HP-UX Reference (11i v2 07/12) - 1 User Commands N-Z (vol 2)
r
rndc-confgen(1) rndc-confgen(1)
NAME
rndc-confgen - rndc key generation tool
SYNOPSIS
rndc-confgen [-a][-b keysize][
-c keyfile][-h][-k keyname][-p port][
-r randomfile]
[
-s address][-t chrootdir][
-u user]
DESCRIPTION
rndc-confgen can be used to generate rndc.conf, the configuration file for
rndc. Alternatively, it
can be run with the
-a option to set up a
rndc.key file and avoid the need for a rndc.conf file and a
controls statement altogether.
Options
-a This option is used to configure
rndc automatically. This creates a file
rndc.key in
/etc (or whatever sysconfdir was specified when BIND was built) that is read by both
rndc and named on startup. The rndc.key
file defines a default command channel and
authentication key allowing
rndc to communicate with named with no further
configuration. Running
rndc-confgen -a allows BIND 9 and rndc to be used as
drop-in replacements for BIND 8 and ndc, with no changes to the existing BIND 8
named.conf file.
-b keysize
This option is used to specify the size of the authentication key in bits. The value must
range between 1 and 512 bits. Default is 128 bits.
-c keyfile
This option is used with the -a option to specify an alternate location for rndc.key
.
-h This option is used to print a short summary of the options and arguments to rndc-
confgen
.
-k keyname
This option is used to specify the key name of the rndc authentication key. This must be
a valid domain name. Default is rndc-key.
-p port This option is used to specify the command channel port where named listens for connec-
tions from
rndc. Default is 953.
-r randomfile
This option is used to specify a source file of random data for generating the authorization.
If the operating system does not provide a /dev/random or equivalent device, the
default source of randomness is keyboard input. randomdev specifies the name of a charac-
ter device or a file containing random data to be used instead of the default. The special
value keyboard indicates that keyboard input needs to be used.
-s address
This option is used to specify the IP address where named listens for command channel
connections from rndc. Default is the loopback address 127.0.0.1.
-t chrootdir
This option is used with the -a option to specify a directory where named will run
chrooted. An additional copy of the rndc.key will be written relative to this directory
so that it will be found by the chrooted named.
-u user This option is used with the -a option to set the owner of the rndc.key file generated. If
-t is also specified, only the file in the chroot area has its owner changed.
EXAMPLES
To allow rndc to be used with no manual configuration, run:
rndc-confgen -a
To print a sample rndc.conf file and corresponding controls and key statements to be manually
inserted into named.conf , run:
rndc-confgen
HP-UX 11i Version 2: December 2007 Update − 1 − Hewlett-Packard Company 229