NAME [Toc] [Back]
rndc-confgen - rndc key generation tool
SYNOPSIS [Toc] [Back]
rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port]
[-r randomfile] [-s address] [-t chrootdir] [-u user]
DESCRIPTION [Toc] [Back]
rndc-confgen can be used to generate rndc.conf, the configuration file
for rndc. Alternatively, it can be run with the -a option to set up a
rndc.key file and avoid the need for a rndc.conf file and a controls
Options [Toc] [Back]
-a This option is used to configure rndc automatically.
This creates a file rndc.key in /etc (or whatever
sysconfdir was specified when BIND was built) that is
read by both rndc and named on startup. The rndc.key
file defines a default command channel and
authentication key allowing rndc to communicate with
named with no further configuration. Running rndc-
confgen -a allows BIND 9 and rndc to be used as drop-in
replacements for BIND 8 and ndc, with no changes to the
existing BIND 8 named.conf file.
This option is used to specify the size of the
authentication key in bits. The value must range
between 1 and 512 bits. Default is 128 bits.
This option is used with the -a option to specify an
alternate location for rndc.key.
-h This option is used to print a short summary of the
options and arguments to rndc-confgen.
This option is used to specify the key name of the rndc
authentication key. This must be a valid domain name.
Default is rndc-key.
-p port This option is used to specify the command channel port
where named listens for connections from rndc. Default
This option is used to specify a source file of random
data for generating the authorization. If the
operating system does not provide a /dev/random or
equivalent device, the default source of randomness is
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
keyboard input. randomdev specifies the name of a
character device or a file containing random data to be
used instead of the default. The special value
keyboard indicates that keyboard input needs to be
This option is used to specify the IP address where
named listens for command channel connections from
rndc. Default is the loopback address 127.0.0.1.
This option is used with the -a option to specify a
directory where named will run chrooted. An additional
copy of the rndc.key will be written relative to this
directory so that it will be found by the chrooted
-u user This option is used with the -a option to set the owner
of the rndc.key file generated. If -t is also
specified, only the file in the chroot area has its
EXAMPLES [Toc] [Back]
To allow rndc to be used with no manual configuration, run:
To print a sample rndc.conf file and corresponding controls and key
statements to be manually inserted into named.conf, run:
AUTHOR [Toc] [Back]
rndc-confgen was developed by the Hewlett-Packard Company.
SEE ALSO [Toc] [Back]
rndc(1), named(1M), rndc.conf(4), and BIND 9 Administrator Reference
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003 [ Back ]