.. highlight: console
+.. BEWARE: Do not forget to edit also tsig-keygen.rst!
+
.. _man_ddns-confgen:
-ddns-confgen - ddns key generation tool
+ddns-confgen - TSIG key generation tool
---------------------------------------
Synopsis
~~~~~~~~
-:program:`tsig-keygen` [**-a** algorithm] [**-h**] [name]
-
:program:`ddns-confgen` [**-a** algorithm] [**-h**] [**-k** keyname] [**-q**] [**-s** name] [**-z** zone]
Description
~~~~~~~~~~~
-``tsig-keygen`` and ``ddns-confgen`` are invocation methods for a
-utility that generates keys for use in TSIG signing. The resulting keys
-can be used, for example, to secure dynamic DNS updates to a zone or for
-the ``rndc`` command channel.
-
-When run as ``tsig-keygen``, a domain name can be specified on the
-command line to be used as the name of the generated key. If no
-name is specified, the default is ``tsig-key``.
+``ddns-confgen`` is an utility that generates keys for use in TSIG signing.
+The resulting keys can be used, for example, to secure dynamic DNS updates
+to a zone, or for the ``rndc`` command channel.
-When run as ``ddns-confgen``, the generated key is accompanied by
-configuration text and instructions that can be used with ``nsupdate``
-and ``named`` when setting up dynamic DNS, including an example
-``update-policy`` statement. (This usage is similar to the ``rndc-confgen``
-command for setting up command-channel security.)
+The key name can specified using ``-k`` parameter and defaults to ``ddns-key``.
+The generated key is accompanied by configuration text and instructions that
+can be used with ``nsupdate`` and ``named`` when setting up dynamic DNS,
+including an example ``update-policy`` statement.
+(This usage is similar to the ``rndc-confgen`` command for setting up
+command-channel security.)
Note that ``named`` itself can configure a local DDNS key for use with
``nsupdate -l``; it does this when a zone is configured with
~~~~~~~
``-a algorithm``
- This option specifies the algorithm to use for the TSIG key. Available choices
- are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, and
- hmac-sha512. The default is hmac-sha256. Options are
+ This option specifies the algorithm to use for the TSIG key. Available
+ choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
+ and hmac-sha512. The default is hmac-sha256. Options are
case-insensitive, and the "hmac-" prefix may be omitted.
``-h``
This option prints a short summary of options and arguments.
``-k keyname``
- This option specifies the key name of the DDNS authentication key. The default is
- ``ddns-key`` when neither the ``-s`` nor ``-z`` option is specified;
- otherwise, the default is ``ddns-key`` as a separate label followed
- by the argument of the option, e.g., ``ddns-key.example.com.`` The
- key name must have the format of a valid domain name, consisting of
+ This option specifies the key name of the DDNS authentication key. The
+ default is ``ddns-key`` when neither the ``-s`` nor ``-z`` option is
+ specified; otherwise, the default is ``ddns-key`` as a separate label
+ followed by the argument of the option, e.g., ``ddns-key.example.com.``
+ The key name must have the format of a valid domain name, consisting of
letters, digits, hyphens, and periods.
-``-q`` (``ddns-confgen`` only)
+``-q``
This option enables quiet mode, which prints only the key, with no
explanatory text or usage examples. This is essentially identical to
``tsig-keygen``.
-``-s name`` (``ddns-confgen`` only)
- This option generates a configuration example to allow
- dynamic updates of a single hostname. The example ``named.conf`` text
- shows how to set an update policy for the specified name using the
- "name" nametype. The default key name is ``ddns-key.name``. Note that the
- "self" nametype cannot be used, since the name to be updated may
- differ from the key name. This option cannot be used with the ``-z``
- option.
-
-``-z zone`` (``ddns-confgen`` only)
+``-s name``
+ This option generates a configuration example to allow dynamic updates
+ of a single hostname. The example ``named.conf`` text shows how to set
+ an update policy for the specified name using the "name" nametype. The
+ default key name is ``ddns-key.name``. Note that the "self" nametype
+ cannot be used, since the name to be updated may differ from the key
+ name. This option cannot be used with the ``-z`` option.
+
+``-z zone``
This option generates a configuration example to allow
dynamic updates of a zone. The example ``named.conf`` text shows how
to set an update policy for the specified zone using the "zonesub"
--- /dev/null
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0. If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+.. highlight: console
+
+.. BEWARE: Do not forget to edit also ddns-confgen.rst!
+
+.. _man_tsig-keygen:
+
+tsig-keygen - TSIG key generation tool
+--------------------------------------
+
+Synopsis
+~~~~~~~~
+:program:`tsig-keygen` [**-a** algorithm] [**-h**] [name]
+
+Description
+~~~~~~~~~~~
+
+``tsig-keygen`` is an utility that generates keys for use in TSIG signing.
+The resulting keys can be used, for example, to secure dynamic DNS updates
+to a zone, or for the ``rndc`` command channel.
+
+A domain name can be specified on the command line to be used as the name
+of the generated key. If no name is specified, the default is ``tsig-key``.
