Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
ISC Open Source Projects
BIND
Commits
16fde7f0
Commit
16fde7f0
authored
Dec 07, 2016
by
Tinderbox User
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
regen master
parent
1b8ce3b3
Changes
110
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
75 changed files
with
12620 additions
and
6287 deletions
+12620
-6287
bin/check/named-checkconf.html
bin/check/named-checkconf.html
+86
-38
bin/check/named-checkzone.html
bin/check/named-checkzone.html
+213
-80
bin/confgen/ddns-confgen.html
bin/confgen/ddns-confgen.html
+93
-34
bin/confgen/rndc-confgen.html
bin/confgen/rndc-confgen.html
+107
-46
bin/delv/delv.html
bin/delv/delv.html
+236
-112
bin/dig/dig.html
bin/dig/dig.html
+442
-218
bin/dig/host.html
bin/dig/host.html
+142
-65
bin/dig/nslookup.html
bin/dig/nslookup.html
+179
-100
bin/dnssec/dnssec-dsfromkey.html
bin/dnssec/dnssec-dsfromkey.html
+144
-60
bin/dnssec/dnssec-importkey.html
bin/dnssec/dnssec-importkey.html
+116
-45
bin/dnssec/dnssec-keyfromlabel.html
bin/dnssec/dnssec-keyfromlabel.html
+205
-96
bin/dnssec/dnssec-keygen.html
bin/dnssec/dnssec-keygen.html
+231
-109
bin/dnssec/dnssec-revoke.html
bin/dnssec/dnssec-revoke.html
+76
-31
bin/dnssec/dnssec-settime.html
bin/dnssec/dnssec-settime.html
+142
-64
bin/dnssec/dnssec-signzone.html
bin/dnssec/dnssec-signzone.html
+280
-131
bin/dnssec/dnssec-verify.html
bin/dnssec/dnssec-verify.html
+81
-35
bin/named/lwresd.html
bin/named/lwresd.html
+146
-64
bin/named/named.conf.html
bin/named/named.conf.html
+105
-55
bin/named/named.html
bin/named/named.html
+212
-100
bin/nsupdate/nsupdate.html
bin/nsupdate/nsupdate.html
+271
-129
bin/pkcs11/pkcs11-destroy.html
bin/pkcs11/pkcs11-destroy.html
+76
-30
bin/pkcs11/pkcs11-keygen.html
bin/pkcs11/pkcs11-keygen.html
+97
-38
bin/pkcs11/pkcs11-list.html
bin/pkcs11/pkcs11-list.html
+73
-29
bin/pkcs11/pkcs11-tokens.html
bin/pkcs11/pkcs11-tokens.html
+53
-21
bin/python/dnssec-checkds.html
bin/python/dnssec-checkds.html
+72
-25
bin/python/dnssec-coverage.html
bin/python/dnssec-coverage.html
+95
-46
bin/python/dnssec-keymgr.html
bin/python/dnssec-keymgr.html
+171
-83
bin/rndc/rndc.conf.html
bin/rndc/rndc.conf.html
+68
-38
bin/rndc/rndc.html
bin/rndc/rndc.html
+265
-161
bin/tools/arpaname.html
bin/tools/arpaname.html
+29
-11
bin/tools/dnstap-read.html
bin/tools/dnstap-read.html
+57
-22
bin/tools/genrandom.html
bin/tools/genrandom.html
+55
-22
bin/tools/isc-hmac-fixup.html
bin/tools/isc-hmac-fixup.html
+38
-16
bin/tools/mdig.html
bin/tools/mdig.html
+255
-116
bin/tools/named-journalprint.html
bin/tools/named-journalprint.html
+38
-15
