ddns-confgen - ddns key generation tool
ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-s name] [-z zone]
DDNS-CONFGEN(8) BIND 9 DDNS-CONFGEN(8)
NAME
ddns-confgen - ddns key generation tool
SYNOPSIS
ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-s name] [-z zone]
DESCRIPTION
ddns-confgen is an utility that generates keys for use in TSIG signing.
The resulting keys can be used, for example, to secure dynamic DNS
updates to a zone, or for the rndc command channel.
The key name can specified using -k parameter and defaults to ddns-key.
The generated key is accompanied by configuration text and instructions
that can be used with nsupdate and named when setting up dynamic DNS,
including an example update-policy statement. (This usage is similar
to the rndc-confgen command for setting up command-channel security.)
Note that named itself can configure a local DDNS key for use with
nsupdate -l; it does this when a zone is configured with update-policy
local;. ddns-confgen is only needed when a more elaborate configuration
is required: for instance, if nsupdate is to be used from a remote sys-
tem.
OPTIONS
-a algorithm
This option specifies the algorithm to use for the TSIG key.
Available choices are: hmac-md5, hmac-sha1, hmac-sha224,
hmac-sha256, hmac-sha384, and hmac-sha512. The default is
hmac-sha256. Options are case-insensitive, and the "hmac-" pre-
fix may be omitted.
-h This option prints a short summary of options and arguments.
-k keyname
This option specifies the key name of the DDNS authentication
key. The default is ddns-key when neither the -s nor -z option
is specified; otherwise, the default is ddns-key as a separate
label followed by the argument of the option, e.g.,
ddns-key.example.com. The key name must have the format of a
valid domain name, consisting of letters, digits, hyphens, and
periods.
-q This option enables quiet mode, which prints only the key, with
no explanatory text or usage examples. This is essentially iden-
tical to tsig-keygen.
-s name
This option generates a configuration example to allow dynamic
updates of a single hostname. The example named.conf text shows
how to set an update policy for the specified name using the
"name" nametype. The default key name is ddns-key.name. Note
that the "self" nametype cannot be used, since the name to be
updated may differ from the key name. This option cannot be used
with the -z option.
-z zone
This option generates a configuration example to allow dynamic
updates of a zone. The example named.conf text shows how to set
an update policy for the specified zone using the "zonesub"
nametype, allowing updates to all subdomain names within that
zone. This option cannot be used with the -s option.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+--------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+--------------------------+
|Availability | network/dns/bind |
+---------------+--------------------------+
|Stability | Pass-through uncommitted |
+---------------+--------------------------+
SEE ALSO
nsupdate(1), named.conf(5), named(8), BIND 9 Administrator Reference
Manual.
AUTHOR
Internet Systems Consortium
COPYRIGHT
2022, Internet Systems Consortium
NOTES
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from
http://ftp.isc.org/isc/bind9/9.16.29/bind-9.16.29.tar.xz.
Further information about this software can be found on the open source
community website at http://www.isc.org/software/bind/.
9.16.29 2022-05-10 DDNS-CONFGEN(8)