MAN page from Trustix bind-utils-9.2.2-9tr.i586.rpm
Updated: Aug 27, 2001Index
rndc-confgen - rndc key generation tool
rndc-confgen [ -a ] [ -b keysize ] [ -c keyfile ] [ -h ] [ -k keyname ] [ -p port ] [ -r randomfile ] [ -s address ] [ -t chrootdir ] [ -u user ]
rndc-confgen generates configuration filesfor rndc. It can be used as aconvenient alternative to writing therndc.conf fileand the corresponding controlsand keystatements in named.conf by hand.Alternatively, it can be run with the -aoption to set up a rndc.key file andavoid the need for a rndc.conf fileand a controls statement altogether.
- Do automatic rndc configuration.This creates a file rndc.keyin /etc (or whateversysconfdirwas specified as when BIND was built)that is read by both rndcand named on startup. Therndc.key file defines a defaultcommand channel and authentication key allowingrndc to communicate withnamed with no further configuration.
Running rndc-confgen -a allowsBIND 9 and rndc to be used as drop-inreplacements for BIND 8 and ndc,with no changes to the existing BIND 8named.conf file.
- -b keysize
- Specifies the size of the authentication key in bits.Must be between 1 and 512 bits; the default is 128.
- -c keyfile
- Used with the -a option to specifyan alternate location for rndc.key.
- Prints a short summary of the options and arguments torndc-confgen.
- -k keyname
- Specifies the key name of the rndc authentication key.This must be a valid domain name.The default is rndc-key.
- -p port
- Specifies the command channel port where namedlistens for connections from rndc.The default is 953.
- -r randomfile
- Specifies a source of random data for generating theauthorization. If the operatingsystem does not provide a /dev/randomor equivalent device, the default source of randomnessis keyboard input. randomdev specifiesthe name of a character device or file containing randomdata to be used instead of the default. The special valuekeyboard indicates that keyboardinput should be used.
- -s address
- Specifies the IP address where namedlistens for command channel connections fromrndc. The default is the loopbackaddress 127.0.0.1.
- -t chrootdir
- Used with the -a option to specifya directory where named will runchrooted. An additional copy of the rndc.keywill be written relative to this directory so thatit will be found by the chrooted named.
- -u user
- Used with the -a option to set the ownerof the rndc.key file generated. If-t is also specified only the file inthe chroot area has its owner changed.
To allow rndc to be used withno manual configuration, run
To print a sample rndc.conf file andcorresponding controls and keystatements to be manually inserted into named.conf,run
rndc(8),rndc.conf(5),named(8),BIND 9 Administrator Reference Manual.
Internet Software Consortium
- SEE ALSO
This document was created byman2html,using the manual pages.