Provided by: bind9_9.18.30-0ubuntu0.24.04.2_amd64 bug

NAME
       ddns-confgen - ddns key generation tool


SYNOPSIS
       ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-s name] [-z zone]


DESCRIPTION
       ddns-confgen  is an utility that generates keys for use in TSIG signing.  The resulting keys can be used,
       for example, to secure dynamic DNS updates to a zone, or for the rndc command channel.

       The key name can specified using -k parameter and defaults to ddns-key.  The generated key is accompanied
       by configuration text and instructions that can be used with nsupdate and named when setting  up  dynamic
       DNS,  including  an  example update-policy statement.  (This usage is similar to the rndc-confgen command
       for setting up command-channel security.)

       Note that named itself can configure a local DDNS key for use with nsupdate -l; it does this when a  zone
       is  configured with update-policy local;. ddns-confgen is only needed when a more elaborate configuration
       is required: for instance, if nsupdate is to be used from a remote system.


OPTIONS
       -a algorithm
              This option specifies the algorithm to use for the TSIG  key.  Available  choices  are:  hmac-md5,
              hmac-sha1,  hmac-sha224,  hmac-sha256,  hmac-sha384,  and hmac-sha512. The default is hmac-sha256.
              Options are case-insensitive, and the "hmac-" prefix may be omitted.

       -h     This option prints a short summary of options and arguments.

       -k keyname
              This option specifies the key name of the DDNS authentication key. The default  is  ddns-key  when
              neither  the -s nor -z option is specified; otherwise, the default is ddns-key as a separate label
              followed by the argument of the option, e.g., ddns-key.example.com.  The key name  must  have  the
              format of a valid domain name, consisting of letters, digits, hyphens, and periods.

       -q     This  option  enables  quiet  mode,  which  prints only the key, with no explanatory text or usage
              examples. This is essentially identical to tsig-keygen.

       -s name
              This option generates a configuration example to allow dynamic updates of a single  hostname.  The
              example  named.conf text shows how to set an update policy for the specified name using the "name"
              nametype. The default key name is ddns-key.name. Note that the "self"  nametype  cannot  be  used,
              since  the name to be updated may differ from the key name. This option cannot be used with the -z
              option.

       -z zone
              This option generates a configuration example to allow dynamic updates  of  a  zone.  The  example
              named.conf  text  shows  how  to  set  an update policy for the specified zone using the "zonesub"
              nametype, allowing updates to all subdomain names within that zone.  This option  cannot  be  used
              with the -s option.


SEE ALSO
       nsupdate(1), named.conf(5), named(8), BIND 9 Administrator Reference Manual.


AUTHOR
       Internet Systems Consortium


COPYRIGHT
       2025, Internet Systems Consortium

9.18.30-0ubuntu0.24.04.2-Ubuntu                    2024-09-09                                    DDNS-CONFGEN(8)