Commit ba52377b authored by Evan Hunt's avatar Evan Hunt
Browse files

use 'tsig-keygen' as the primary name for the tool

'ddns-confgen' is now an alias for 'tsig-keygen', rather than
the other way around.
parent 858082de
Pipeline #46166 passed with stages
in 18 minutes and 5 seconds
5460. [cleanup] tsig-keygen was previously an alias for
ddns-confgen and was documented in the ddns-confgen
man page. This has been reversed; tsig-keygen is
now the primary name. [GL #1998]
5459. [bug] Bad isc_mem_put() size when an invalid type was 5459. [bug] Bad isc_mem_put() size when an invalid type was
specified in a update-policy rule. [GL #1990] specified in a update-policy rule. [GL #1990]
   
......
...@@ -20,11 +20,11 @@ libconfgen_la_SOURCES = \ ...@@ -20,11 +20,11 @@ libconfgen_la_SOURCES = \
util.c \ util.c \
unix/os.c unix/os.c
sbin_PROGRAMS = ddns-confgen rndc-confgen sbin_PROGRAMS = tsig-keygen rndc-confgen
install-exec-hook: install-exec-hook:
ln -f $(DESTDIR)$(sbindir)/ddns-confgen \ ln -f $(DESTDIR)$(sbindir)/tsig-keygen \
$(DESTDIR)$(sbindir)/tsig-confgen $(DESTDIR)$(sbindir)/ddns-confgen
uninstall-hook: uninstall-hook:
-rm -f $(DESTDIR)$(sbindir)/tsig-confgen -rm -f $(DESTDIR)$(sbindir)/ddns-confgen
...@@ -12,9 +12,8 @@ ...@@ -12,9 +12,8 @@
/*! \file */ /*! \file */
/** /**
* ddns-confgen generates configuration files for dynamic DNS. It can * tsig-keygen generates TSIG keys that can be used in named configuration
* be used as a convenient alternative to writing the ddns.key file * files for dynamic DNS.
* and the corresponding key and update-policy statements in named.conf.
*/ */
#include <stdarg.h> #include <stdarg.h>
......
...@@ -21,10 +21,10 @@ ...@@ -21,10 +21,10 @@
.. highlight: console .. highlight: console
.. _man_ddns-confgen: .. _man_tsig-keygen:
ddns-confgen - ddns key generation tool tsig-keygen, ddns-confgen - TSIG key generation tool
--------------------------------------- ----------------------------------------------------
Synopsis Synopsis
~~~~~~~~ ~~~~~~~~
...@@ -37,15 +37,16 @@ Description ...@@ -37,15 +37,16 @@ Description
``tsig-keygen`` and ``ddns-confgen`` are invocation methods for a ``tsig-keygen`` and ``ddns-confgen`` are invocation methods for a
utility that generates keys for use in TSIG signing. The resulting keys utility that generates keys for use in TSIG signing. The resulting keys
can be used, for example, to secure dynamic DNS updates to a zone or for can be used, for example, to secure dynamic DNS updates to a zone, or for
the ``rndc`` command channel. the ``rndc`` command channel.
When run as ``tsig-keygen``, a domain name can be specified on the When run as ``tsig-keygen``, a domain name can be specified on the
command line to be used as the name of the generated key. If no command line to be used as the name of the generated key. If no
name is specified, the default is ``tsig-key``. name is specified, the default is ``tsig-key``.
When run as ``ddns-confgen``, the generated key is accompanied by When run as ``ddns-confgen``, the key name can specified using ``-k``
configuration text and instructions that can be used with ``nsupdate`` parameter and defaults to ``ddns-key``. The generated key is accompanied
by configuration text and instructions that can be used with ``nsupdate``
and ``named`` when setting up dynamic DNS, including an example and ``named`` when setting up dynamic DNS, including an example
``update-policy`` statement. (This usage is similar to the ``rndc-confgen`` ``update-policy`` statement. (This usage is similar to the ``rndc-confgen``
command for setting up command-channel security.) command for setting up command-channel security.)
