diff options
Diffstat (limited to 'contrib/bind9/bin/rndc/rndc-confgen.8')
-rw-r--r-- | contrib/bind9/bin/rndc/rndc-confgen.8 | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/contrib/bind9/bin/rndc/rndc-confgen.8 b/contrib/bind9/bin/rndc/rndc-confgen.8 new file mode 100644 index 000000000000..b12e90cc569e --- /dev/null +++ b/contrib/bind9/bin/rndc/rndc-confgen.8 @@ -0,0 +1,140 @@ +.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2001-2003 Internet Software Consortium. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. +.\" +.\" $Id: rndc-confgen.8,v 1.3.2.5.2.3 2004/06/03 05:35:48 marka Exp $ +.\" +.TH "RNDC-CONFGEN" "8" "Aug 27, 2001" "BIND9" "" +.SH NAME +rndc-confgen \- rndc key generation tool +.SH SYNOPSIS +.sp +\fBrndc-confgen\fR [ \fB-a\fR ] [ \fB-b \fIkeysize\fB\fR ] [ \fB-c \fIkeyfile\fB\fR ] [ \fB-h\fR ] [ \fB-k \fIkeyname\fB\fR ] [ \fB-p \fIport\fB\fR ] [ \fB-r \fIrandomfile\fB\fR ] [ \fB-s \fIaddress\fB\fR ] [ \fB-t \fIchrootdir\fB\fR ] [ \fB-u \fIuser\fB\fR ] +.SH "DESCRIPTION" +.PP +\fBrndc-confgen\fR generates configuration files +for \fBrndc\fR. It can be used as a +convenient alternative to writing the +\fIrndc.conf\fR file +and the corresponding \fBcontrols\fR +and \fBkey\fR +statements in \fInamed.conf\fR by hand. +Alternatively, it can be run with the \fB-a\fR +option to set up a \fIrndc.key\fR file and +avoid the need for a \fIrndc.conf\fR file +and a \fBcontrols\fR statement altogether. +.SH "OPTIONS" +.TP +\fB-a\fR +Do automatic \fBrndc\fR configuration. +This creates a file \fIrndc.key\fR +in \fI/etc\fR (or whatever +sysconfdir +was specified as when BIND was built) +that is read by both \fBrndc\fR +and \fBnamed\fR on startup. The +\fIrndc.key\fR file defines a default +command channel and authentication key allowing +\fBrndc\fR to communicate with +\fBnamed\fR on the local host +with no further configuration. + +Running \fBrndc-confgen -a\fR allows +BIND 9 and \fBrndc\fR to be used as drop-in +replacements for BIND 8 and \fBndc\fR, +with no changes to the existing BIND 8 +\fInamed.conf\fR file. + +If a more elaborate configuration than that +generated by \fBrndc-confgen -a\fR +is required, for example if rndc is to be used remotely, +you should run \fBrndc-confgen\fR without the +\fB-a\fR option and set up a +\fIrndc.conf\fR and +\fInamed.conf\fR +as directed. +.TP +\fB-b \fIkeysize\fB\fR +Specifies the size of the authentication key in bits. +Must be between 1 and 512 bits; the default is 128. +.TP +\fB-c \fIkeyfile\fB\fR +Used with the \fB-a\fR option to specify +an alternate location for \fIrndc.key\fR. +.TP +\fB-h\fR +Prints a short summary of the options and arguments to +\fBrndc-confgen\fR. +.TP +\fB-k \fIkeyname\fB\fR +Specifies the key name of the rndc authentication key. +This must be a valid domain name. +The default is rndc-key. +.TP +\fB-p \fIport\fB\fR +Specifies the command channel port where \fBnamed\fR +listens for connections from \fBrndc\fR. +The default is 953. +.TP +\fB-r \fIrandomfile\fB\fR +Specifies a source of random data for generating the +authorization. If the operating +system does not provide a \fI/dev/random\fR +or equivalent device, the default source of randomness +is keyboard input. \fIrandomdev\fR specifies +the name of a character device or file containing random +data to be used instead of the default. The special value +\fIkeyboard\fR indicates that keyboard +input should be used. +.TP +\fB-s \fIaddress\fB\fR +Specifies the IP address where \fBnamed\fR +listens for command channel connections from +\fBrndc\fR. The default is the loopback +address 127.0.0.1. +.TP +\fB-t \fIchrootdir\fB\fR +Used with the \fB-a\fR option to specify +a directory where \fBnamed\fR will run +chrooted. An additional copy of the \fIrndc.key\fR +will be written relative to this directory so that +it will be found by the chrooted \fBnamed\fR. +.TP +\fB-u \fIuser\fB\fR +Used with the \fB-a\fR option to set the owner +of the \fIrndc.key\fR file generated. If +\fB-t\fR is also specified only the file in +the chroot area has its owner changed. +.SH "EXAMPLES" +.PP +To allow \fBrndc\fR to be used with +no manual configuration, run +.PP +\fBrndc-confgen -a\fR +.PP +To print a sample \fIrndc.conf\fR file and +corresponding \fBcontrols\fR and \fBkey\fR +statements to be manually inserted into \fInamed.conf\fR, +run +.PP +\fBrndc-confgen\fR +.SH "SEE ALSO" +.PP +\fBrndc\fR(8), +\fBrndc.conf\fR(5), +\fBnamed\fR(8), +\fIBIND 9 Administrator Reference Manual\fR. +.SH "AUTHOR" +.PP +Internet Systems Consortium |