HP-UX Reference (11i v2 03/08) - 1 User Commands N-Z (vol 2)
r
rndc-confgen(1) rndc-confgen(1)
NAME
rndc-confgen - rndc key generation tool
SYNOPSIS
rndc-confgen [-a][-b keysize][
-c keyfile][-h][-k keyname][-p port][
-r randomfile]
[
-s address][-t chrootdir ][
-u user]
DESCRIPTION
rndc-confgen can be used to generate rndc.conf, the configuration file for
rndc. Alternatively, it
can be run with the
-a option to set up a
rndc.key file and avoid the need for a rndc.conf file and a
controls statement altogether.
Options
-a This option is used to configure
rndc automatically. This creates a file
rndc.key in
/etc (or whatever sysconfdir was specified when BIND was built) that is read by
both rndc and named on startup. The rndc.key
file defines a default command chan-
nel and authentication key allowing rndc to communicate with named with no further
configuration. Running
rndc-confgen -a allows BIND 9 and
rndc to be used as
drop-in replacements for BIND 8 and
ndc
, with no changes to the existing BIND 8
named.conf file.
-b keysize
This option is used to specify the size of the authentication key in bits. The value must
range between 1 and 512 bits. Default is 128 bits.
-c keyfile
This option is used with the -a option to specify an alternate location for rndc.key.
-h This option is used to print a short summary of the options and arguments to
rndc-
confgen
.
-k keyname
This option is used to specify the key name of the rndc authentication key. This must
be a valid domain name. Default is rndc-key.
-p port This option is used to specify the command channel port where named listens for connec-
tions from rndc. Default is 953.
-r randomfile
This option is used to specify a source file of random data for generating the authoriza-
tion. If the operating system does not provide a /dev/random or equivalent device, the
default source of randomness is keyboard input. randomdev specifies the name of a char-
acter device or a file containing random data to be used instead of the default. The spe-
cial value keyboard indicates that keyboard input needs to be used.
-s address
This option is used to specify the IP address where named listens for command channel
connections from rndc. Default is the loopback address 127.0.0.1.
-t chrootdir
This option is used with the -a option to specify a directory where named will run
chrooted. An additional copy of the rndc.key will be written relative to this direc-
tory so that it will be found by the chrooted named.
-u user This option is used with the -a option to set the owner of the rndc.key file generated.
If -t is also specified, only the file in the chroot area has its owner changed.
EXAMPLES
To allow
rndc to be used with no manual configuration, run:
rndc-confgen -a
To print a sample rndc.conf file and corresponding controls and key statements to be manually
inserted into named.conf, run:
rndc-confgen
HP-UX 11i Version 2: August 2003 − 1 − Hewlett-Packard Company Section 1−−763