上一篇  |  下一篇
DNS技术
rndc-confgen

rndc-confgen  Manual pages

Name

rndc-confgen — rndc key generation tool

Synopsis

rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

DESCRIPTION

rndc-confgen generates configuration files for rndc. It can be used as a convenient alternative to writing the rndc.conf file and the corresponding controls and key statements in named.conf by hand. Alternatively, it can be run with the -a option to set up a rndc.key file and avoid the need for a rndc.conf file and a controls statement altogether.

OPTIONS

-a

Do automatic rndc configuration. This creates a file rndc.key in /etc (or whatever sysconfdir was specified as when BIND was built) that is read by both rndc and named on startup. The rndc.key file defines a default command channel and authentication key allowing rndc to communicate with named on the local host with no further configuration.

Running rndc-confgen -a allows BIND 9 and rndc to be used as drop-in replacements for BIND 8 and ndc, with no changes to the existing BIND 8 named.conf file.

If a more elaborate configuration than that generated by rndc-confgen -a is required, for example if rndc is to be used remotely, you should run rndc-confgen without the -a option and set up a rndc.conf and named.conf as directed.

-b keysize

Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.

-c keyfile

Used with the -a option to specify an alternate location for rndc.key.

-h

Prints a short summary of the options and arguments to rndc-confgen.

-k keyname

Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is rndc-key.

-p port

Specifies the command channel port where named listens for connections from rndc. The default is 953.

-r randomfile

Specifies a source of random data for generating the authorization. If the operating system does not provide a /dev/random or equivalent device, the default source of randomness is keyboard input. randomdev specifies the name of a character device or file containing random data to be used instead of the default. The special value keyboard indicates that keyboard input should be used.

-s address

Specifies the IP address where named listens for command channel connections from rndc. The default is the loopback address 127.0.0.1.

-t chrootdir

Used with the -a option to specify a directory where named will run chrooted. An additional copy of the rndc.key will be written relative to this directory so that it will be found by the chrooted named.

-u user

Used with the -a option to set the owner of the rndc.key file generated. If -t is also specified only the file in the chroot area has its owner changed.

EXAMPLES

To allow rndc to be used with no manual configuration, run

rndc-confgen -a

To print a sample rndc.conf file and corresponding controls and key statements to be manually inserted into named.conf, run

rndc-confgen

SEE ALSO

rndc(8), rndc.conf(5), named(8), BIND 9 Administrator Reference Manual.

AUTHOR

Internet Systems Consortium

************************************************************

rndc-confgen 命令

用途

生成 rndc 命令的配置文件。

语法

rndc-confgen [ -a ] [ -bkeysize ] [ -ckeyfile ] [ -h ] [ -kkeyname ] [-pport ] [ -rrandomfile ] [ -saddress ] [ -tchrootdir ] [ -uuser ]

描述

rndc-confgen 命令生成 rndc 命令的配置文件。可使用此命令方便地替代手工编写 rndc.conf 文件以及 named.conf 中的相应控制语句和键语句。可将 rndc-confgen 命令与 -a 标志配合使用来设置 rndc.key 文件。这样做可避免需要 rndc.conf 文件和控制语句。

标志

-a执行自动 rndc 配置。这会在 rndc 命令和 named 守护程序启动时读取的 /etc(或在构建 BIND 时将 sysconfdir 指定为的目录)中创建 rndc.key 文件。rndc.key 文件会定义缺省命令通道和认证键,以允许 rndc 命令与本地主机上的 named 守护程序通信而不需要进一步的配置。
-bkeysize指定认证密钥的大小(以位计)。该大小必须在 1 位和 512 位之间。缺省值为 128。
-ckeyfile使用 -c 标志来指定 rndc.key 的备用位置。
-h显示 rndc-confgen 命令的选项和参数的简短摘要。
-kkeyname指定 rndc 认证密钥的密钥名。这必须是一个有效域名。缺省值为 rndc-key
-pport指定 named 守护程序用于侦听来自 rndc 的连接的命令通道端口。缺省值为 953。
-rrandomfile指定用于生成授权的随机数据的源。如果操作系统不提供 /dev/random 或功能相同的设备,缺省随机源为键盘输入。randomfile 参数指定包含要代替缺省值使用的随机数据的字符设备或文件的名称。keyboard 值指示必须使用键盘输入。
-saddress指定 named 守护程序用于侦听来自 rndc 的命令通道连接的 IP 地址。缺省值为回送地址 127.0.0.1。
-tchrootdir-a 标志配合使用,以指定已切换根目录运行的 named 守护程序所在的目录。将相对于此目录写入 rndc.key 的另一副本,以便已切换根目录的 named 可找到此副本。
-uuser-a 标志配合使用,以设置生成的 rndc.key 文件的所有者。如果同时指定了 -t 标志,那么只有 chroot 区域中的文件更改了所有者。

示例

  1. 要使用 rndc 命令而不进行任何手动配置,请输入以下命令: 
    rndc-confgen -a
  2. 要显示样本 rndc.conf 文件并将相应控制语句和键语句手动插入到 named.conf 文件中,请输入以下命令: 
    rndc-confgen
此文章由 flyinweb 于 2009-07-23 11:21:29 编辑

本日志由 flyinweb 于 2009-07-23 11:18:05 发表,目前已经被浏览 4039 次,评论 0 次;

作者添加了以下标签: BINDrndc-confgen

引用通告:http://www.517sou.net/Article/154/Trackback.ashx

评论订阅:http://www.517sou.net/Article/154/Feeds.ashx

相关文章

评论列表

    暂时没有评论
(必填)
(必填,不会被公开)