ddns-confgen - ddns key generation tool
tsig-keygen [-a algorithm] [-h] [name]
ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-r randomfile] [-s name | -z zone]
tsig-keygen and ddns-confgen are invocation methods for a utility that generates keys for use in TSIG signing. The resulting keys can be used, for example, to secure dynamic DNS updates to a zone or for the rndc command channel.
When run as tsig-keygen, a domain name can be specified on the command line which will be used as the name of the generated key. If no name is specified, the default is tsig-key.
When run as ddns-confgen, the generated key is accompanied by configuration text and instructions that can be used with nsupdate and named when setting up dynamic DNS, including an example update-policy statement. (This usage similar to the rndc-confgen command for setting up command channel security.)
Note that named itself can configure a local DDNS key for use with nsupdate -l: it does this when a zone is configured with update-policy local;. ddns-confgen is only needed when a more elaborate configuration is required: for instance, if nsupdate is to be used from a remote system.
nsupdate(1), named.conf(5), named(8), BIND 9 Administrator Reference Manual.
Internet Systems Consortium, Inc.
Copyright © 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")