rndc.docbook revision 268a4475065fe6a8cd7cc707820982cf5e98f430
4d237bbe075b1d2c19428cd954d721d65b31f67cwrowe<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
bf52162f2d05c1fb1a107c7ef108de73f739b3edpquerna "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
bf52162f2d05c1fb1a107c7ef108de73f739b3edpquerna [<!ENTITY mdash "—">]>
1018201f5223624476334c6e23aead02db7c4040minfrin - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
1018201f5223624476334c6e23aead02db7c4040minfrin - Copyright (C) 2000, 2001 Internet Software Consortium.
e5db2522dbe503cbf5399094b6239c88c246a8c5poirier - Permission to use, copy, modify, and distribute this software for any
e5db2522dbe503cbf5399094b6239c88c246a8c5poirier - purpose with or without fee is hereby granted, provided that the above
e5db2522dbe503cbf5399094b6239c88c246a8c5poirier - copyright notice and this permission notice appear in all copies.
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
59cb8d601b8c44476e59310f68b9c373d8fc62a6minfrin - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
59cb8d601b8c44476e59310f68b9c373d8fc62a6minfrin - PERFORMANCE OF THIS SOFTWARE.
59cb8d601b8c44476e59310f68b9c373d8fc62a6minfrin<!-- $Id: rndc.docbook,v 1.12 2005/05/11 05:55:37 sra Exp $ -->
ec8b1faa56744b338f6d6421144b56c2bb3faae6poirier <refentryinfo>
10abdcbd7b30d957d15c61ea8100ba97a627ac95minfrin </refentryinfo>
87e0bf269cc3386ee8e6ab561ff00770151f4f53niq <refentrytitle><application>rndc</application></refentrytitle>
97d20d37d21b8d427a920e211858172f0a82427epoirier <refnamediv>
97d20d37d21b8d427a920e211858172f0a82427epoirier <refpurpose>name server control utility</refpurpose>
8e04e8ec7d682bff5e6dccdd70c082971a88cb8bniq </refnamediv>
53c999a82fcca729dabc8a512b3fb996d61fd814niq <copyright>
53c999a82fcca729dabc8a512b3fb996d61fd814niq <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
25d0f8adcab13255494a3572edff1a25f6fbeea3rpluem </copyright>
25d0f8adcab13255494a3572edff1a25f6fbeea3rpluem <copyright>
dd9ae259e1578c4388739c880ede97c55cec543frpluem </copyright>
0938450cadc9a083d112a86bc7dd7ae34f791364trawick <refsynopsisdiv>
0938450cadc9a083d112a86bc7dd7ae34f791364trawick <cmdsynopsis>
8bed7ee6d97933b958e97e222f37154d83e384e5jorton <arg><option>-b <replaceable class="parameter">source-address</replaceable></option></arg>
8bed7ee6d97933b958e97e222f37154d83e384e5jorton <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
8bed7ee6d97933b958e97e222f37154d83e384e5jorton <arg><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
8bed7ee6d97933b958e97e222f37154d83e384e5jorton <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
d33ddda47790d3295f4218f87e3a296cf51a9becmjc <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
4e08c8c1a91e2887b41d8cacd3aa532355d0237drpluem <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
43d051c8401a1f3b4f7853cd897d3565ab814ea7poirier </cmdsynopsis>
43d051c8401a1f3b4f7853cd897d3565ab814ea7poirier </refsynopsisdiv>
7a25b029b69f169bd22718165dff3b271114f92eniq controls the operation of a name
7a25b029b69f169bd22718165dff3b271114f92eniq server. It supersedes the <command>ndc</command> utility
7a25b029b69f169bd22718165dff3b271114f92eniq that was provided in old BIND releases. If
2f34374f6e04b9094a1d13a5ed823f331ba841a3rpluem <command>rndc</command> is invoked with no command line
3e6a46d2fecf446daf0e280a49fa5565f5f635eajorton options or arguments, it prints a short summary of the
3e6a46d2fecf446daf0e280a49fa5565f5f635eajorton supported commands and the available options and their
0df8f79d2324b131c36955d7e474a735a762f9eeniq communicates with the name server
0df8f79d2324b131c36955d7e474a735a762f9eeniq over a TCP connection, sending commands authenticated with
30e3e760b737f13ce800fa02c5930ade7659ba66niq digital signatures. In the current versions of
30e3e760b737f13ce800fa02c5930ade7659ba66niq <command>rndc</command> and <command>named</command> named
30e3e760b737f13ce800fa02c5930ade7659ba66niq the only supported authentication algorithm is HMAC-MD5,
e991c6fc032c59eb6cb751d9d382e933a53a2866niq which uses a shared secret on each end of the connection.