...@@ -60,20 +61,20 @@ Options ...@@ -60,20 +61,20 @@ Options
~~~~~~~ ~~~~~~~
``-a algorithm`` ``-a algorithm``
This option specifies the algorithm to use for the TSIG key. Available choices This option specifies the algorithm to use for the TSIG key. Available
are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, and choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
hmac-sha512. The default is hmac-sha256. Options are and hmac-sha512. The default is hmac-sha256. Options are
case-insensitive, and the "hmac-" prefix may be omitted. case-insensitive, and the "hmac-" prefix may be omitted.
``-h`` ``-h``
This option prints a short summary of options and arguments. This option prints a short summary of options and arguments.
``-k keyname`` ``-k keyname``
This option specifies the key name of the DDNS authentication key. The default is This option specifies the key name of the DDNS authentication key. The
``ddns-key`` when neither the ``-s`` nor ``-z`` option is specified; default is ``ddns-key`` when neither the ``-s`` nor ``-z`` option is
otherwise, the default is ``ddns-key`` as a separate label followed specified; otherwise, the default is ``ddns-key`` as a separate label
by the argument of the option, e.g., ``ddns-key.example.com.`` The followed by the argument of the option, e.g., ``ddns-key.example.com.``
key name must have the format of a valid domain name, consisting of The key name must have the format of a valid domain name, consisting of
letters, digits, hyphens, and periods. letters, digits, hyphens, and periods.
``-q`` (``ddns-confgen`` only) ``-q`` (``ddns-confgen`` only)
...@@ -82,13 +83,12 @@ Options ...@@ -82,13 +83,12 @@ Options
``tsig-keygen``. ``tsig-keygen``.
``-s name`` (``ddns-confgen`` only) ``-s name`` (``ddns-confgen`` only)
This option generates a configuration example to allow This option generates a configuration example to allow dynamic updates
dynamic updates of a single hostname. The example ``named.conf`` text of a single hostname. The example ``named.conf`` text shows how to set
shows how to set an update policy for the specified name using the an update policy for the specified name using the "name" nametype. The
"name" nametype. The default key name is ``ddns-key.name``. Note that the default key name is ``ddns-key.name``. Note that the "self" nametype
"self" nametype cannot be used, since the name to be updated may cannot be used, since the name to be updated may differ from the key
differ from the key name. This option cannot be used with the ``-z`` name. This option cannot be used with the ``-z`` option.
option.
``-z zone`` (``ddns-confgen`` only) ``-z zone`` (``ddns-confgen`` only)
This option generates a configuration example to allow This option generates a configuration example to allow
......
...@@ -11,8 +11,8 @@ ...@@ -11,8 +11,8 @@
</Filter> </Filter>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="..\ddns-confgen.c"> <ClCompile Include="..\tsig-keygen.c">
<Filter>Source Files</Filter> <Filter>Source Files</Filter>
</ClCompile> </ClCompile>
</ItemGroup> </ItemGroup>
</Project> </Project>
\ No newline at end of file
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
<PropertyGroup Label="Globals"> <PropertyGroup Label="Globals">
<ProjectGuid>{1EA4FC64-F33B-4A50-970A-EA052BBE9CF1}</ProjectGuid> <ProjectGuid>{1EA4FC64-F33B-4A50-970A-EA052BBE9CF1}</ProjectGuid>
<Keyword>Win32Proj</Keyword> <Keyword>Win32Proj</Keyword>
