
|
|
.\"
|
|
.hy 0
|
|
.ad l
|
|
.\" ** You probably do not want to edit this file directly **
|
|
.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
|
|
.\" Instead of manually editing it, you probably should edit the DocBook XML
|
|
.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
|
|
.TH "RNDC\-CONFGEN" "8" "Aug 27, 2001" "BIND9" "BIND9"
|
|
.\" disable hyphenation
|
|
.nh
|
|
.\" disable justification (adjust text to left margin only)
|
|
.ad l
|
|
.SH "NAME"
|
|
rndc\-confgen \- rndc key generation tool
|
|
.SH "SYNOPSIS"
|
|
.HP 13
|
|
\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
|
|
.SH "DESCRIPTION"
|
|
.PP
|
|
\fBrndc\-confgen\fR
|
|
generates configuration files for
|
|
\fBrndc\fR. It can be used as a convenient alternative to writing the
|
|
\fIrndc.conf\fR
|
|
file and the corresponding
|
|
\fBcontrols\fR
|
|
and
|
|
\fBkey\fR
|
|
statements in
|
|
\fInamed.conf\fR
|
|
by hand. Alternatively, it can be run with the
|
|
\fB\-a\fR
|
|
option to set up a
|
|
\fIrndc.key\fR
|
|
file and avoid the need for a
|
|
\fIrndc.conf\fR
|
|
file and a
|
|
\fBcontrols\fR
|
|
statement altogether.
|
|
.SH "OPTIONS"
|
|
.TP
|
|
\-a
|
|
Do automatic
|
|
\fBrndc\fR
|
|
configuration. This creates a file
|
|
\fIrndc.key\fR
|
|
in
|
|
\fI/etc\fR
|
|
(or whatever
|
|
\fIsysconfdir\fR
|
|
was specified as when
|
|
BIND
|
|
was built) that is read by both
|
|
\fBrndc\fR
|
|
and
|
|
\fBnamed\fR
|
|
on startup. The
|
|
\fIrndc.key\fR
|
|
file defines a default command channel and authentication key allowing
|
|
\fBrndc\fR
|
|
to communicate with
|
|
\fBnamed\fR
|
|
on the local host with no further configuration.
|
|
.sp
|
|
Running
|
|
\fBrndc\-confgen \-a\fR
|
|
allows BIND 9 and
|
|
\fBrndc\fR
|
|
to be used as drop\-in replacements for BIND 8 and
|
|
\fBndc\fR, with no changes to the existing BIND 8
|
|
\fInamed.conf\fR
|
|
file.
|
|
.sp
|
|
If a more elaborate configuration than that generated by
|
|
\fBrndc\-confgen \-a\fR
|
|
is required, for example if rndc is to be used remotely, you should run
|
|
\fBrndc\-confgen\fR
|
|
without the
|
|
\fB\-a\fR
|
|
option and set up a
|
|
\fIrndc.conf\fR
|
|
and
|
|
\fInamed.conf\fR
|
|
as directed.
|
|
.TP
|
|
\-b \fIkeysize\fR
|
|
Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.
|
|
.TP
|
|
\-c \fIkeyfile\fR
|
|
Used with the
|
|
\fB\-a\fR
|
|
option to specify an alternate location for
|
|
\fIrndc.key\fR.
|
|
.TP
|
|
\-h
|
|
Prints a short summary of the options and arguments to
|
|
\fBrndc\-confgen\fR.
|
|
.TP
|
|
\-k \fIkeyname\fR
|
|
Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is
|
|
\fBrndc\-key\fR.
|
|
.TP
|
|
\-p \fIport\fR
|
|
Specifies the command channel port where
|
|
\fBnamed\fR
|
|
listens for connections from
|
|
\fBrndc\fR. The default is 953.
|
|
.TP
|
|
\-r \fIrandomfile\fR
|
|
Specifies a source of random data for generating the authorization. If the operating system does not provide a
|
|
\fI/dev/random\fR
|
|
or equivalent device, the default source of randomness is keyboard input.
|
|
\fIrandomdev\fR
|
|
specifies the name of a character device or file containing random data to be used instead of the default. The special value
|
|
\fIkeyboard\fR
|
|
indicates that keyboard input should be used.
|
|
.TP
|
|
\-s \fIaddress\fR
|
|
Specifies the IP address where
|
|
\fBnamed\fR
|
|
listens for command channel connections from
|
|
\fBrndc\fR. The default is the loopback address 127.0.0.1.
|
|
.TP
|
|
\-t \fIchrootdir\fR
|
|
Used with the
|
|
\fB\-a\fR
|
|
option to specify a directory where
|
|
\fBnamed\fR
|
|
will run chrooted. An additional copy of the
|
|
\fIrndc.key\fR
|
|
will be written relative to this directory so that it will be found by the chrooted
|
|
\fBnamed\fR.
|
|
.TP
|
|
\-u \fIuser\fR
|
|
Used with the
|
|
\fB\-a\fR
|
|
option to set the owner of the
|
|
\fIrndc.key\fR
|
|
file generated. If
|
|
\fB\-t\fR
|
|
is also specified only the file in the chroot area has its owner changed.
|
|
.SH "EXAMPLES"
|
|
.PP
|
|
To allow
|
|
\fBrndc\fR
|
|
to be used with no manual configuration, run
|
|
.PP
|
|
\fBrndc\-confgen \-a\fR
|
|
.PP
|
|
To print a sample
|
|
\fIrndc.conf\fR
|
|
file and corresponding
|
|
\fBcontrols\fR
|
|
and
|
|
\fBkey\fR
|
|
statements to be manually inserted into
|
|
\fInamed.conf\fR, run
|
|
.PP
|
|
\fBrndc\-confgen\fR
|
|
.SH "SEE ALSO"
|
|
.PP
|
|
\fBrndc\fR(8),
|
|
\fBrndc.conf\fR(5),
|
|
\fBnamed\fR(8),
|
|
BIND 9 Administrator Reference Manual.
|
|
.SH "AUTHOR"
|
|
.PP
|
|
Internet Systems Consortium
|