rndc-confgen Command

Edit online

Purpose

Generates configuration files for the rndc command.

Syntax

rndc-confgen [ -a ] [ -A algorithm] [ -b keysize ] [ -c keyfile ] [ -h ] [ -k keyname ] [ -p port ] [ -q ] [ -s address] [ -t chrootdir] [ -u user]

Description

The rndc-confgen command generates configuration files for the rndc command. You can use this command as an alternative to manually writing the rndc.conf file, the corresponding controls, and key statements in the named.conf command. You can run the rndc-confgen command with the -a flag to set up a rndc.key file to avoid the need for a rndc.conf file and a control statement.

Flags

Item Description
-a Performs automatic rndc command configuration. This creates a file rndc.key in /etc directory (or whatever sysconfdir directory was specified as when BIND was built) read by both the rndc command and the named daemon on startup. The rndc.key file defines a default command channel and authentication key that allows the rndc command to communicate with the named daemon on the local host with no further configuration.
-A algorithm Specifies an algorithm that must be used for the transaction signatures (TSIG) key. You can specify any of the following values:
  • hmac-md5
  • hmac-sha1
  • hmac-sha224
  • hmac-sha256
  • hmac-sha384
  • hmac-sha512
The default value is hmac-sha256.
-b keysize Specifies the size of the authentication key in bits. The range for the value of the keysize is 1-512.
-c keyfile Used with the -a flag to specify an alternative location for the rndc.key file name.
-h Prints a short summary of the options and arguments of the rndc-confgen command.
-k keyname Specifies the key name of the rndc command authentication key. The name must be a valid domain name. The default is the rndc-key file.
-p port Specifies the command channel port where the named daemon listens for connections from rndc command authentication key. The default is 953.
-q Prevets printing the written path in automatic configuration mode.
-s address Specifies the IP address where the named daemon listens for command channel connections from rndc command authentication key. The default is the loopback address 127.0.0.1.
-t chrootdir Used with the -a flag to specify a directory where the named daemon runs chrooted. An extra copy of the rndc.key file is written relative to this directory that is found by the chrooted named daemon.
-u user Used with the -a flag to set the owner of the rndc.key file generated. If the -t flag is also specified, only the file in the chroot area has its owner changed.

Examples

  1. To use the rndc command with no manual configuration, enter the following command: 
    rndc-confgen -a
  2. To print a sample rndc.conf file and have corresponding controls and key statements to be manually inserted into the named.conf file, enter the following command: 
    rndc-confgen