rndc-confgen(1M) System Administration Commands rndc-confgen(1M)NAMErndc-confgen - rndc key generation tool
SYNOPSISrndc-confgen [-ah] [-b keysize] [-c keyfile] [-k keyname]
[-p port] [-r randomfile] [-s address] [-t chrootdir]
[-u user]
DESCRIPTION
The rndc-confgen utility generates configuration files for rndc(1M).
This utility can be used as a convenient alternative to writing by
hand the rndc.conf(4) file and the corresponding controls and key
statements in named.conf. It can also be run with the -a option to set
up a rndc.key file and avoid altogether the need for a rndc.conf file
and a controls statement.
OPTIONS
The following options are supported:
-a
Perform automatic rndc configuration. This option creates a file
rndc.key in /etc (or however sysconfdir was specified when BIND was
built) that is read by both rndc and named(1M) on startup. The
rndc.key file defines a default command channel and authentication
key allowing rndc to communicate with named with no further config‐
uration.
Running rndc-confgen with -a specified allows BIND 9 and rndc to be
used as drop-in replacements for BIND 8 and ndc, with no changes to
the existing BIND 8 named.conf file.
If a more elaborate configuration than that generated by rndc-conf‐
gen -a is required, for example if rndc is to be used remotely, you
should run rndc-confgen without the -a option and set up rndc.conf
and named.conf files, as directed.
-b keysize
Specify the size of the authentication key in bits. The keysize
argument must be between 1 and 512 bits; the default is 128.
-c keyfile
Used with the -a option to specify an alternate location for
rndc.key.
-h
Print a short summary of the options and arguments to rndc-confgen.
-k keyname
Specify the key name of the rndc authentication key. The keyname
argument must be a valid domain name. The default is rndc-key.
-p port
Specify the command channel port where named listens for connec‐
tions from rndc. The default is 953.
-r randomfile
Specify a source of random data for generating the authorization.
By default, /dev/random is used. The randomdev argument specifies
the name of a character device or file containing random data to be
used instead of the default. The special value keyboard indicates
that keyboard input should be used.
-s address
Specify the IP address where named listens for command channel con‐
nections from rndc. The default is the loopback address 127.0.0.1.
-t chrootdir
Used with the -a option to specify a directory where named will run
after the root directory is changed with chroot(2). An additional
copy of the rndc.key will be written relative to this directory so
that it will be found by the named in the new directory.
-u user
Used with the -a option to set the owner of the rndc.key file gen‐
erated. If -t is also specified only the file in the chroot area
has its owner changed.
EXAMPLES
Example 1 Create Automatic rndc Configuration
The following command creates an automatic rndc configuration, so that
rndc can be used immediately.
# rndc-confgen-a
Example 2 Print a Sample rndc.conf File
The following command prints a sample rndc.conf file with corresponding
controls and key statements. These statements can subsequently be manu‐
ally inserted in the file named.conf.
# rndc-confgenATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │network/dns/bind │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Volatile │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOchroot(2), named(1M), rndc(1M), rndc.conf(4), attributes(5)
See the BIND 9 Administrator's Reference Manual. As of the date of pub‐
lication of this man page, this document is available at
https://www.isc.org/software/bind/documentation.
SunOS 5.11 11 Jan 2010 rndc-confgen(1M)