<RootNamespace>ddnsconfgen</RootNamespace> <RootNamespace>tsigkeygen</RootNamespace>
@WINDOWS_TARGET_PLATFORM_VERSION@ @WINDOWS_TARGET_PLATFORM_VERSION@
</PropertyGroup> </PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
...@@ -45,14 +45,14 @@ ...@@ -45,14 +45,14 @@
<OutDir>..\..\..\Build\$(Configuration)\</OutDir> <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
<IntDir>.\$(Configuration)\</IntDir> <IntDir>.\$(Configuration)\</IntDir>
<IntDirSharingDetected>None</IntDirSharingDetected> <IntDirSharingDetected>None</IntDirSharingDetected>
<TargetName>ddns-confgen</TargetName> <TargetName>tsig-keygen</TargetName>
</PropertyGroup> </PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'"> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
<LinkIncremental>false</LinkIncremental> <LinkIncremental>false</LinkIncremental>
<OutDir>..\..\..\Build\$(Configuration)\</OutDir> <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
<IntDir>.\$(Configuration)\</IntDir> <IntDir>.\$(Configuration)\</IntDir>
<IntDirSharingDetected>None</IntDirSharingDetected> <IntDirSharingDetected>None</IntDirSharingDetected>
<TargetName>ddns-confgen</TargetName> <TargetName>tsig-keygen</TargetName>
</PropertyGroup> </PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
<ClCompile> <ClCompile>
...@@ -81,8 +81,8 @@ ...@@ -81,8 +81,8 @@
</Link> </Link>
<PostBuildEvent> <PostBuildEvent>
<Command>cd ..\..\..\Build\$(Configuration) <Command>cd ..\..\..\Build\$(Configuration)
copy /Y ddns-confgen.exe tsig-keygen.exe copy /Y tsig-keygen.exe ddns-confgen.exe
copy /Y ddns-confgen.ilk tsig-keygen.ilk copy /Y tsig-keygen.ilk ddns-confgen.ilk
</Command> </Command>
</PostBuildEvent> </PostBuildEvent>
</ItemDefinitionGroup> </ItemDefinitionGroup>
...@@ -119,12 +119,12 @@ copy /Y ddns-confgen.ilk tsig-keygen.ilk ...@@ -119,12 +119,12 @@ copy /Y ddns-confgen.ilk tsig-keygen.ilk
</Link> </Link>
<PostBuildEvent> <PostBuildEvent>
<Command>cd ..\..\..\Build\$(Configuration) <Command>cd ..\..\..\Build\$(Configuration)
copy /Y ddns-confgen.exe tsig-keygen.exe copy /Y tsig-keygen.exe ddns-confgen.exe
</Command> </Command>
</PostBuildEvent> </PostBuildEvent>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="..\ddns-confgen.c" /> <ClCompile Include="..\tsig-keygen.c" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ProjectReference Include="..\..\..\lib\isc\win32\libisc.vcxproj"> <ProjectReference Include="..\..\..\lib\isc\win32\libisc.vcxproj">
......
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
</Project> </Project>
\ No newline at end of file
...@@ -1025,5 +1025,5 @@ Files ...@@ -1025,5 +1025,5 @@ Files
See Also See Also
~~~~~~~~ ~~~~~~~~
:manpage:`ddns-confgen(8)`, :manpage:`named(8)`, :manpage:`named-checkconf(8)`, :manpage:`rndc(8)`, :manpage:`rndc-confgen(8)`, BIND 9 Administrator Reference Manual. :manpage:`named(8)`, :manpage:`named-checkconf(8)`, :manpage:`rndc(8)`, :manpage:`rndc-confgen(8)`, :manpage:`tsig-keygen(8)`, BIND 9 Administrator Reference Manual.
...@@ -355,7 +355,7 @@ See Also ...@@ -355,7 +355,7 @@ See Also
~~~~~~~~ ~~~~~~~~
:rfc:`2136`, :rfc:`3007`, :rfc:`2104`, :rfc:`2845`, :rfc:`1034`, :rfc:`2535`, :rfc:`2931`, :rfc:`2136`, :rfc:`3007`, :rfc:`2104`, :rfc:`2845`, :rfc:`1034`, :rfc:`2535`, :rfc:`2931`,
:manpage:`named(8)`, :manpage:`ddns-confgen(8)`, :manpage:`dnssec-keygen(8)`. :manpage:`named(8)`, :manpage:`dnssec-keygen(8)`, :manpage:`tsig-keygen(8)`.
Bugs Bugs
~~~~ ~~~~
......