bin/tools/named-nzd2nzf.8
bin/tools/named-nzd2nzf.8
+1
-0
bin/tools/named-nzd2nzf.html
bin/tools/named-nzd2nzf.html
+1
-0
bin/tools/named-rrchecker.html
bin/tools/named-rrchecker.html
+42
-17
bin/tools/nsec3hash.html
bin/tools/nsec3hash.html
+54
-22
doc/arm/Bv9ARM.ch01.html
doc/arm/Bv9ARM.ch01.html
+121
-66
doc/arm/Bv9ARM.ch02.html
doc/arm/Bv9ARM.ch02.html
+23
-17
doc/arm/Bv9ARM.ch03.html
doc/arm/Bv9ARM.ch03.html
+173
-75
doc/arm/Bv9ARM.ch04.html
doc/arm/Bv9ARM.ch04.html
+664
-468
doc/arm/Bv9ARM.ch05.html
doc/arm/Bv9ARM.ch05.html
+20
-14
doc/arm/Bv9ARM.ch06.html
doc/arm/Bv9ARM.ch06.html
+2290
-1363
doc/arm/Bv9ARM.ch07.html
doc/arm/Bv9ARM.ch07.html
+57
-41
doc/arm/Bv9ARM.ch08.html
doc/arm/Bv9ARM.ch08.html
+25
-15
doc/arm/Bv9ARM.ch09.html
doc/arm/Bv9ARM.ch09.html
+46
-30
doc/arm/Bv9ARM.ch10.html
doc/arm/Bv9ARM.ch10.html
+12
-11
doc/arm/Bv9ARM.ch11.html
doc/arm/Bv9ARM.ch11.html
+748
-323
doc/arm/Bv9ARM.ch12.html
doc/arm/Bv9ARM.ch12.html
+135
-95
doc/arm/Bv9ARM.ch13.html
doc/arm/Bv9ARM.ch13.html
+39
-1
doc/arm/Bv9ARM.html
doc/arm/Bv9ARM.html
+28
-1
doc/arm/man.arpaname.html
doc/arm/man.arpaname.html
+29
-11
doc/arm/man.ddns-confgen.html
doc/arm/man.ddns-confgen.html
+93
-34
doc/arm/man.delv.html
doc/arm/man.delv.html
+236
-112
doc/arm/man.dig.html
doc/arm/man.dig.html
+442
-218
doc/arm/man.dnssec-checkds.html
doc/arm/man.dnssec-checkds.html
+72
-25
doc/arm/man.dnssec-coverage.html
doc/arm/man.dnssec-coverage.html
+95
-46
doc/arm/man.dnssec-dsfromkey.html
doc/arm/man.dnssec-dsfromkey.html
+144
-60
doc/arm/man.dnssec-importkey.html
doc/arm/man.dnssec-importkey.html
+116
-45
doc/arm/man.dnssec-keyfromlabel.html
doc/arm/man.dnssec-keyfromlabel.html
+205
-96
doc/arm/man.dnssec-keygen.html
doc/arm/man.dnssec-keygen.html
+231
-109
doc/arm/man.dnssec-keymgr.html
doc/arm/man.dnssec-keymgr.html
+171
-83
doc/arm/man.dnssec-revoke.html
doc/arm/man.dnssec-revoke.html
+76
-31
doc/arm/man.dnssec-settime.html
doc/arm/man.dnssec-settime.html
+142
-64
doc/arm/man.dnssec-signzone.html
doc/arm/man.dnssec-signzone.html
+280
-131
doc/arm/man.dnssec-verify.html
doc/arm/man.dnssec-verify.html
+81
-35
doc/arm/man.dnstap-read.html
doc/arm/man.dnstap-read.html
+57
-22
doc/arm/man.genrandom.html
doc/arm/man.genrandom.html
+55
-22
doc/arm/man.host.html
doc/arm/man.host.html
+142
-65
doc/arm/man.isc-hmac-fixup.html
doc/arm/man.isc-hmac-fixup.html
+38
-16
doc/arm/man.lwresd.html
doc/arm/man.lwresd.html
+146
-64
doc/arm/man.mdig.html
doc/arm/man.mdig.html
+255
-116
doc/arm/man.named-checkconf.html
doc/arm/man.named-checkconf.html
+86
-38
No files found.
bin/check/named-checkconf.html
View file @
16fde7f0
...
...