e991c6fc032c59eb6cb751d9d382e933a53a2866niq This provides TSIG-style authentication for the command
e991c6fc032c59eb6cb751d9d382e933a53a2866niq request and the name server's response. All commands sent
e991c6fc032c59eb6cb751d9d382e933a53a2866niq over the channel must be signed by a key_id known to the
33d9be77cc6f5fc8734e9c1f526b82d359955152rpluem reads a configuration file to
9a00e2d46c44c111d6952e553a2f1a61b7594eb3rpluem determine how to contact the name server and decide what
33d9be77cc6f5fc8734e9c1f526b82d359955152rpluem algorithm and key it should use.
172e83c0f024fe6396dd1f3ca3492fd83c304db5jim </refsect1>
45932a847f237b4d8f0667b138bd3f8a15fb53ffniq <refsect1>
186e9d990f453d16826ab87a87df7b87e6e05921rpluem <variablelist>
186e9d990f453d16826ab87a87df7b87e6e05921rpluem <varlistentry>
186e9d990f453d16826ab87a87df7b87e6e05921rpluem <term>-b <replaceable class="parameter">source-address</replaceable></term>
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi Use <replaceable class="parameter">source-address</replaceable>
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi as the source address for the connection to the server.
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi Multiple instances are permitted to allow setting of both
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi the IPv4 and IPv6 source addresses.
f1f779c42f76118102fdecbe8777b47a1fc693a7rjung </listitem>
f1f779c42f76118102fdecbe8777b47a1fc693a7rjung </varlistentry>
292cb7b720095e7bb434d79ae53b02d332aeb99acovener <varlistentry>
292cb7b720095e7bb434d79ae53b02d332aeb99acovener <term>-c <replaceable class="parameter">config-file</replaceable></term>
137e484e5f984ceff1102e1212dda8ac0413231aniq Use <replaceable class="parameter">config-file</replaceable>
137e484e5f984ceff1102e1212dda8ac0413231aniq as the configuration file instead of the default,
137e484e5f984ceff1102e1212dda8ac0413231aniq </listitem>
4e08c8c1a91e2887b41d8cacd3aa532355d0237drpluem </varlistentry>
d0cd62f11bcd8fa9bf758c5125f55cea5d9038dfrpluem <varlistentry>
d0cd62f11bcd8fa9bf758c5125f55cea5d9038dfrpluem <term>-k <replaceable class="parameter">key-file</replaceable></term>
51d55be8bbc6652c13bc80d920f4331f7152dceerjung Use <replaceable class="parameter">key-file</replaceable>
27c7a7cad9e83eeebad0a4d5a321144394adc3f9trawick as the key file instead of the default,
27c7a7cad9e83eeebad0a4d5a321144394adc3f9trawick authenticate
27c7a7cad9e83eeebad0a4d5a321144394adc3f9trawick commands sent to the server if the <replaceable class="parameter">config-file</replaceable>
27c7a7cad9e83eeebad0a4d5a321144394adc3f9trawick does not exist.
