NAME
ddns-confgen - ddns key generation tool
SYNOPSIS
tsig-keygen
[ -a algorithm] [-h]
[-r randomfile] [name]
ddns-confgen
[ -a algorithm] [-h]
[-k keyname] [-q]
[-r randomfile] [-s name |
-z zone]
DESCRIPTION
tsig-keygen and
ddns-confgen are invocation methods for a utility
that generates keys for use in TSIG signing. The resulting keys can be used,
for example, to secure dynamic DNS updates to a zone or for the
rndc
command channel.
When run as
tsig-keygen, a domain name can be specified on the command
line which will be used as the name of the generated key. If no name is
specified, the default is
tsig-key.
When run as
ddns-confgen, the generated key is accompanied by
configuration text and instructions that can be used with
nsupdate and
named when setting up dynamic DNS, including an example
update-policy statement. (This usage similar to the
rndc-confgen
command for setting up command channel security.)
Note that
named itself can configure a local DDNS key for use with
nsupdate -l: it does this when a zone is configured with
update-policy local;.
ddns-confgen is only needed when a more
elaborate configuration is required: for instance, if
nsupdate is to be
used from a remote system.
OPTIONS
-a
algorithm
Specifies the algorithm to use for the TSIG
key. Available choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
hmac-sha384 and hmac-sha512. The default is hmac-sha256. Options are
case-insensitive, and the "hmac-" prefix may be omitted.
-h
Prints a short summary of options and
arguments.
-k
keyname
Specifies the key name of the DDNS
authentication key. The default is ddns-key when neither the -s
nor -z option is specified; otherwise, the default is ddns-key
as a separate label followed by the argument of the option, e.g.,
ddns-key.example.com. The key name must have the format of a valid
domain name, consisting of letters, digits, hyphens and periods.
-q
(ddns-confgen only.) Quiet mode: Print
only the key, with no explanatory text or usage examples; This is essentially
identical to tsig-keygen.
-r
randomfile
Specifies a source of random data for
generating the authorization. If the operating system does not provide a
/dev/random or equivalent device, the default source of randomness is keyboard
input. randomdev specifies the name of a character device or file containing
random data to be used instead of the default. The special value keyboard
indicates that keyboard input should be used.
-s
name
(ddns-confgen only.) Generate
configuration example to allow dynamic updates of a single hostname. The
example named.conf text shows how to set an update policy for the
specified name using the "name" nametype. The default key
name is ddns-key. name. Note that the "self" nametype cannot
be used, since the name to be updated may differ from the key name. This
option cannot be used with the -z option.
-z
zone
(ddns-confgen only.) Generate
configuration example to allow dynamic updates of a zone: The example
named.conf text shows how to set an update policy for the specified
zone using the "zonesub" nametype, allowing updates to all
subdomain names within that zone. This option cannot be used with the
-s option.
SEE ALSO
nsupdate(1),
named.conf(5),
named(8), BIND 9 Administrator
Reference Manual.
AUTHOR
Internet Systems Consortium, Inc.
COPYRIGHT
Copyright © 2009, 2014-2016 Internet Systems Consortium, Inc.
("ISC")