Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

tsig-keygen(8) [mojave man page]

DDNS-CONFGEN(8) 						       BIND9							   DDNS-CONFGEN(8)

NAME

       ddns-confgen - ddns key generation tool

SYNOPSIS

       tsig-keygen [-a algorithm] [-h] [-r randomfile] [name]

       ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-r randomfile] [-s name | -z zone]

DESCRIPTION

       tsig-keygen and ddns-confgen are invocation methods for a utility that generates keys for use in TSIG signing. The resulting keys can be
       used, for example, to secure dynamic DNS updates to a zone or for the rndc command channel.

       When run as tsig-keygen, a domain name can be specified on the command line which will be used as the name of the generated key. If no name
       is specified, the default is tsig-key.

       When run as ddns-confgen, the generated key is accompanied by configuration text and instructions that can be used with nsupdate and named
       when setting up dynamic DNS, including an example update-policy statement. (This usage similar to the rndc-confgen command for setting up
       command channel security.)

       Note that named itself can configure a local DDNS key for use with nsupdate -l: it does this when a zone is configured with update-policy
       local;.	ddns-confgen is only needed when a more elaborate configuration is required: for instance, if nsupdate is to be used from a remote
       system.

OPTIONS

       -a algorithm
	   Specifies the algorithm to use for the TSIG key. Available choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and
	   hmac-sha512. The default is hmac-sha256. Options are case-insensitive, and the "hmac-" prefix may be omitted.

       -h
	   Prints a short summary of options and arguments.

       -k keyname
	   Specifies the key name of the DDNS authentication key. The default is ddns-key when neither the -s nor -z option is specified;
	   otherwise, the default is ddns-key as a separate label followed by the argument of the option, e.g., ddns-key.example.com.  The key
	   name must have the format of a valid domain name, consisting of letters, digits, hyphens and periods.

       -q
	   (ddns-confgen only.) Quiet mode: Print only the key, with no explanatory text or usage examples; This is essentially identical to
	   tsig-keygen.

       -r randomfile
	   Specifies a source of random data for generating the authorization. If the operating system does not provide a /dev/random or
	   equivalent device, the default source of randomness is keyboard input.  randomdev specifies the name of a character device or file
	   containing random data to be used instead of the default. The special value keyboard indicates that keyboard input should be used.

       -s name
	   (ddns-confgen only.) Generate configuration example to allow dynamic updates of a single hostname. The example named.conf text shows
	   how to set an update policy for the specified name using the "name" nametype. The default key name is ddns-key.name. Note that the
	   "self" nametype cannot be used, since the name to be updated may differ from the key name. This option cannot be used with the -z
	   option.

       -z zone
	   (ddns-confgen only.) Generate configuration example to allow dynamic updates of a zone: The example named.conf text shows how to set an
	   update policy for the specified zone using the "zonesub" nametype, allowing updates to all subdomain names within that zone. This
	   option cannot be used with the -s option.

SEE ALSO

       nsupdate(1), named.conf(5), named(8), BIND 9 Administrator Reference Manual.

AUTHOR

       Internet Systems Consortium, Inc.

COPYRIGHT

       Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")

ISC
								    2014-03-06							   DDNS-CONFGEN(8)

Check Out this Related Man Page

RNDC-CONFGEN(8) 						       BIND9							   RNDC-CONFGEN(8)

NAME

       rndc-confgen - rndc key generation tool

SYNOPSIS

       rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

DESCRIPTION

       rndc-confgen generates configuration files for rndc. It can be used as a convenient alternative to writing the rndc.conf file and the
       corresponding controls and key statements in named.conf by hand. Alternatively, it can be run with the -a option to set up a rndc.key file
       and avoid the need for a rndc.conf file and a controls statement altogether.

OPTIONS

       -a
	   Do automatic rndc configuration. This creates a file rndc.key in /etc (or whatever sysconfdir was specified as when BIND was built)
	   that is read by both rndc and named on startup. The rndc.key file defines a default command channel and authentication key allowing
	   rndc to communicate with named on the local host with no further configuration.

	   Running rndc-confgen -a allows BIND 9 and rndc to be used as drop-in replacements for BIND 8 and ndc, with no changes to the existing
	   BIND 8 named.conf file.

	   If a more elaborate configuration than that generated by rndc-confgen -a is required, for example if rndc is to be used remotely, you
	   should run rndc-confgen without the -a option and set up a rndc.conf and named.conf as directed.

       -b keysize
	   Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.

       -c keyfile
	   Used with the -a option to specify an alternate location for rndc.key.

       -h
	   Prints a short summary of the options and arguments to rndc-confgen.

       -k keyname
	   Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is rndc-key.

       -p port
	   Specifies the command channel port where named listens for connections from rndc. The default is 953.

       -r randomfile
	   Specifies a source of random data for generating the authorization. If the operating system does not provide a /dev/random or
	   equivalent device, the default source of randomness is keyboard input.  randomdev specifies the name of a character device or file
	   containing random data to be used instead of the default. The special value keyboard indicates that keyboard input should be used.

       -s address
	   Specifies the IP address where named listens for command channel connections from rndc. The default is the loopback address 127.0.0.1.

       -t chrootdir
	   Used with the -a option to specify a directory where named will run chrooted. An additional copy of the rndc.key will be written
	   relative to this directory so that it will be found by the chrooted named.

       -u user
	   Used with the -a option to set the owner of the rndc.key file generated. If -t is also specified only the file in the chroot area has
	   its owner changed.

EXAMPLES

       To allow rndc to be used with no manual configuration, run

       rndc-confgen -a

       To print a sample rndc.conf file and corresponding controls and key statements to be manually inserted into named.conf, run

       rndc-confgen

SEE ALSO

       rndc(8), rndc.conf(5), named(8), BIND 9 Administrator Reference Manual.

AUTHOR

       Internet Systems Consortium

COPYRIGHT

       Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
       Copyright (C) 2001, 2003 Internet Software Consortium.

BIND9								   Aug 27, 2001 						   RNDC-CONFGEN(8)
Man Page