...@@ -31,7 +31,6 @@ ARPANAME=$TOP_BUILDDIR/bin/tools/arpaname ...@@ -31,7 +31,6 @@ ARPANAME=$TOP_BUILDDIR/bin/tools/arpaname
CDS=$TOP_BUILDDIR/bin/dnssec/dnssec-cds CDS=$TOP_BUILDDIR/bin/dnssec/dnssec-cds
CHECKCONF=$TOP_BUILDDIR/bin/check/named-checkconf CHECKCONF=$TOP_BUILDDIR/bin/check/named-checkconf
CHECKZONE=$TOP_BUILDDIR/bin/check/named-checkzone CHECKZONE=$TOP_BUILDDIR/bin/check/named-checkzone
DDNSCONFGEN=$TOP_BUILDDIR/bin/confgen/ddns-confgen
DELV=$TOP_BUILDDIR/bin/delv/delv DELV=$TOP_BUILDDIR/bin/delv/delv
DIG=$TOP_BUILDDIR/bin/dig/dig DIG=$TOP_BUILDDIR/bin/dig/dig
DNSTAPREAD=$TOP_BUILDDIR/bin/tools/dnstap-read DNSTAPREAD=$TOP_BUILDDIR/bin/tools/dnstap-read
......
...@@ -32,7 +32,6 @@ ARPANAME=$TOP_BUILDDIR/Build/$VSCONF/arpaname@EXEEXT@ ...@@ -32,7 +32,6 @@ ARPANAME=$TOP_BUILDDIR/Build/$VSCONF/arpaname@EXEEXT@
CDS=$TOP_BUILDDIR/Build/$VSCONF/dnssec-cds@EXEEXT@ CDS=$TOP_BUILDDIR/Build/$VSCONF/dnssec-cds@EXEEXT@
CHECKCONF=$TOP_BUILDDIR/Build/$VSCONF/named-checkconf@EXEEXT@ CHECKCONF=$TOP_BUILDDIR/Build/$VSCONF/named-checkconf@EXEEXT@
CHECKZONE=$TOP_BUILDDIR/Build/$VSCONF/named-checkzone@EXEEXT@ CHECKZONE=$TOP_BUILDDIR/Build/$VSCONF/named-checkzone@EXEEXT@
DDNSCONFGEN=$TOP_BUILDDIR/Build/$VSCONF/ddns-confgen@EXEEXT@
DELV=$TOP_BUILDDIR/Build/$VSCONF/delv@EXEEXT@ DELV=$TOP_BUILDDIR/Build/$VSCONF/delv@EXEEXT@
DIG=$TOP_BUILDDIR/Build/$VSCONF/dig@EXEEXT@ DIG=$TOP_BUILDDIR/Build/$VSCONF/dig@EXEEXT@
DNSTAPREAD=$TOP_BUILDDIR/Build/$VSCONF/dnstap-read@EXEEXT@ DNSTAPREAD=$TOP_BUILDDIR/Build/$VSCONF/dnstap-read@EXEEXT@
......
...@@ -11,6 +11,6 @@ ...@@ -11,6 +11,6 @@
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
$DDNSCONFGEN -q -z example.nil > ns1/ddns.key $TSIGKEYGEN ddns-key.example.nil > ns1/ddns.key
copy_setports ns1/named.conf.in ns1/named.conf copy_setports ns1/named.conf.in ns1/named.conf
...@@ -53,14 +53,14 @@ ns1.update.nil. A 10.53.0.2 ...@@ -53,14 +53,14 @@ ns1.update.nil. A 10.53.0.2
ns2.update.nil. AAAA ::1 ns2.update.nil. AAAA ::1
EOF EOF
$DDNSCONFGEN -q -z example.nil > ns1/ddns.key $TSIGKEYGEN ddns-key.example.nil > ns1/ddns.key
$DDNSCONFGEN -q -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key $TSIGKEYGEN -a hmac-md5 md5-key > ns1/md5.key
$DDNSCONFGEN -q -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key $TSIGKEYGEN -a hmac-sha1 sha1-key > ns1/sha1.key
$DDNSCONFGEN -q -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key $TSIGKEYGEN -a hmac-sha224 sha224-key > ns1/sha224.key
$DDNSCONFGEN -q -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key $TSIGKEYGEN -a hmac-sha256 sha256-key > ns1/sha256.key
$DDNSCONFGEN -q -a hmac-sha384 -k sha384-key -z keytests.nil > ns1/sha384.key $TSIGKEYGEN -a hmac-sha384 sha384-key > ns1/sha384.key
$DDNSCONFGEN -q -a hmac-sha512 -k sha512-key -z keytests.nil > ns1/sha512.key $TSIGKEYGEN -a hmac-sha512 sha512-key > ns1/sha512.key
(cd ns3; $SHELL -e sign.sh) (cd ns3; $SHELL -e sign.sh)
......