+
+Options
+~~~~~~~
+
+``-a algorithm``
+ This option specifies the algorithm to use for the TSIG key. Available
+ choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
+ and hmac-sha512. The default is hmac-sha256. Options are
+ case-insensitive, and the "hmac-" prefix may be omitted.
+
+``-h``
+ This option prints a short summary of options and arguments.
+
+See Also
+~~~~~~~~
+
+:manpage:`nsupdate(1)`, :manpage:`named.conf(5)`, :manpage:`named(8)`, BIND 9 Administrator Reference Manual.
============
.. include:: ../../bin/tools/arpaname.rst
-.. include:: ../../bin/confgen/ddns-confgen.rst
.. include:: ../../bin/delv/delv.rst
.. include:: ../../bin/dig/dig.rst
.. include:: ../../bin/dnssec/dnssec-cds.rst
.. include:: ../../bin/confgen/rndc-confgen.rst
.. include:: ../../bin/rndc/rndc.conf.rst
.. include:: ../../bin/rndc/rndc.rst
+.. include:: ../../bin/confgen/ddns-confgen.rst
+.. include:: ../../bin/confgen/tsig-keygen.rst
named.8 \
nsec3hash.8 \
rndc-confgen.8 \
- rndc.8
+ rndc.8 \
+ tsig-keygen.8
MANPAGES_RST = \
arpaname.rst \
rndc-confgen.rst \
rndc.conf.rst \
rndc.rst \
+ tsig-keygen.rst \
pkcs11-destroy.rst \
pkcs11-keygen.rst \
pkcs11-list.rst \
rndc-confgen.8in \
rndc.conf.5in \
rndc.8in \
+ tsig-keygen.8in \
pkcs11-destroy.8in \
pkcs11-keygen.8in \
pkcs11-list.8in \
for m in $(man1_MANS); do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man1/; done
for m in $(man5_MANS); do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man5/; done
for m in $(man8_MANS); do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man8/; done
- ( cd ${DESTDIR}${mandir}/man8/; rm -f named-compilezone.8; ${LINK_PROGRAM} named-checkzone.8 named-compilezone.8 )
- ( cd ${DESTDIR}${mandir}/man8/; rm -f tsig-keygen.8; ${LINK_PROGRAM} ddns-confgen.8 tsig-keygen.8 )
for m in @DNSTAP_MANS@; do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man1/; done
for m in @NZD_MANS@; do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man8/; done
for m in @PKCS11_MANS@; do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man8/; done
for m in $(man1_MANS); do rm -f ${DESTDIR}${mandir}/man1/$$m; done
for m in $(man5_MANS); do rm -f ${DESTDIR}${mandir}/man5/$$m; done
for m in $(man8_MANS); do rm -f ${DESTDIR}${mandir}/man8/$$m; done
- rm -f ${DESTDIR}${mandir}/man8/named-compilezone.8
- rm -f ${DESTDIR}${mandir}/man8/tsig-keygen.8
for m in @DNSTAP_MANS@; do rm -f ${DESTDIR}${mandir}/man1/$$m; done
for m in @NZD_MANS@; do rm -f ${DESTDIR}${mandir}/man8/$$m; done
for m in @PKCS11_MANS@; do rm -f ${DESTDIR}${mandir}/man8/$$m; done
('rndc-confgen', 'rndc-confgen', 'rndc key generation tool', author, 8),
('rndc.conf', 'rndc.conf', 'rndc configuration file', author, 5),
('rndc', 'rndc', 'name server control utility', author, 8),
+ ('tsig-keygen', 'tsig-keygen', 'TSIG key generation tool', author, 8),
]
ddns-confgen \- ddns key generation tool
.SH SYNOPSIS
.sp
-\fBtsig\-keygen\fP [\fB\-a\fP algorithm] [\fB\-h\fP] [name]
-.sp
\fBddns\-confgen\fP [\fB\-a\fP algorithm] [\fB\-h\fP] [\fB\-k\fP keyname] [\fB\-q\fP] [\fB\-s\fP name] [\fB\-z\fP zone]
.SH DESCRIPTION
.sp
-\fBtsig\-keygen\fP and \fBddns\-confgen\fP are invocation methods for a
-utility that generates keys for use in TSIG signing. The resulting keys
-can be used, for example, to secure dynamic DNS updates to a zone or for
-the \fBrndc\fP command channel.
-.sp
-When run as \fBtsig\-keygen\fP, a domain name can be specified on the
-command line to be used as the name of the generated key. If no
-name is specified, the default is \fBtsig\-key\fP\&.
+\fBddns\-confgen\fP is an utility that generates keys for use in TSIG signing.
+The resulting keys can be used, for example, to secure dynamic DNS updates
+to a zone, or for the \fBrndc\fP command channel.
.sp
-When run as \fBddns\-confgen\fP, the generated key is accompanied by
-configuration text and instructions that can be used with \fBnsupdate\fP
-and \fBnamed\fP when setting up dynamic DNS, including an example
-\fBupdate\-policy\fP statement. (This usage is similar to the \fBrndc\-confgen\fP
-command for setting up command\-channel security.)
