4.6. rndc-confgen --- rndc(1) key generator

4.6.1. Synopsis

rndc-confgen [-a] [-A <algorithm>] [-b <key-size>] [-c <key-file>] [-h] [-k <key-name>] [-p <port>] [-s <address>] [-t <chroot-dir>] [-u <user>]

rndc-confgen [-h | -V]

4.6.2. Description

rndc-confgen generates configuration files for rndc(1). It can be used as a convenient alternative to writing the rndc.conf file and the corresponding controls and key configuration statements of named(8) by hand. Alternatively, it can be run with the -a option to set up a rndc.key file and avoid the need for a rndc.conf file and a controls statement altogether.

4.6.3. Options

-a

Do automatic rndc configuration. This creates a file /etc/loop/rndc.key that is read by both rndc(1) and named(8) on startup. The /etc/loop/rndc.key file defines a default command channel and authentication key allowing rndc(1) to communicate with named(8) on the local host with no further configuration.

If a more elaborate configuration than that generated by the -a option is required, for example if rndc(1) is to be used remotely, you should run rndc-confgen without the -a option and set up a rndc.conf and named.conf as directed.

-A <algorithm>

Specifies the algorithm to use for the rndc key. Available choices are hmac-sha256 and hmac-sha512. The default is hmac-sha256.

-b <key-size>

Specifies the size of the authentication key in bits. It must be between 1 and 512 bits. The default is the hash size.

-c <key-file>

Used with the -a option to specify an alternate location for rndc.key.

-h

Print program usage information and exit.

-k <key-name>

Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is rndc-key.

-p <port>

Specifies the command channel port where named(8) listens for connections from rndc(1). The default is 953.

-s <address>

Specifies the IP address where named(8) listens for command channel connections from rndc(1). The default is the loopback address 127.0.0.1.

-t <chroot-dir>

Used with the -a option to specify a directory where named(8) will run chroot(2)ed. An additional copy of the rndc.key will be written relative to this directory so that it will be found by the chroot(2)ed named(8) process.

-u <user>

Used with the -a option to set the owner of the rndc.key file generated. If -t is also specified only the file in the chroot(2) area has its owner changed.

-v

Enable verbose logging.

-V

Print program version and exit.

4.6.4. Examples

To allow rndc(1) to be used with no manual configuration, run:

$ rndc-confgen -a

To print a sample rndc.conf file and corresponding controls and key statements to be manually inserted into named.conf(5), run:

$ rndc-confgen

4.6.5. See also

rndc(1), rndc.conf(5), named(8)

4.6.6. Copyright

Copyright (C) 2024 Banu Systems Private Limited. All rights reserved.

Copyright (c) 2001, 2003-2005, 2007, 2009, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC").