ddns-confgen, tsig-keygen Command

Edit online

Purpose

Generates keys for transaction signing (TSIG) to secure the dynamic DNS (DDNS) updates.

Syntax

tsig-keygen [-a algorithm] [-h] [-r randomfile] [name]

ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-r randomfile] [-s name] [-z zone]

Description

The tsig-keygen and ddns-confgen are invocation methods for a utility that generates keys that can be used for TSIG signing. The resulting keys can be used to secure dynamic DNS updates to a zone or for the rndc command channel.

When you run the tsig-keygen command, you can specify a domain name that must be used as the name of the generated key. If you don’t specify a name, the default name of the generated key is tsig-key.

When you run the ddns-confgen command, the generated key included the configuration text and instructions that can be used with the nsupdate and named commands when dynamic DNS is set up, including an example update-policy statement. This usage is similar to the rndc-confgen command for setting up command-channel security.

You can run the named command to configure a local DDNS key by using the nsupdate -l command; however, you can use this command when a zone is configured with update-policy local. Run the ddns-confgen command only when a more elaborate configuration is required. For example, when the nsupdate command must be used from a remote system.

Flags

-a algorithm
Specifies an algorithm that must be used for the transaction signatures (TSIG) key. Available options are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, and hmac-sha512. The default option is hmac-sha256. Options are case-insensitive, and the hmac- prefix can be omitted.
-h
Prints a short summary of options and arguments.
-k keyname
Specifies the key name of the DDNS authentication key. When you don’t specify the -s or -z flag, the default value is ddns-key. Otherwise, the default value is ddns-key followed by the argument of the option, for example, ddns-key.example.com. The key name must have the format of a valid domain name that consists of letters, digits, hyphens, and periods.
-q (ddns_confgen only)
Enables quiet mode that prints only the key with no explanatory text or usage examples.
-s name (ddns_confgen only)
Generates a configuration example that shows dynamic updates of a single hostname. The example named.conf text shows how to set an update policy for the specified name using the name name type. The default key name is ddnskey.name. The self name type cannot be used because the name to be updated might differ from the key name. You cannot use this flag with the -z flag.
-z zone (ddns_confgen only)
Generates a configuration example that shows dynamic updates of a zone. The example named.conf text shows how to set an update policy for the specified zone by using the zonesub name type. You can also update subdomain names within that zone. You cannot use this flag with the -z flag.