@@ -14,26 +14,45 @@
</head>
<body
bgcolor=
"white"
text=
"black"
link=
"#0000FF"
vlink=
"#840084"
alink=
"#0000FF"
><div
class=
"refentry"
>
<a
name=
"man.named-checkconf"
></a><div
class=
"titlepage"
></div>
<div
class=
"refnamediv"
>
<div
class=
"refnamediv"
>
<h2>
Name
</h2>
<p><span
class=
"application"
>
named-checkconf
</span>
—
named configuration file syntax checking tool
</p>
<p>
<span
class=
"application"
>
named-checkconf
</span>
—
named configuration file syntax checking tool
</p>
</div>
<div
class=
"refsynopsisdiv"
>
<div
class=
"refsynopsisdiv"
>
<h2>
Synopsis
</h2>
<div
class=
"cmdsynopsis"
><p><code
class=
"command"
>
named-checkconf
</code>
[
<code
class=
"option"
>
-hjlvz
</code>
] [
<code
class=
"option"
>
-p
</code>
<div
class=
"cmdsynopsis"
><p>
<code
class=
"command"
>
named-checkconf
</code>
[
<code
class=
"option"
>
-hjlvz
</code>
]
[
<code
class=
"option"
>
-p
</code>
[
<code
class=
"option"
>
-x
</code>
]] [
<code
class=
"option"
>
-t
<em
class=
"replaceable"
><code>
directory
</code></em></code>
] {filename}
</p></div>
</div>
<div
class=
"refsection"
>
]]
[
<code
class=
"option"
>
-t
<em
class=
"replaceable"
><code>
directory
</code></em></code>
]
{filename}
</p></div>
</div>
<div
class=
"refsection"
>
<a
name=
"id-1.7"
></a><h2>
DESCRIPTION
</h2>
<p><span
class=
"command"
><strong>
named-checkconf
</strong></span>
<p><span
class=
"command"
><strong>
named-checkconf
</strong></span>
checks the syntax, but not the semantics, of a
<span
class=
"command"
><strong>
named
</strong></span>
configuration file. The file is parsed
and checked for syntax errors, along with all files included by it.
If no file is specified,
<code
class=
"filename"
>
/etc/named.conf
</code>
is read
by default.
</p>
<p>
<p>
Note: files that
<span
class=
"command"
><strong>
named
</strong></span>
reads in separate
parser contexts, such as
<code
class=
"filename"
>
rndc.key
</code>
and
<code
class=
"filename"
>
bind.keys
</code>
, are not automatically read
...
...
@@ -43,43 +62,58 @@
successful.
<span
class=
"command"
><strong>
named-checkconf
</strong></span>
can be run
on these files explicitly, however.
</p>
</div>
<div
class=
"refsection"
>
</div>
<div
class=
"refsection"
>
<a
name=
"id-1.8"
></a><h2>
OPTIONS
</h2>
<div
class=
"variablelist"
><dl
class=
"variablelist"
>
<div
class=
"variablelist"
><dl
class=
"variablelist"
>
<dt><span
class=
"term"
>
-h
</span></dt>
<dd><p>
<dd>
<p>
Print the usage summary and exit.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-j
</span></dt>
<dd><p>
<dd>
<p>
When loading a zonefile read the journal if it exists.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-l
</span></dt>
<dd><p>
<dd>
<p>
List all the configured zones. Each line of output
contains the zone name, class (e.g. IN), view, and type
(e.g. master or slave).
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-p
</span></dt>
<dd><p>
<dd>
<p>
Print out the
<code
class=
"filename"
>
named.conf
</code>
and included files
in canonical form if no errors were detected.
See also the
<code
class=
"option"
>
-x
</code>
option.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-t
<em
class=
"replaceable"
><code>
directory
</code></em></span></dt>
<dd><p>
<dd>
<p>
Chroot to
<code
class=
"filename"
>
directory
</code>
so that include
directives in the configuration file are processed as if
run by a similarly chrooted
<span
class=
"command"
><strong>
named
</strong></span>
.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-v
</span></dt>
<dd><p>
<dd>
<p>
Print the version of the
<span
class=
"command"
><strong>
named-checkconf
</strong></span>
program and exit.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-x
</span></dt>
<dd><p>
<dd>
<p>
When printing the configuration files in canonical
form, obscure shared secrets by replacing them with
strings of question marks ('?'). This allows the
...
...
@@ -87,32 +121,46 @@
files to be shared
—
for example, when submitting
bug reports
—
without compromising private data.
This option cannot be used without
<code
class=
"option"
>
-p
</code>
.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-z
</span></dt>
<dd><p>
<dd>
<p>
Perform a test load of all master zones found in
<code
class=
"filename"
>
named.conf
</code>
.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
filename
</span></dt>
<dd><p>
<dd>
<p>
The name of the configuration file to be checked. If not
specified, it defaults to
<code
class=
"filename"
>
/etc/named.conf
</code>
.
</p></dd>
</p>
</dd>
</dl></div>
</div>
<div
class=
"refsection"
>
</div>
<div
class=
"refsection"
>
<a
name=
"id-1.9"
></a><h2>
RETURN VALUES
</h2>
<p><span
class=
"command"
><strong>
named-checkconf
</strong></span>
<p><span
class=
"command"
><strong>
named-checkconf
</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div
class=
"refsection"
>
</div>
<div
class=
"refsection"
>
<a
name=
"id-1.10"
></a><h2>
SEE ALSO
</h2>
<p><span
class=
"citerefentry"
><span
class=
"refentrytitle"
>
named
</span>
(8)
</span>
,
<span
class=
"citerefentry"
><span
class=
"refentrytitle"
>
named-checkzone
</span>
(8)
</span>
,
<p><span
class=
"citerefentry"
>
<span
class=
"refentrytitle"
>
named
</span>
(8)
</span>
,
<span
class=
"citerefentry"
>
<span
class=
"refentrytitle"
>
named-checkzone
</span>
(8)
</span>
,
<em
class=
"citetitle"
>
BIND 9 Administrator Reference Manual
</em>
.
</p>
</div>
</div>
</div></body>
</html>
bin/check/named-checkzone.html
View file @
16fde7f0
This diff is collapsed.
Click to expand it.
bin/confgen/ddns-confgen.html
View file @
16fde7f0
...
...
@@ -14,31 +14,63 @@
</head>
<body
bgcolor=
"white"
text=
"black"
link=
"#0000FF"
vlink=
"#840084"
alink=
"#0000FF"
><div
class=
"refentry"
>
<a
name=
"man.ddns-confgen"
></a><div
class=
"titlepage"
></div>
<div
class=
"refnamediv"
>
<div
class=
"refnamediv"
>
<h2>
Name
</h2>
<p><span
class=
"application"
>
ddns-confgen
</span>
—
ddns key generation tool
</p>
<p>
<span
class=
"application"
>
ddns-confgen
</span>
—
ddns key generation tool
</p>
</div>
<div
class=
"refsynopsisdiv"
>
<div
class=
"refsynopsisdiv"
>
<h2>
Synopsis
</h2>
<div
class=
"cmdsynopsis"
><p><code
class=
"command"
>
tsig-keygen
</code>
[
<code
class=
"option"
>
-a
<em
class=
"replaceable"
><code>
algorithm
</code></em></code>
] [
<code
class=
"option"
>
-h
</code>
] [
<code
class=
"option"
>
-r
<em
class=
"replaceable"
><code>
randomfile
</code></em></code>
] [name]
</p></div>
<div
class=
"cmdsynopsis"
><p><code
class=
"command"
>
ddns-confgen
</code>
[
<code
class=
"option"
>
-a
<em
class=
"replaceable"
><code>
algorithm
</code></em></code>
] [
<code
class=
"option"
>
-h
</code>
] [
<code
class=
"option"
>
-k
<em
class=
"replaceable"
><code>
keyname
</code></em></code>
] [
<code
class=
"option"
>
-q
</code>
] [
<code
class=
"option"
>
-r
<em
class=
"replaceable"
><code>
randomfile
</code></em></code>
] [ -s
<em
class=
"replaceable"
><code>
name
</code></em>
| -z
<em
class=
"replaceable"
><code>
zone
</code></em>
]
</p></div>
</div>
<div
class=
"refsection"
>
<div
class=
"cmdsynopsis"
><p>
<code
class=
"command"
>
tsig-keygen
</code>
[
<code
class=
"option"
>
-a
<em
class=
"replaceable"
><code>
algorithm
</code></em></code>
]
[
<code
class=
"option"
>
-h
</code>
]
[
<code
class=
"option"
>
-r
<em
class=
"replaceable"
><code>
randomfile
</code></em></code>
]
[name]
</p></div>
<div
class=
"cmdsynopsis"
><p>
<code
class=
"command"
>
ddns-confgen
</code>
[
<code
class=
"option"
>
-a
<em
class=
"replaceable"
><code>
algorithm
</code></em></code>
]
[
<code
class=
"option"
>
-h
</code>
]
[
<code
class=
"option"
>
-k
<em
class=
"replaceable"
><code>
keyname
</code></em></code>
]
[
<code
class=
"option"
>
-q
</code>
]
[
<code
class=
"option"
>
-r
<em
class=
"replaceable"
><code>
randomfile
</code></em></code>
]
[
-s
<em
class=
"replaceable"
><code>
name
</code></em>
| -z
<em
class=
"replaceable"
><code>
zone
</code></em>
]
</p></div>
</div>
<div
class=
"refsection"
>
<a
name=
"id-1.7"
></a><h2>
DESCRIPTION
</h2>
<p>
<p>
<span
class=
"command"
><strong>
tsig-keygen
</strong></span>
and
<span
class=
"command"
><strong>
ddns-confgen
</strong></span>
are invocation methods for a utility that generates keys for use
in TSIG signing. The resulting keys can be used, for example,
to secure dynamic DNS updates to a zone or for the
<span
class=
"command"
><strong>
rndc
</strong></span>
command channel.
</p>
<p>
<p>
When run as
<span
class=
"command"
><strong>
tsig-keygen
</strong></span>
, a domain name
can be specified on the command line which will be used as
the name of the generated key. If no name is specified,
the default is
<code
class=
"constant"
>
tsig-key
</code>
.
</p>
<p>
<p>
When run as
<span
class=
"command"
><strong>
ddns-confgen
</strong></span>
, the generated
key is accompanied by configuration text and instructions
that can be used with
<span
class=
"command"
><strong>
nsupdate
</strong></span>
and
...
...
@@ -48,7 +80,8 @@
<span
class=
"command"
><strong>
rndc-confgen
</strong></span>
command for setting
up command channel security.)
</p>
<p>
<p>
Note that
<span
class=
"command"
><strong>
named
</strong></span>
itself can configure a
local DDNS key for use with
<span
class=
"command"
><strong>
nsupdate -l
</strong></span>
:
it does this when a zone is configured with
...
...
@@ -58,24 +91,32 @@
if
<span
class=
"command"
><strong>
nsupdate
</strong></span>
is to be used from a remote
system.
</p>
</div>
<div
class=
"refsection"
>
</div>
<div
class=
"refsection"
>
<a
name=
"id-1.8"
></a><h2>
OPTIONS
</h2>
<div
class=
"variablelist"
><dl
class=
"variablelist"
>
<div
class=
"variablelist"
><dl
class=
"variablelist"
>
<dt><span
class=
"term"
>
-a
<em
class=
"replaceable"
><code>
algorithm
</code></em></span></dt>
<dd><p>
<dd>
<p>
Specifies the algorithm to use for the TSIG key. Available
choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
hmac-sha384 and hmac-sha512. The default is hmac-sha256.
Options are case-insensitive, and the "hmac-" prefix
may be omitted.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-h
</span></dt>
<dd><p>
<dd>
<p>
Prints a short summary of options and arguments.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-k
<em
class=
"replaceable"
><code>
keyname
</code></em></span></dt>
<dd><p>
<dd>
<p>
Specifies the key name of the DDNS authentication key.
The default is
<code
class=
"constant"
>
ddns-key
</code>
when neither
the
<code
class=
"option"
>
-s
</code>
nor
<code
class=
"option"
>
-z
</code>
option is
...
...
@@ -85,15 +126,19 @@
<code
class=
"constant"
>
ddns-key.example.com.
</code>
The key name must have the format of a valid domain name,
consisting of letters, digits, hyphens and periods.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-q
</span></dt>
<dd><p>
<dd>
<p>
(
<span
class=
"command"
><strong>
ddns-confgen
</strong></span>
only.) Quiet mode: Print
only the key, with no explanatory text or usage examples;
This is essentially identical to
<span
class=
"command"
><strong>
tsig-keygen
</strong></span>
.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-r
<em
class=
"replaceable"
><code>
randomfile
</code></em></span></dt>
<dd><p>
<dd>
<p>
Specifies a source of random data for generating the
authorization. If the operating system does not provide a
<code
class=
"filename"
>
/dev/random
</code>
or equivalent device, the
...
...
@@ -103,9 +148,11 @@
instead of the default. The special value
<code
class=
"filename"
>
keyboard
</code>
indicates that keyboard input
should be used.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-s
<em
class=
"replaceable"
><code>
name
</code></em></span></dt>
<dd><p>
<dd>
<p>
(
<span
class=
"command"
><strong>
ddns-confgen
</strong></span>
only.)
Generate configuration example to allow dynamic updates
of a single hostname. The example
<span
class=
"command"
><strong>
named.conf
</strong></span>
...
...
@@ -116,9 +163,11 @@
Note that the "self" nametype cannot be used, since
the name to be updated may differ from the key name.
This option cannot be used with the
<code
class=
"option"
>
-z
</code>
option.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-z
<em
class=
"replaceable"
><code>
zone
</code></em></span></dt>
<dd><p>
<dd>
<p>
(
<span
class=
"command"
><strong>
ddns-confgen
</strong></span>
only.)
Generate configuration example to allow dynamic updates
of a zone: The example
<span
class=
"command"
><strong>
named.conf
</strong></span>
text
...
...
@@ -128,16 +177,26 @@
all subdomain names within that
<em
class=
"replaceable"
><code>
zone
</code></em>
.
This option cannot be used with the
<code
class=
"option"
>
-s
</code>
option.
</p></dd>
</p>
</dd>
</dl></div>
</div>
<div
class=
"refsection"
>
</div>
<div
class=
"refsection"
>
<a
name=
"id-1.9"
></a><h2>
SEE ALSO
</h2>
<p><span
class=
"citerefentry"
><span
class=
"refentrytitle"
>
nsupdate
</span>
(1)
</span>
,
<span
class=
"citerefentry"
><span
class=
"refentrytitle"
>
named.conf
</span>
(5)
</span>
,
<span
class=
"citerefentry"
><span
class=
"refentrytitle"
>
named
</span>
(8)
</span>
,
<p><span
class=
"citerefentry"
>
<span
class=
"refentrytitle"
>
nsupdate
</span>
(1)
</span>
,
<span
class=
"citerefentry"
>
<span
class=
"refentrytitle"
>
named.conf
</span>
(5)
</span>
,
<span
class=
"citerefentry"
>
<span
class=
"refentrytitle"
>
named
</span>
(8)
</span>
,
<em
class=
"citetitle"
>
BIND 9 Administrator Reference Manual
</em>
.
</p>
</div>
</div>
</div></body>
</html>
bin/confgen/rndc-confgen.html
View file @
16fde7f0
...
...
@@ -14,17 +14,43 @@
</head>
<body
bgcolor=
"white"
text=
"black"
link=
"#0000FF"
vlink=
"#840084"
alink=
"#0000FF"
><div
class=
"refentry"
>
<a
name=
"man.rndc-confgen"
></a><div
class=
"titlepage"
></div>
<div
class=
"refnamediv"
>
<div
class=
"refnamediv"
>
<h2>
Name
</h2>
<p><span
class=
"application"
>
rndc-confgen
</span>
—
rndc key generation tool
</p>
<p>
<span
class=
"application"
>
rndc-confgen
</span>
—
rndc key generation tool
</p>
</div>
<div
class=
"refsynopsisdiv"
>
<div
class=
"refsynopsisdiv"
>
<h2>
Synopsis
</h2>
<div
class=
"cmdsynopsis"
><p><code
class=
"command"
>
rndc-confgen
</code>
[
<code
class=
"option"
>
-a
</code>
] [
<code
class=
"option"
>
-A
<em
class=
"replaceable"
><code>
algorithm
</code></em></code>
] [
<code
class=
"option"
>
-b
<em
class=
"replaceable"
><code>
keysize
</code></em></code>
] [
<code
class=
"option"
>
-c
<em
class=
"replaceable"
><code>
keyfile
</code></em></code>
] [
<code
class=
"option"
>
-h
</code>
] [
<code
class=
"option"
>
-k
<em
class=
"replaceable"
><code>
keyname
</code></em></code>
] [
<code
class=
"option"
>
-p
<em
class=
"replaceable"
><code>
port
</code></em></code>
] [
<code
class=
"option"
>
-r
<em
class=
"replaceable"
><code>
randomfile
</code></em></code>
] [
<code
class=
"option"
>
-s
<em
class=
"replaceable"
><code>
address
</code></em></code>
] [
<code
class=
"option"
>
-t
<em
class=
"replaceable"
><code>
chrootdir
</code></em></code>
] [
<code
class=
"option"
>
-u
<em
class=
"replaceable"
><code>
user
</code></em></code>
]
</p></div>
</div>
<div
class=
"refsection"
>
<div
class=
"cmdsynopsis"
><p>
<code
class=
"command"
>
rndc-confgen
</code>
[
<code
class=
"option"
>
-a
</code>
]
[
<code
class=
"option"
>
-A
<em
class=
"replaceable"
><code>
algorithm
</code></em></code>
]
[
<code
class=
"option"
>
-b
<em
class=
"replaceable"
><code>
keysize
</code></em></code>
]
[
<code
class=
"option"
>
-c
<em
class=
"replaceable"
><code>
keyfile
</code></em></code>
]
[
<code
class=
"option"
>
-h
</code>
]
[
<code
class=
"option"
>
-k
<em
class=
"replaceable"
><code>
keyname
</code></em></code>
]
[
<code
class=
"option"
>
-p
<em
class=
"replaceable"
><code>
port
</code></em></code>
]
[
<code
class=
"option"
>
-r
<em
class=
"replaceable"
><code>
randomfile
</code></em></code>
]
[
<code
class=
"option"
>
-s
<em
class=
"replaceable"
><code>
address
</code></em></code>
]
[
<code
class=
"option"
>
-t
<em
class=
"replaceable"
><code>
chrootdir
</code></em></code>
]
[
<code
class=
"option"
>
-u
<em
class=
"replaceable"
><code>
user
</code></em></code>
]
</p></div>
</div>
<div
class=
"refsection"
>
<a
name=
"id-1.7"
></a><h2>
DESCRIPTION
</h2>
<p><span
class=
"command"
><strong>
rndc-confgen
</strong></span>
<p><span
class=
"command"
><strong>
rndc-confgen
</strong></span>
generates configuration files
for
<span
class=
"command"
><strong>
rndc
</strong></span>
. It can be used as a
convenient alternative to writing the
...
...
@@ -37,13 +63,17 @@
avoid the need for a
<code
class=
"filename"
>
rndc.conf
</code>
file
and a
<span
class=
"command"
><strong>
controls
</strong></span>
statement altogether.
</p>
</div>
<div
class=
"refsection"
>
</div>
<div
class=
"refsection"
>
<a
name=
"id-1.8"
></a><h2>
OPTIONS
</h2>
<div
class=
"variablelist"
><dl
class=
"variablelist"
>
<div
class=
"variablelist"
><dl
class=
"variablelist"
>
<dt><span
class=
"term"
>
-a
</span></dt>
<dd>
<p>
<p>
Do automatic
<span
class=
"command"
><strong>
rndc
</strong></span>
configuration.
This creates a file
<code
class=
"filename"
>
rndc.key
</code>
in
<code
class=
"filename"
>
/etc
</code>
(or whatever
...
...
@@ -58,7 +88,7 @@
<span
class=
"command"
><strong>
named
</strong></span>
on the local host
with no further configuration.
</p>
<p>
<p>
Running
<span
class=
"command"
><strong>
rndc-confgen -a
</strong></span>
allows
BIND 9 and
<span
class=
"command"
><strong>
rndc
</strong></span>
to be used as
drop-in
...
...
@@ -66,7 +96,7 @@
with no changes to the existing BIND 8
<code
class=
"filename"
>
named.conf
</code>
file.
</p>
<p>
<p>
If a more elaborate configuration than that
generated by
<span
class=
"command"
><strong>
rndc-confgen -a
</strong></span>
is required, for example if rndc is to be used remotely,
...
...
@@ -77,44 +107,57 @@
<code
class=
"filename"
>
named.conf
</code>
as directed.
</p>
</dd>
</dd>
<dt><span
class=
"term"
>
-A
<em
class=
"replaceable"
><code>
algorithm
</code></em></span></dt>
<dd><p>
<dd>
<p>
Specifies the algorithm to use for the TSIG key. Available
choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
hmac-sha384 and hmac-sha512. The default is hmac-md5 or
if MD5 was disabled hmac-sha256.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-b
<em
class=
"replaceable"
><code>
keysize
</code></em></span></dt>
<dd><p>
<dd>
<p>
Specifies the size of the authentication key in bits.
Must be between 1 and 512 bits; the default is the
hash size.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-c
<em
class=
"replaceable"
><code>
keyfile
</code></em></span></dt>
<dd><p>
<dd>
<p>
Used with the
<span
class=
"command"
><strong>
-a
</strong></span>
option to specify
an alternate location for
<code
class=
"filename"
>
rndc.key
</code>
.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-h
</span></dt>
<dd><p>
<dd>
<p>
Prints a short summary of the options and arguments to
<span
class=
"command"
><strong>
rndc-confgen
</strong></span>
.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-k
<em
class=
"replaceable"
><code>
keyname
</code></em></span></dt>
<dd><p>
<dd>
<p>
Specifies the key name of the rndc authentication key.
This must be a valid domain name.
The default is
<code
class=
"constant"
>
rndc-key
</code>
.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-p
<em
class=
"replaceable"
><code>
port
</code></em></span></dt>
<dd><p>
<dd>
<p>
Specifies the command channel port where
<span
class=
"command"
><strong>
named
</strong></span>
listens for connections from
<span
class=
"command"
><strong>
rndc
</strong></span>
.
The default is 953.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-r
<em
class=
"replaceable"
><code>
randomfile
</code></em></span></dt>
<dd><p>
<dd>
<p>
Specifies a source of random data for generating the
authorization. If the operating
system does not provide a
<code
class=
"filename"
>
/dev/random
</code>
...
...
@@ -125,24 +168,30 @@
data to be used instead of the default. The special value
<code
class=
"filename"
>
keyboard
</code>
indicates that keyboard
input should be used.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-s
<em
class=
"replaceable"
><code>
address
</code></em></span></dt>
<dd><p>
<dd>
<p>
Specifies the IP address where
<span
class=
"command"
><strong>
named
</strong></span>
listens for command channel connections from
<span
class=
"command"
><strong>
rndc
</strong></span>
. The default is the loopback
address 127.0.0.1.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-t
<em
class=
"replaceable"
><code>
chrootdir
</code></em></span></dt>
<dd><p>
<dd>
<p>
Used with the
<span
class=
"command"
><strong>
-a
</strong></span>
option to specify
a directory where
<span
class=
"command"
><strong>
named
</strong></span>
will run
chrooted. An additional copy of the
<code
class=
"filename"
>
rndc.key
</code>
will be written relative to this directory so that
it will be found by the chrooted
<span
class=
"command"
><strong>
named
</strong></span>
.
</p></dd>
</p>
</dd>
<dt><span
class=
"term"
>
-u
<em
class=
"replaceable"
><code>
user
</code></em></span></dt>
<dd><p>
<dd>
<p>
Used with the
<span
class=
"command"
><strong>
-a
</strong></span>
option to set the
owner
of the
<code
class=
"filename"
>
rndc.key
</code>
file generated.
...
...
@@ -150,33 +199,45 @@