Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > R


BIND 9.3
HP-UX 11i Version 3: February 2007

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index


rndc-confgen — rndc key generation tool


rndc-confgen [-ah] [-b keysize] [-c keyfile] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]


rndc-confgen generates /etc/rndc.conf, the configuration file for rndc. Alternatively, it can be run with the -a option to set up a rndc.key file and avoid the need for a rndc.conf file and a controls statement in a named.conf file altogether.



Configure rndc automatically. This creates the file /etc/rndc.key that is read by both rndc and named on startup. The rndc.key file defines a default command channel and authentication key allowing rndc to communicate with named with no further configuration. Running rndc-confgen -a allows BIND 9 and rndc to be used as drop-in replacements for BIND 8 and ndc, with no changes to the existing BIND 8 named.conf file.

-b keysize

Specify the size of the authentication key in bits. The value must range from 1 to 512. The default is 128.

-c keyfile

Use with the -a option to specify an alternate name for the rndc.key file.


Print a short summary of the options.

-k keyname

Specify the key name of the rndc authentication key in rndc.conf. The default is rndc-key.

-p port

Specify the command channel port where named listens for connections from rndc. The default is 953.

-r randomfile

Specify a source file of random data for generating the authorization. randomfile is the name of a character device file or a file containing random data. The default is /dev/random.

If -r is not specified and /dev/random cannot be found or -r is specified and randomfile cannot be found, the keyboard is used as the source of randomness. The special randomfile value keyboard specifies keyboard input.

-s address

Specify the IP address where named listens for command channel connections from rndc. The default is the loopback address

-t chrootdir

Use with the -a option to specify a directory where named will run chrooted (see chroot(2)). An additional copy of the rndc.key will be written relative to this directory so that it will be found by the chrooted named.

-u user

Use with the -a option to set the owner of the generated rndc.key file. If -t is also specified, only the file in the chroot area has its owner changed.


Example 1

To create a rndc.key file, thus allowing rndc to be used with no manual configuration, run:

$ rndc-confgen -a

Example 2

To print a sample rndc.conf file, with corresponding controls and key statements to be manually inserted into named.conf, run:

$ rndc-confgen


rndc-confgen was developed by the Internet Systems Consortium (ISC).



Default system random data source.


Default named configuration file.


Default rndc configuration file.


Default alternate rndc configuration file.


rndc(1), named(1M), chroot(2), rndc.conf(4).

HP-UX IP Address and Client Management Administrator's Guide, available online at http://docs.hp.com.

BIND 9 Administrator Reference Manual, available from the Internet Systems Consortium at http://www.isc.org/sw/bind/arm93.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.