Create DDNS Configuration (CRTDDNSCFG)
| Where allowed to run: All environments (*ALL) Threadsafe: No |
Parameters Examples Error messages |
The Create DDNS Configuration (CRTDDNSCFG) command generates a key for use by NSUPDATE command and Dynamic DNS (DDNS) server. It simplifies configuration of dynamic zones by generating a key and providing the NSUPDATE command and named.conf syntax that will be needed to use it, including an example update-policy statement.
Note that DNS server itself can configure a local DDNS key for use with NSUPDATE LOCALHOST(*YES). This command is only needed when a more elaborate configuration is required: for instance, if NSUPDATE is to be used from a remote system.
Restrictions:
- You must have execute (*X) authority to the directories in the path of the entropy source file.
- You must have read (*R) authority to the entropy source file.
- You must have execute (*X) authority to the directories in the path of the output file.
- You must have write (*W) authority to the output file if it already exists.
- You must have read, write and execute (*RWX) authority to the output file's parent directory if the output file does not already exist.
| Top |
Parameters
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| NAME | Name | Character value | Required, Positional 1 |
| NAMEMODE | Name mode | *HOST, *ZONE | Optional, Positional 2 |
| ALGORITHM | Cryptographic algorithm | *SHA256, *MD5, *SHA1, *SHA224, *SHA384, *SHA512 | Optional |
| KEYNAME | Key name | Character value, *DFT | Optional |
| QUIETMODE | Quiet mode | *NO, *YES | Optional |
| ENTROPYSRC | Entropy source | Path name, *DFT | Optional |
| TOSTMF | Output file | Path name, *STDOUT | Optional |
| Top |
Name (NAME)
Specifies the host name or zone name in the DDNS configuration, based on the field of Name mode (NAMEMODE)
This is a required parameter.
- character-value
- Specify a name. The meaning of the name depends on the field of Name mode (NAMEMODE)
| Top |
Name mode (NAMEMODE)
Specifies the name mode to decide the meaning of Name (NAME)
- *HOST
- Single host mode: The example named.conf text shows how to set an update policy for the specified name using the name nametype. The default key name is ddns-key.name. Note that the self nametype cannot be used, since the name to be updated may differ from the key name.
- *ZONE
- Zone mode: The example named.conf text shows how to set an update policy for the specified zone using the zonesub nametype, allowing updates to all subdomain names within that zone.
| Top |
Cryptographic algorithm (ALGORITHM)
Specifies the algorithm to use for the Transaction Signatures (TSIG) key.
- *SHA256
- Keyed-hash message authentication code (HMAC) using Secure Hash Algorithm (SHA-256) hash algorithm.
- *MD5
- Keyed-hash message authentication code (HMAC) using Message-Digest 5 (MD5) hash algorithm.
- *SHA1
- Keyed-hash message authentication code (HMAC) using Secure Hash Algorithm (SHA-1) hash algorithm.
- *SHA224
- Keyed-hash message authentication code (HMAC) using Secure Hash Algorithm (SHA-224) hash algorithm.
- *SHA384
- Keyed-hash message authentication code (HMAC) using Secure Hash Algorithm (SHA-384) hash algorithm.
- *SHA512
- Keyed-hash message authentication code (HMAC) using Secure Hash Algorithm (SHA-512) hash algorithm.
| Top |
Key name (KEYNAME)
Specifies the key name of the DDNS authentication key.
- *DFT
- The default key name is ddns-key as a separate label followed by the text specified for Name (NAME) parameter, e.g., ddns-key.example.com.
- character-value
- Specify the name of the key.
| Top |
Quiet mode (QUIETMODE)
Specifies whether or not to print only the key, with no explanatory text or usage examples.
- *NO
- Do not use quiet mode.
- *YES
- Use quiet mode.
| Top |
Entropy source (ENTROPYSRC)
Specifies a source of random data for generating the authorization. If for some reason the default entropy file is not large enough, this parameter allows you to change the entropy source to one that is larger.
- *DFT
- The default entropy source of randomness /dev/urandom will be used.
- path-name
- Specify the path for a stream file to serve as an entropy source.
| Top |
Output file (TOSTMF)
Specifies the name of a stream file where all command output is written.
- *STDOUT
- All command output goes to the standard output device (normally the display).
- path-name
- Specify the path name for a stream file where output should be written.
| Top |
Examples
CRTDDNSCFG NAME('example.com.')
NAMEMODE(*ZONE)
This command shows how to set an update policy for the specified zone of example.com, allowing updates to all subdomain names within that zone. Output from the command is sent to stdout and will look like the following: :
# To activate this key, place the following in named.conf, and
# in a separate keyfile on the system or systems from which nsupdate
# will be run:
key "ddns-key.example.com." {
algorithm hmac-sha256;
secret "PlMvjTv1n9C+oKqYCHkpV8M/336OwrLm8sAQzKVngro=";
};
# Then, in the "zone" definition statement for "example.com.",
# place an "update-policy" statement like this one, adjusted as
# needed for your preferred permissions:
update-policy {
grant ddns-key.example.com. zonesub ANY;
};
# After the keyfile has been placed, the following command will
# execute nsupdate using this key:
nsupdate -k <keyfile>
| Top |
Error messages
*ESCAPE Messages
- DNS0013
- Error processing command parameters.
- DNS0065
- Option 33 of i5/OS is required, but is not installed.
- TCP7124
- Program &1 in library &2 type *PGM ended abnormally.
| Top |