rndc-confgen.1 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

rndc-confgen(1) rndc-confgen(1)

(BIND 9.3)

NAME

rndc-confgen - rndc key generation tool

SYNOPSIS

rndc-confgen [-ah][-b

keysize ][-c keyﬁle ][-k keyname ][-p

port ][-r randomﬁle]

[

-s address ][-t

chrootdir ][-u user ]

DESCRIPTION

rndc-confgen generates /etc/rndc.conf

, the conﬁguration ﬁle for rndc

. Alternatively, it can be

run with the

-a option to set up a

rndc.key ﬁle and avoid the need for a rndc.conf ﬁle and a con-

trols statement in a named.conf ﬁle altogether.

Options

-a Conﬁgure rndc automatically. This creates the ﬁle

/etc/rndc.key that is read by both

rndc and named on startup. The rndc.key ﬁle deﬁnes a default command channel and

authentication key allowing

rndc to communicate with named with no further conﬁguration.

Running

rndc-confgen -a allows BIND 9 and rndc

to be used as drop-in replacements

for BIND 8 and

ndc, with no changes to the existing BIND 8

named.conf ﬁle.

-b keysize

Specify the size of the authentication key in bits. The value must range from 1 to 512. The

default is 128.

-c keyfile

Use with the -a option to specify an alternate name for the rndc.key ﬁle.

-h Print a short summary of the options.

-k keyname

Specify the key name of the rndc authentication key in

rndc.conf. The default is rndc-

key.

-p port Specify the command channel port where named listens for connections from rndc. The

default is 953.

-r randomfile

Specify a source ﬁle of random data for generating the authorization. randomﬁle is the name

of a character device ﬁle or a ﬁle containing random data. The default is

/dev/random

-r is not speciﬁed and /dev/random cannot be found or -r

is speciﬁed and randomﬁle

cannot be found, the keyboard is used as the source of randomness. The special randomﬁle

value

keyboard speciﬁes keyboard input.

-s address

Specify the IP address where named listens for command channel connections from rndc.

The default is the loopback address 127.0.0.1.

-t chrootdir

Use with the -a option to specify a directory where named will run chrooted (see chroot (2)).

An additional copy of the rndc.key will be written relative to this directory so that it will be

found by the chrooted named.

-u user Use with the -a option to set the owner of the generated rndc.key ﬁle. If -t is also

speciﬁed, only the ﬁle in the chroot area has its owner changed.

EXAMPLES

Example 1

To create a

rndc.key ﬁle, thus allowing rndc to be used with no manual conﬁguration, run:

$ rndc-confgen -a

Example 2

To print a sample rndc.conf ﬁle, with corresponding controls and key statements to be manually

inserted into named.conf, run:

$ rndc-confgen

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
rndc-confgen(1) rndc-confgen(1) (BIND 9.3) NAME rndc-confgen - rndc key generation tool SYNOPSIS rndc-confgen [-ah] [-b keysize ] [-c keyfile ] [-k keyname ] [-p port ] [-r randomfile ] [-s address ] [-t chrootdir ] [-u user ] DESCRIPTION rndc-confgen generates /etc/rndc.conf, the configuration file for rndc. Alternatively, it can be run with the -a option to set up a rndc.key file and avoid the need for a rndc.conf file and a controls statement in a named.conf file altogether.
PAGE 2
rndc-confgen(1) rndc-confgen(1) (BIND 9.3) AUTHOR rndc-confgen was developed by the Internet Systems Consortium (ISC). FILES /dev/random Default system random data source. /etc/named.conf Default named configuration file. /etc/rndc.conf Default rndc configuration file. /etc/rndc.key Default alternate rndc configuration file. SEE ALSO rndc(1), named(1M), chroot(2), rndc.conf(4). HP-UX IP Address and Client Management Administrator’s Guide , available online at http://www.hp.