...@@ -162,7 +162,7 @@ ...@@ -162,7 +162,7 @@
<ProjectReference Include="..\..\..\bin\confgen\win32\confgentool.vcxproj"> <ProjectReference Include="..\..\..\bin\confgen\win32\confgentool.vcxproj">
<Project>{64964B03-4815-41F0-9057-E766A94AF197}</Project> <Project>{64964B03-4815-41F0-9057-E766A94AF197}</Project>
</ProjectReference> </ProjectReference>
<ProjectReference Include="..\..\..\bin\confgen\win32\ddnsconfgen.vcxproj"> <ProjectReference Include="..\..\..\bin\confgen\win32\tsigkeygen.vcxproj">
<Project>{1EA4FC64-F33B-4A50-970A-EA052BBE9CF1}</Project> <Project>{1EA4FC64-F33B-4A50-970A-EA052BBE9CF1}</Project>
</ProjectReference> </ProjectReference>
<ProjectReference Include="..\..\..\bin\confgen\win32\rndcconfgen.vcxproj"> <ProjectReference Include="..\..\..\bin\confgen\win32\rndcconfgen.vcxproj">
......
...@@ -416,7 +416,7 @@ email, etc.) ...@@ -416,7 +416,7 @@ email, etc.)
``tsig-keygen`` can also be run as ``ddns-confgen``, in which case its ``tsig-keygen`` can also be run as ``ddns-confgen``, in which case its
output includes additional configuration text for setting up dynamic DNS output includes additional configuration text for setting up dynamic DNS
in ``named``. See :ref:`man_ddns-confgen` for details. in ``named``. See :ref:`man_tsig-keygen` for details.
Loading a New Key Loading a New Key
~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~
......
...@@ -14,7 +14,7 @@ Manual Pages ...@@ -14,7 +14,7 @@ Manual Pages
============ ============
.. include:: ../../bin/tools/arpaname.rst .. include:: ../../bin/tools/arpaname.rst
.. include:: ../../bin/confgen/ddns-confgen.rst .. include:: ../../bin/confgen/tsig-keygen.rst
.. include:: ../../bin/delv/delv.rst .. include:: ../../bin/delv/delv.rst
.. include:: ../../bin/dig/dig.rst .. include:: ../../bin/dig/dig.rst
.. include:: ../../bin/dnssec/dnssec-cds.rst .. include:: ../../bin/dnssec/dnssec-cds.rst
......
...@@ -3,7 +3,6 @@ include $(top_srcdir)/Makefile.docs ...@@ -3,7 +3,6 @@ include $(top_srcdir)/Makefile.docs
MANPAGES_RST = \ MANPAGES_RST = \
arpaname.rst \ arpaname.rst \
ddns-confgen.rst \
delv.rst \ delv.rst \
dig.rst \ dig.rst \
dnssec-cds.rst \ dnssec-cds.rst \
...@@ -37,10 +36,11 @@ MANPAGES_RST = \ ...@@ -37,10 +36,11 @@ MANPAGES_RST = \
rndc-confgen.rst \ rndc-confgen.rst \
rndc.conf.rst \ rndc.conf.rst \
rndc.rst \ rndc.rst \
tsig-keygen.rst \
../../bin/check/named-checkconf.rst \ ../../bin/check/named-checkconf.rst \
../../bin/check/named-checkzone.rst \ ../../bin/check/named-checkzone.rst \
../../bin/confgen/ddns-confgen.rst \
../../bin/confgen/rndc-confgen.rst \ ../../bin/confgen/rndc-confgen.rst \
../../bin/confgen/tsig-keygen.rst \
../../bin/delv/delv.rst \ ../../bin/delv/delv.rst \
../../bin/dig/dig.rst \ ../../bin/dig/dig.rst \
../../bin/dig/host.rst \ ../../bin/dig/host.rst \
...@@ -84,7 +84,6 @@ man_MANS = \ ...@@ -84,7 +84,6 @@ man_MANS = \
nsupdate.1 \ nsupdate.1 \
named.conf.5 \ named.conf.5 \
rndc.conf.5 \ rndc.conf.5 \
ddns-confgen.8 \
dnssec-cds.1 \ dnssec-cds.1 \
dnssec-dsfromkey.1 \ dnssec-dsfromkey.1 \
dnssec-importkey.1 \ dnssec-importkey.1 \
...@@ -102,7 +101,8 @@ man_MANS = \ ...@@ -102,7 +101,8 @@ man_MANS = \
named.8 \ named.8 \
nsec3hash.1 \ nsec3hash.1 \
rndc-confgen.8 \ rndc-confgen.8 \
rndc.8 rndc.8 \
tsig-keygen.8
if HAVE_PKCS11 if HAVE_PKCS11
man_MANS += \ man_MANS += \
......
...@@ -60,7 +60,6 @@ master_doc = 'index' ...@@ -60,7 +60,6 @@ master_doc = 'index'
# pylint: disable=line-too-long # pylint: disable=line-too-long
man_pages = [ man_pages = [
('arpaname', 'arpaname', 'translate IP addresses to the corresponding ARPA names', author, 1), ('arpaname', 'arpaname', 'translate IP addresses to the corresponding ARPA names', author, 1),
('ddns-confgen', 'ddns-confgen', 'ddns key generation tool', author, 8),
('delv', 'delv', 'DNS lookup and validation utility', author, 1), ('delv', 'delv', 'DNS lookup and validation utility', author, 1),
('dig', 'dig', 'DNS lookup utility', author, 1), ('dig', 'dig', 'DNS lookup utility', author, 1),
('dnssec-cds', 'dnssec-cds', 'change DS records for a child zone based on CDS/CDNSKEY', author, 1), ('dnssec-cds', 'dnssec-cds', 'change DS records for a child zone based on CDS/CDNSKEY', author, 1),
...@@ -93,4 +92,5 @@ man_pages = [ ...@@ -93,4 +92,5 @@ man_pages = [
('rndc-confgen', 'rndc-confgen', 'rndc key generation tool', author, 8), ('rndc-confgen', 'rndc-confgen', 'rndc key generation tool', author, 8),
('rndc.conf', 'rndc.conf', 'rndc configuration file', author, 5), ('rndc.conf', 'rndc.conf', 'rndc configuration file', author, 5),
('rndc', 'rndc', 'name server control utility', author, 8), ('rndc', 'rndc', 'name server control utility', author, 8),
('tsig-keygen', 'tsig-keygen', 'TSIG key generation tool', author, 8),
] ]
.\" Man page generated from reStructuredText.
.
.TH "DDNS-CONFGEN" "8" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
.SH NAME
ddns-confgen \- ddns key generation tool
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH SYNOPSIS
.sp
\fBtsig\-keygen\fP [\fB\-a\fP algorithm] [\fB\-h\fP] [\fB\-r\fP randomfile] [\fB\-s\fP name]
.sp
\fBddns\-confgen\fP [\fB\-a\fP algorithm] [\fB\-h\fP] [\fB\-k\fP keyname] [\fB\-q\fP] [\fB\-r\fP randomfile] [\fB\-s\fP name] [\fB\-z\fP zone]
.SH DESCRIPTION
.sp
\fBtsig\-keygen\fP and \fBddns\-confgen\fP are invocation methods for a
utility that generates keys for use in TSIG signing. The resulting keys
can be used, for example, to secure dynamic DNS updates to a zone or for
the \fBrndc\fP command channel.
.sp
When run as \fBtsig\-keygen\fP, a domain name can be specified on the
command line to be used as the name of the generated key. If no
name is specified, the default is \fBtsig\-key\fP\&.
.sp
When run as \fBddns\-confgen\fP, the generated key is accompanied by
configuration text and instructions that can be used with \fBnsupdate\fP
and \fBnamed\fP when setting up dynamic DNS, including an example
\fBupdate\-policy\fP statement. (This usage is similar to the \fBrndc\-confgen\fP
command for setting up command\-channel security.)
.sp
Note that \fBnamed\fP itself can configure a local DDNS key for use with
\fBnsupdate \-l\fP; it does this when a zone is configured with
\fBupdate\-policy local;\fP\&. \fBddns\-confgen\fP is only needed when a more
elaborate configuration is required: for instance, if \fBnsupdate\fP is to
be used from a remote system.
.SH OPTIONS
.INDENT 0.0
.TP
.B \fB\-a algorithm\fP
This option specifies the algorithm to use for the TSIG key. Available choices
are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384, and
hmac\-sha512. The default is hmac\-sha256. Options are
case\-insensitive, and the "hmac\-" prefix may be omitted.
.TP
.B \fB\-h\fP
This option prints a short summary of options and arguments.
.TP
.B \fB\-k keyname\fP
This option specifies the key name of the DDNS authentication key. The default is
\fBddns\-key\fP when neither the \fB\-s\fP nor \fB\-z\fP option is specified;
otherwise, the default is \fBddns\-key\fP as a separate label followed
by the argument of the option, e.g., \fBddns\-key.example.com.\fP The
key name must have the format of a valid domain name, consisting of
letters, digits, hyphens, and periods.
.TP
.B \fB\-q\fP (\fBddns\-confgen\fP only)
This option enables quiet mode, which prints only the key, with no
explanatory text or usage examples. This is essentially identical to
\fBtsig\-keygen\fP\&.
.TP
.B \fB\-s name\fP (\fBddns\-confgen\fP only)
This option generates a configuration example to allow
dynamic updates of a single hostname. The example \fBnamed.conf\fP text
shows how to set an update policy for the specified name using the
"name" nametype. The default key name is \fBddns\-key.name\fP\&. Note that the
"self" nametype cannot be used, since the name to be updated may
differ from the key name. This option cannot be used with the \fB\-z\fP
option.
.TP
.B \fB\-z zone\fP (\fBddns\-confgen\fP only)
This option generates a configuration example to allow
dynamic updates of a zone. The example \fBnamed.conf\fP text shows how
to set an update policy for the specified zone using the "zonesub"
nametype, allowing updates to all subdomain names within that zone.
This option cannot be used with the \fB\-s\fP option.
.UNINDENT
.SH SEE ALSO
.sp
\fBnsupdate(1)\fP, \fBnamed.conf(5)\fP, \fBnamed(8)\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
2020, Internet Systems Consortium
.\" Generated by docutils manpage writer.
.
...@@ -1120,7 +1120,7 @@ zone string [ class ] { ...@@ -1120,7 +1120,7 @@ zone string [ class ] {
\fB/etc/named.conf\fP \fB/etc/named.conf\fP
.SH SEE ALSO .SH SEE ALSO
.sp .sp
\fBddns\-confgen(8)\fP, \fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBrndc(8)\fP, \fBrndc\-confgen(8)\fP, BIND 9 Administrator Reference Manual. \fBtsig\-keygen(8)\fP, \fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBrndc(8)\fP, \fBrndc\-confgen(8)\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR .SH AUTHOR
Internet Systems Consortium Internet Systems Consortium
.SH COPYRIGHT .SH COPYRIGHT
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment