DDNS-CONFGEN(8) BIND 9 DDNS-CONFGEN(8)
NAME
ddns-confgen - ddns key generation tool
SYNOPSIS
ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-s name] [-z zone]
DESCRIPTION
ddns-confgen is an utility that generates keys for use in TSIG signing.
The resulting keys can be used, for example, to secure dynamic DNS up-
dates to a zone, or for the rndc command channel.
The key name can specified using -k parameter and defaults to ddns-key.
The generated key is accompanied by configuration text and instructions
that can be used with nsupdate and named when setting up dynamic DNS,
including an example update-policy statement. (This usage is similar to
the rndc-confgen command for setting up command-channel security.)
Note that named itself can configure a local DDNS key for use with
nsupdate -l; it does this when a zone is configured with update-policy
local;. ddns-confgen is only needed when a more elaborate configuration
is required: for instance, if nsupdate is to be used from a remote sys-
tem.
OPTIONS
-a algorithm
This option specifies the algorithm to use for the TSIG key.
Available choices are: hmac-md5, hmac-sha1, hmac-sha224,
hmac-sha256, hmac-sha384, and hmac-sha512. The default is
hmac-sha256. Options are case-insensitive, and the "hmac-" prefix
may be omitted.
-h This option prints a short summary of options and arguments.
-k keyname
This option specifies the key name of the DDNS authentication
key. The default is ddns-key when neither the -s nor -z option is
specified; otherwise, the default is ddns-key as a separate label
followed by the argument of the option, e.g., ddns-key.exam-
ple.com. The key name must have the format of a valid domain
name, consisting of letters, digits, hyphens, and periods.
-q This option enables quiet mode, which prints only the key, with
no explanatory text or usage examples. This is essentially iden-
tical to tsig-keygen.
-s name
This option generates a configuration example to allow dynamic
updates of a single hostname. The example named.conf text shows
how to set an update policy for the specified name using the
"name" nametype. The default key name is ddns-key.name. Note that
the "self" nametype cannot be used, since the name to be updated
may differ from the key name. This option cannot be used with the
-z option.
-z zone
This option generates a configuration example to allow dynamic
updates of a zone. The example named.conf text shows how to set
an update policy for the specified zone using the "zonesub" name-
type, allowing updates to all subdomain names within that zone.
This option cannot be used with the -s option.
SEE ALSO
nsupdate(1), named.conf(5), named(8), BIND 9 Administrator Reference
Manual.
AUTHOR
Internet Systems Consortium
COPYRIGHT
2025, Internet Systems Consortium
9.20.15-1~deb13u1-Debian 2025-10-18 DDNS-CONFGEN(8)
Generated by dwww version 1.16 on Tue Dec 16 07:39:03 CET 2025.