ddns-confgen — ddns key generation tool
tsig-keygen
[-a
]
[algorithm
-h
]
[-r
]
[name]
randomfile
ddns-confgen
[-a
]
[algorithm
-h
]
[-k
]
[keyname
-q
]
[-r
]
[
-s randomfile
name
| -z zone
]
tsig-keygen and ddns-confgen are invocation methods for a utility that generates keys for use in TSIG signing. The resulting keys can be used, for example, to secure dynamic DNS updates to a zone or for the rndc command channel.
When run as tsig-keygen, a domain name
can be specified on the command line which will be used as
the name of the generated key. If no name is specified,
the default is tsig-key
.
When run as ddns-confgen, the generated key is accompanied by configuration text and instructions that can be used with nsupdate and named when setting up dynamic DNS, including an example update-policy statement. (This usage similar to the rndc-confgen command for setting up command channel security.)
Note that named itself can configure a local DDNS key for use with nsupdate -l: it does this when a zone is configured with update-policy local;. ddns-confgen is only needed when a more elaborate configuration is required: for instance, if nsupdate is to be used from a remote system.
algorithm
Specifies the algorithm to use for the TSIG key. Available choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The default is hmac-sha256. Options are case-insensitive, and the "hmac-" prefix may be omitted.
Prints a short summary of options and arguments.
keyname
Specifies the key name of the DDNS authentication key.
The default is ddns-key
when neither
the -s
nor -z
option is
specified; otherwise, the default
is ddns-key
as a separate label
followed by the argument of the option, e.g.,
ddns-key.example.com.
The key name must have the format of a valid domain name,
consisting of letters, digits, hyphens and periods.
(ddns-confgen only.) Quiet mode: Print only the key, with no explanatory text or usage examples; This is essentially identical to tsig-keygen.
randomfile
Specifies a source of random data for generating the
authorization. If the operating system does not provide a
/dev/random
or equivalent device, the
default source of randomness is keyboard input.
randomdev
specifies the name of a
character device or file containing random data to be used
instead of the default. The special value
keyboard
indicates that keyboard input
should be used.
name
(ddns-confgen only.)
Generate configuration example to allow dynamic updates
of a single hostname. The example named.conf
text shows how to set an update policy for the specified
name
using the "name" nametype. The default key name is
ddns-key.name
.
Note that the "self" nametype cannot be used, since
the name to be updated may differ from the key name.
This option cannot be used with the -z
option.
zone
(ddns-confgen only.)
Generate configuration example to allow dynamic updates
of a zone: The example named.conf text
shows how to set an update policy for the specified
zone
using the "zonesub" nametype, allowing updates to
all subdomain names within that
zone
.
This option cannot be used with the -s
option.
BIND 9.11.1rc3