RNDC-CONFGEN(8) BIND 9 RNDC-CONFGEN(8)
NAME
rndc-confgen - rndc key generation tool
SYNOPSIS
rndc-confgen [
-a] [
-A algorithm] [
-b keysize] [
-c keyfile] [
-h] [
-k keyname] [
-p port] [
-s address] [
-t chrootdir] [
-u user]
DESCRIPTION
rndc-confgen generates configuration files for
rndc. It can be used
as a convenient alternative to writing the
rndc.conf file and the
corresponding
controls and
key statements in
named.conf by hand.
Alternatively, it can be run with the
-a option to set up a
rndc.key file and avoid the need for a
rndc.conf file and a
controls statement
altogether.
OPTIONS
-a This option sets automatic
rndc configuration, which creates a
file
/etc/rndc.key that is read by both
rndc and
named on
startup. The
rndc.key file defines a default command channel
and authentication key allowing
rndc to communicate with
named on the local host with no further configuration.
If a more elaborate configuration than that generated by
rndc-confgen -a is required, for example if rndc is to be used
remotely, run
rndc-confgen without the
-a option and set up
rndc.conf and
named.conf as directed.
-A algorithm This option specifies the algorithm to use for the TSIG key.
Available choices are: hmac-md5, hmac-sha1, hmac-sha224,
hmac-sha256, hmac-sha384, and hmac-sha512. The default is
hmac-sha256.
-b keysize This option specifies the size of the authentication key in
bits. The size must be between 1 and 512 bits; the default is
the hash size.
-c keyfile This option is used with the
-a option to specify an alternate
location for
rndc.key.
-h This option prints a short summary of the options and
arguments to
rndc-confgen.
-k keyname This option specifies the key name of the
rndc authentication
key. This must be a valid domain name. The default is
rndc-key.
-p port This option specifies the command channel port where
named listens for connections from
rndc. The default is 953.
-q This option prevets printing the written path in automatic
configuration mode.
-s address This option specifies the IP address where
named listens for
command-channel connections from
rndc. The default is the
loopback address 127.0.0.1.
-t chrootdir This option is used with the
-a option to specify a directory
where
named runs chrooted. An additional copy of the
rndc.key is written relative to this directory, so that it is found by
the chrooted
named.
-u user This option is used with the
-a option to set the owner of the
generated
rndc.key file. If
-t is also specified, only the
file in the chroot area has its owner changed.
EXAMPLES
To allow
rndc to be used with no manual configuration, run:
rndc-confgen -a To print a sample
rndc.conf file and the corresponding
controls and
key statements to be manually inserted into
named.conf, run:
rndc-confgenSEE ALSO
rndc(8),
rndc.conf(5),
named(8), BIND 9 Administrator Reference
Manual.
AUTHOR
Internet Systems Consortium
COPYRIGHT
2025, Internet Systems Consortium
9.18.34 2025-02-11 RNDC-CONFGEN(8)
