141 lines
4.6 KiB
Groff
141 lines
4.6 KiB
Groff
.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
|
|
.\" Copyright (C) 2001-2003 Internet Software Consortium.
|
|
.\"
|
|
.\" Permission to use, copy, modify, and distribute this software for any
|
|
.\" purpose with or without fee is hereby granted, provided that the above
|
|
.\" copyright notice and this permission notice appear in all copies.
|
|
.\"
|
|
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
.\" PERFORMANCE OF THIS SOFTWARE.
|
|
.\"
|
|
.\" $Id: rndc-confgen.8,v 1.3.2.5.2.3 2004/06/03 05:35:48 marka Exp $
|
|
.\"
|
|
.TH "RNDC-CONFGEN" "8" "Aug 27, 2001" "BIND9" ""
|
|
.SH NAME
|
|
rndc-confgen \- rndc key generation tool
|
|
.SH SYNOPSIS
|
|
.sp
|
|
\fBrndc-confgen\fR [ \fB-a\fR ] [ \fB-b \fIkeysize\fB\fR ] [ \fB-c \fIkeyfile\fB\fR ] [ \fB-h\fR ] [ \fB-k \fIkeyname\fB\fR ] [ \fB-p \fIport\fB\fR ] [ \fB-r \fIrandomfile\fB\fR ] [ \fB-s \fIaddress\fB\fR ] [ \fB-t \fIchrootdir\fB\fR ] [ \fB-u \fIuser\fB\fR ]
|
|
.SH "DESCRIPTION"
|
|
.PP
|
|
\fBrndc-confgen\fR generates configuration files
|
|
for \fBrndc\fR. It can be used as a
|
|
convenient alternative to writing the
|
|
\fIrndc.conf\fR file
|
|
and the corresponding \fBcontrols\fR
|
|
and \fBkey\fR
|
|
statements in \fInamed.conf\fR by hand.
|
|
Alternatively, it can be run with the \fB-a\fR
|
|
option to set up a \fIrndc.key\fR file and
|
|
avoid the need for a \fIrndc.conf\fR file
|
|
and a \fBcontrols\fR statement altogether.
|
|
.SH "OPTIONS"
|
|
.TP
|
|
\fB-a\fR
|
|
Do automatic \fBrndc\fR configuration.
|
|
This creates a file \fIrndc.key\fR
|
|
in \fI/etc\fR (or whatever
|
|
sysconfdir
|
|
was specified as when BIND was built)
|
|
that is read by both \fBrndc\fR
|
|
and \fBnamed\fR on startup. The
|
|
\fIrndc.key\fR file defines a default
|
|
command channel and authentication key allowing
|
|
\fBrndc\fR to communicate with
|
|
\fBnamed\fR on the local host
|
|
with no further configuration.
|
|
|
|
Running \fBrndc-confgen -a\fR allows
|
|
BIND 9 and \fBrndc\fR to be used as drop-in
|
|
replacements for BIND 8 and \fBndc\fR,
|
|
with no changes to the existing BIND 8
|
|
\fInamed.conf\fR file.
|
|
|
|
If a more elaborate configuration than that
|
|
generated by \fBrndc-confgen -a\fR
|
|
is required, for example if rndc is to be used remotely,
|
|
you should run \fBrndc-confgen\fR without the
|
|
\fB-a\fR option and set up a
|
|
\fIrndc.conf\fR and
|
|
\fInamed.conf\fR
|
|
as directed.
|
|
.TP
|
|
\fB-b \fIkeysize\fB\fR
|
|
Specifies the size of the authentication key in bits.
|
|
Must be between 1 and 512 bits; the default is 128.
|
|
.TP
|
|
\fB-c \fIkeyfile\fB\fR
|
|
Used with the \fB-a\fR option to specify
|
|
an alternate location for \fIrndc.key\fR.
|
|
.TP
|
|
\fB-h\fR
|
|
Prints a short summary of the options and arguments to
|
|
\fBrndc-confgen\fR.
|
|
.TP
|
|
\fB-k \fIkeyname\fB\fR
|
|
Specifies the key name of the rndc authentication key.
|
|
This must be a valid domain name.
|
|
The default is rndc-key.
|
|
.TP
|
|
\fB-p \fIport\fB\fR
|
|
Specifies the command channel port where \fBnamed\fR
|
|
listens for connections from \fBrndc\fR.
|
|
The default is 953.
|
|
.TP
|
|
\fB-r \fIrandomfile\fB\fR
|
|
Specifies a source of random data for generating the
|
|
authorization. If the operating
|
|
system does not provide a \fI/dev/random\fR
|
|
or equivalent device, the default source of randomness
|
|
is keyboard input. \fIrandomdev\fR specifies
|
|
the name of a character device or file containing random
|
|
data to be used instead of the default. The special value
|
|
\fIkeyboard\fR indicates that keyboard
|
|
input should be used.
|
|
.TP
|
|
\fB-s \fIaddress\fB\fR
|
|
Specifies the IP address where \fBnamed\fR
|
|
listens for command channel connections from
|
|
\fBrndc\fR. The default is the loopback
|
|
address 127.0.0.1.
|
|
.TP
|
|
\fB-t \fIchrootdir\fB\fR
|
|
Used with the \fB-a\fR option to specify
|
|
a directory where \fBnamed\fR will run
|
|
chrooted. An additional copy of the \fIrndc.key\fR
|
|
will be written relative to this directory so that
|
|
it will be found by the chrooted \fBnamed\fR.
|
|
.TP
|
|
\fB-u \fIuser\fB\fR
|
|
Used with the \fB-a\fR option to set the owner
|
|
of the \fIrndc.key\fR file generated. If
|
|
\fB-t\fR is also specified only the file in
|
|
the chroot area has its owner changed.
|
|
.SH "EXAMPLES"
|
|
.PP
|
|
To allow \fBrndc\fR to be used with
|
|
no manual configuration, run
|
|
.PP
|
|
\fBrndc-confgen -a\fR
|
|
.PP
|
|
To print a sample \fIrndc.conf\fR file and
|
|
corresponding \fBcontrols\fR and \fBkey\fR
|
|
statements to be manually inserted into \fInamed.conf\fR,
|
|
run
|
|
.PP
|
|
\fBrndc-confgen\fR
|
|
.SH "SEE ALSO"
|
|
.PP
|
|
\fBrndc\fR(8),
|
|
\fBrndc.conf\fR(5),
|
|
\fBnamed\fR(8),
|
|
\fIBIND 9 Administrator Reference Manual\fR.
|
|
.SH "AUTHOR"
|
|
.PP
|
|
Internet Systems Consortium
|