+The key name can specified using \fB\-k\fP parameter and defaults to \fBddns\-key\fP\&.
+The generated key is accompanied by configuration text and instructions that
+can be used with \fBnsupdate\fP and \fBnamed\fP when setting up dynamic DNS,
+including an example \fBupdate\-policy\fP statement.
+(This usage is similar to the \fBrndc\-confgen\fP command for setting up
+command\-channel security.)
.sp
Note that \fBnamed\fP itself can configure a local DDNS key for use with
\fBnsupdate \-l\fP; it does this when a zone is configured with
.INDENT 0.0
.TP
.B \fB\-a algorithm\fP
-This option specifies the algorithm to use for the TSIG key. Available choices
-are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384, and
-hmac\-sha512. The default is hmac\-sha256. Options are
+This option specifies the algorithm to use for the TSIG key. Available
+choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384,
+and hmac\-sha512. The default is hmac\-sha256. Options are
case\-insensitive, and the "hmac\-" prefix may be omitted.
.TP
.B \fB\-h\fP
This option prints a short summary of options and arguments.
.TP
.B \fB\-k keyname\fP
-This option specifies the key name of the DDNS authentication key. The default is
-\fBddns\-key\fP when neither the \fB\-s\fP nor \fB\-z\fP option is specified;
-otherwise, the default is \fBddns\-key\fP as a separate label followed
-by the argument of the option, e.g., \fBddns\-key.example.com.\fP The
-key name must have the format of a valid domain name, consisting of
+This option specifies the key name of the DDNS authentication key. The
+default is \fBddns\-key\fP when neither the \fB\-s\fP nor \fB\-z\fP option is
+specified; otherwise, the default is \fBddns\-key\fP as a separate label
+followed by the argument of the option, e.g., \fBddns\-key.example.com.\fP
+The key name must have the format of a valid domain name, consisting of
letters, digits, hyphens, and periods.
.TP
-.B \fB\-q\fP (\fBddns\-confgen\fP only)
+.B \fB\-q\fP
This option enables quiet mode, which prints only the key, with no
explanatory text or usage examples. This is essentially identical to
\fBtsig\-keygen\fP\&.
.TP
-.B \fB\-s name\fP (\fBddns\-confgen\fP only)
-This option generates a configuration example to allow
-dynamic updates of a single hostname. The example \fBnamed.conf\fP text
-shows how to set an update policy for the specified name using the
-"name" nametype. The default key name is \fBddns\-key.name\fP\&. Note that the
-"self" nametype cannot be used, since the name to be updated may
-differ from the key name. This option cannot be used with the \fB\-z\fP
-option.
+.B \fB\-s name\fP
+This option generates a configuration example to allow dynamic updates
+of a single hostname. The example \fBnamed.conf\fP text shows how to set
+an update policy for the specified name using the "name" nametype. The
+default key name is \fBddns\-key.name\fP\&. Note that the "self" nametype
+cannot be used, since the name to be updated may differ from the key
+name. This option cannot be used with the \fB\-z\fP option.
.TP
-.B \fB\-z zone\fP (\fBddns\-confgen\fP only)
+.B \fB\-z zone\fP
This option generates a configuration example to allow
dynamic updates of a zone. The example \fBnamed.conf\fP text shows how
to set an update policy for the specified zone using the "zonesub"
:orphan:
-.. include:: ../../bin/confgen/ddns-confgen.rst
\ No newline at end of file
+.. include:: ../../bin/confgen/ddns-confgen.rst
--- /dev/null
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "TSIG-KEYGEN" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
+.SH NAME
+tsig-keygen \- TSIG key generation tool
+.SH SYNOPSIS
+.sp
+\fBtsig\-keygen\fP [\fB\-a\fP algorithm] [\fB\-h\fP] [name]
+.SH DESCRIPTION
+.sp
+\fBtsig\-keygen\fP is an utility that generates keys for use in TSIG signing.
+The resulting keys can be used, for example, to secure dynamic DNS updates
+to a zone, or for the \fBrndc\fP command channel.
+.sp
+A domain name can be specified on the command line to be used as the name
+of the generated key. If no name is specified, the default is \fBtsig\-key\fP\&.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+.B \fB\-a algorithm\fP
+This option specifies the algorithm to use for the TSIG key. Available
+choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384,
+and hmac\-sha512. The default is hmac\-sha256. Options are
+case\-insensitive, and the "hmac\-" prefix may be omitted.
+.TP
+.B \fB\-h\fP
+This option prints a short summary of options and arguments.
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fBnsupdate(1)\fP, \fBnamed.conf(5)\fP, \fBnamed(8)\fP, BIND 9 Administrator Reference Manual.
+.SH AUTHOR
+Internet Systems Consortium
+.SH COPYRIGHT
+2022, Internet Systems Consortium
+.\" Generated by docutils manpage writer.
+.
--- /dev/null
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0. If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+:orphan:
+
+.. include:: ../../bin/confgen/tsig-keygen.rst
projects / thirdparty / bind9.git / commitdiff
