HP-UX Reference (11i v3 07/02) - 1 User Commands N-Z (vol 2)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

201

202

203

204

205

206

207

208

209

210

rndc-confgen(1) rndc-confgen(1)

(BIND 9.3)

NAME

rndc-confgen - rndc key generation tool

SYNOPSIS

rndc-confgen [-ah][-b

keysize][-c keyﬁle][-k keyname][-p

port][-r randomﬁle]

[

-s address][-t

chrootdir][-u user]

DESCRIPTION

rndc-confgen generates /etc/rndc.conf

, the conﬁguration ﬁle for

rndc. Alternatively, it can be

run with the

-a option to set up a

rndc.key ﬁle and avoid the need for a rndc.conf ﬁle and a

con-

trols

statement in a named.conf ﬁle altogether.

Options

-a Conﬁgure rndc automatically. This creates the ﬁle

/etc/rndc.key that is read by both

rndc and named on startup. The rndc.key

ﬁle deﬁnes a default command channel and

authentication key allowing

rndc to communicate with named with no further conﬁguration.

Running

rndc-confgen -a allows BIND 9 and

rndc to be used as drop-in replacements for

BIND 8 and

ndc, with no changes to the existing BIND 8 named.conf ﬁle.

-b keysize

Specify the size of the authentication key in bits. The value must range from 1 to 512. The

default is 128.

-c keyfile

Use with the -a option to specify an alternate name for the rndc.key ﬁle.

-h Print a short summary of the options.

-k keyname

Specify the key name of the rndc authentication key in

rndc.conf. The default is rndc-

key

-p port Specify the command channel port where named listens for connections from rndc. The

default is 953.

-r randomfile

Specify a source ﬁle of random data for generating the authorization. randomﬁle is the name of

a character device ﬁle or a ﬁle containing random data. The default is

/dev/random

-r is not speciﬁed and /dev/random cannot be found or -r is speciﬁed and randomﬁle can-

not be found, the keyboard is used as the source of randomness. The special randomﬁle value

keyboard speciﬁes keyboard input.

-s address

Specify the IP address where named listens for command channel connections from rndc. The

default is the loopback address 127.0.0.1.

-t chrootdir

Use with the -a option to specify a directory where named will run chrooted (see chroot(2)). An

additional copy of the

rndc.key will be written relative to this directory so that it will be found

by the chrooted named.

-u user Use with the -a option to set the owner of the generated rndc.key ﬁle. If -t is also speciﬁed,

only the ﬁle in the chroot area has its owner changed.

EXAMPLES

Example 1

To create a rndc.key ﬁle, thus allowing rndc to be used with no manual conﬁguration, run:

$ rndc-confgen -a

Example 2

To print a sample rndc.conf ﬁle, with corresponding controls and key statements to be manually

inserted into named.conf , run:

$ rndc-confgen

HP-UX 11i Version 3: February 2007 − 1 − Hewlett-Packard Company 207