8f2700898323915da289644dc1f3ee11a5e5b4earpluem </listitem>
8f2700898323915da289644dc1f3ee11a5e5b4earpluem </varlistentry>
e7983ce746b0df56a1b74b42da6d82f5ecb99349covener <varlistentry>
e7983ce746b0df56a1b74b42da6d82f5ecb99349covener <term>-s <replaceable class="parameter">server</replaceable></term>
e7983ce746b0df56a1b74b42da6d82f5ecb99349covener <para><replaceable class="parameter">server</replaceable> is
bbcfb8ab8e22f90fdf346e9993bd58ba2203b182trawick the name or address of the server which matches a
bbcfb8ab8e22f90fdf346e9993bd58ba2203b182trawick server statement in the configuration file for
bbcfb8ab8e22f90fdf346e9993bd58ba2203b182trawick <command>rndc</command>. If no server is supplied on
d1745d6933c22c807cf2388332426defd1b19f03covener command line, the host named by the default-server clause
d1745d6933c22c807cf2388332426defd1b19f03covener in the option statement of the configuration file will be
222834d5a33b915037094af014905f3683cae78btrawick </listitem>
222834d5a33b915037094af014905f3683cae78btrawick </varlistentry>
2db5d76ac4c75aadecf38e20569bccbfd2360ba7rpluem <varlistentry>
2db5d76ac4c75aadecf38e20569bccbfd2360ba7rpluem <term>-p <replaceable class="parameter">port</replaceable></term>
1c03114a0f0315ed19a05f654021da9f66005897rjung Send commands to TCP port
89691c9bd17f5f53fa0aa8d3fe2e1faee5a5d984rpluem of BIND 9's default control channel port, 953.
89691c9bd17f5f53fa0aa8d3fe2e1faee5a5d984rpluem </listitem>
3e9c0665b06e44cf776528c6954ed3ca34a77c7fsctemme </varlistentry>
3e9c0665b06e44cf776528c6954ed3ca34a77c7fsctemme <varlistentry>
6707208ba4e9a5841ca1ab830830fd286ea5b7c5trawick Enable verbose logging.
832853bb93c1831daf24e4727c5ca0e1b1786e83lars </listitem>
832853bb93c1831daf24e4727c5ca0e1b1786e83lars </varlistentry>
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding <varlistentry>
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding <term>-y <replaceable class="parameter">keyid</replaceable></term>
1782dcd420de504978945e6b812523eeae6d56a2lars Use the key <replaceable class="parameter">keyid</replaceable>
1782dcd420de504978945e6b812523eeae6d56a2lars from the configuration file.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem known by named with the same algorithm and secret string
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem in order for control message validation to succeed.
59dc8d935dbf862712683bbc9e267bd08ced0b14fielding If no <replaceable class="parameter">keyid</replaceable>
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem is specified, <command>rndc</command> will first look
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem for a key clause in the server statement of the server
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem being used, or if no server statement is present for that
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem host, then the default-key clause of the options statement.
cf8d02ea0c91653917b044529f3133c5a1bb9200fielding Note that the configuration file contains shared secrets
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem which are used to send authenticated control commands
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem to name servers. It should therefore not have general read
17ac330ebaa71b24cb77580411a231ee45996e03pquerna or write access.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem </listitem>
9f38f3ec3e8087985d108a24ae796962fef83644takashi </varlistentry>
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem </variablelist>
9e152751ed380f87c5ecae4fb0221c956e5fbd24rjung For the complete set of commands supported by <command>rndc</command>,
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem see the BIND 9 Administrator Reference Manual or run
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem <command>rndc</command> without arguments to see its help
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem </refsect1>
06e6657fd0f376a16db696876f9bff5927cc3cb0trawick does not yet support all the commands of
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem There is currently no way to provide the shared secret for a
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem <option>key_id</option> without using the configuration file.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem Several error messages could be clearer.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem </refsect1>
df46ff21c57d00f6addccaaf9b1484f2b56b8577pquerna <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
df46ff21c57d00f6addccaaf9b1484f2b56b8577pquerna </citerefentry>,
df46ff21c57d00f6addccaaf9b1484f2b56b8577pquerna <citerefentry>
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem </citerefentry>,
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem <citerefentry>
a5cce34e21a5b472f3806b4526043887bcb7e9eajim <refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem </citerefentry>
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem <citerefentry>
8c3667cd1d0db08647793137c0d1aa7f6526bebfniq <refentrytitle>ndc</refentrytitle><manvolnum>8</manvolnum>
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem </citerefentry>,
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem </refsect1>
6824182b3b8e045db97a228d3127bdfcbdfeb0bcniq <refsect1>
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem <para><corpauthor>Internet Systems Consortium</corpauthor>
0c26d213d85bc40fc05963c63bf670b42b352d25niq </refsect1>
92357fb76d3ad043e29ba2ba2041a7bdb8d13390niq - Local variables:
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem - mode: sgml