ddns-confgen, tsig-keygen Command
Purpose
Generates keys for transaction signing (TSIG) to secure the dynamic DNS (DDNS) updates.
Syntax
tsig-keygen [-a algorithm] [-h] [-r randomfile] [name]
ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-r randomfile] [-s name] [-z zone]
Description
The tsig-keygen and ddns-confgen are invocation methods for
a utility that generates keys that can be used for TSIG signing. The resulting keys can be used to
secure dynamic DNS updates to a zone or for the rndc
command channel.
When you run the tsig-keygen command, you can specify a domain name that must
be used as the name of the generated key. If you don’t specify a name, the default name of the
generated key is tsig-key
.
When you run the ddns-confgen command, the generated key included the
configuration text and instructions that can be used with the nsupdate and
named commands when dynamic DNS is set up, including an example
update-policy
statement. This usage is similar to the
rndc-confgen command for setting up command-channel security.
You can run the named command to configure a local DDNS key by using the
nsupdate -l
command; however, you can use this command when a zone is configured
with update-policy local
. Run the ddns-confgen command only when
a more elaborate configuration is required. For example, when the nsupdate
command must be used from a remote system.
Flags
- -a algorithm
- Specifies an algorithm that must be used for the transaction signatures (TSIG) key. Available
options are:
hmac-md5
,hmac-sha1
,hmac-sha224
,hmac-sha256
,hmac-sha384
, andhmac-sha512
. The default option ishmac-sha256
. Options are case-insensitive, and thehmac-
prefix can be omitted. - -h
- Prints a short summary of options and arguments.
- -k keyname
- Specifies the key name of the DDNS authentication key. When you don’t specify the
-s or -z flag, the default value is
ddns-key
. Otherwise, the default value isddns-key
followed by the argument of the option, for example,ddns-key.example.com
. The key name must have the format of a valid domain name that consists of letters, digits, hyphens, and periods. - -q (ddns_confgen only)
- Enables quiet mode that prints only the key with no explanatory text or usage examples.
- -s name (ddns_confgen only)
- Generates a configuration example that shows dynamic updates of a single hostname. The example
named.conf
text shows how to set an update policy for the specified name using thename
name type. The default key name isddnskey.name
. Theself
name type cannot be used because the name to be updated might differ from the key name. You cannot use this flag with the -z flag. - -z zone (ddns_confgen only)
- Generates a configuration example that shows dynamic updates of a zone. The example
named.conf
text shows how to set an update policy for the specified zone by using thezonesub
name type. You can also update subdomain names within that zone. You cannot use this flag with the -z flag.