rndc.docbook revision 268a4475065fe6a8cd7cc707820982cf5e98f430
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein [<!ENTITY mdash "—">]>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews - Copyright (C) 2000, 2001 Internet Software Consortium.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - Permission to use, copy, modify, and distribute this software for any
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - purpose with or without fee is hereby granted, provided that the above
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - copyright notice and this permission notice appear in all copies.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<!-- $Id: rndc.docbook,v 1.12 2005/05/11 05:55:37 sra Exp $ -->
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refentryinfo>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </refentryinfo>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refentrytitle><application>rndc</application></refentrytitle>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refnamediv>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refname><application>rndc</application></refname>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refpurpose>name server control utility</refpurpose>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </refnamediv>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </copyright>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refsynopsisdiv>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <cmdsynopsis>
c4f9e613e12f03795bee18cf2ca8e6a9d39d6468Mark Andrews <arg><option>-b <replaceable class="parameter">source-address</replaceable></option></arg>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
a769eca4e3b223866b01dc8f7a4dde8d9e49bab0Mark Andrews <arg><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </cmdsynopsis>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </refsynopsisdiv>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein controls the operation of a name
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein server. It supersedes the <command>ndc</command> utility
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein that was provided in old BIND releases. If
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <command>rndc</command> is invoked with no command line
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein options or arguments, it prints a short summary of the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein supported commands and the available options and their
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein communicates with the name server
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein over a TCP connection, sending commands authenticated with
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein digital signatures. In the current versions of
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <command>rndc</command> and <command>named</command> named
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein the only supported authentication algorithm is HMAC-MD5,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein which uses a shared secret on each end of the connection.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein This provides TSIG-style authentication for the command
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein request and the name server's response. All commands sent
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein over the channel must be signed by a key_id known to the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein reads a configuration file to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein determine how to contact the name server and decide what
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein algorithm and key it should use.
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <variablelist>
c4f9e613e12f03795bee18cf2ca8e6a9d39d6468Mark Andrews <varlistentry>
c4f9e613e12f03795bee18cf2ca8e6a9d39d6468Mark Andrews <term>-b <replaceable class="parameter">source-address</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Use <replaceable class="parameter">source-address</replaceable>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein as the source address for the connection to the server.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Multiple instances are permitted to allow setting of both
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein the IPv4 and IPv6 source addresses.
c4f9e613e12f03795bee18cf2ca8e6a9d39d6468Mark Andrews </varlistentry>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <varlistentry>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <term>-c <replaceable class="parameter">config-file</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Use <replaceable class="parameter">config-file</replaceable>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein as the configuration file instead of the default,
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </varlistentry>
a769eca4e3b223866b01dc8f7a4dde8d9e49bab0Mark Andrews <varlistentry>
a769eca4e3b223866b01dc8f7a4dde8d9e49bab0Mark Andrews <term>-k <replaceable class="parameter">key-file</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Use <replaceable class="parameter">key-file</replaceable>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein as the key file instead of the default,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <filename>/etc/rndc.key</filename> will be used to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein authenticate
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein commands sent to the server if the <replaceable class="parameter">config-file</replaceable>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein does not exist.
a769eca4e3b223866b01dc8f7a4dde8d9e49bab0Mark Andrews </varlistentry>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <varlistentry>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <term>-s <replaceable class="parameter">server</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <para><replaceable class="parameter">server</replaceable> is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein the name or address of the server which matches a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein server statement in the configuration file for
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <command>rndc</command>. If no server is supplied on
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein command line, the host named by the default-server clause
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein in the option statement of the configuration file will be
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </varlistentry>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <varlistentry>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <term>-p <replaceable class="parameter">port</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Send commands to TCP port
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <replaceable class="parameter">port</replaceable>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein of BIND 9's default control channel port, 953.
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </varlistentry>
b435b1ded3def3159f597953d21dffc1615cb250Brian Wellington <varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Enable verbose logging.
b435b1ded3def3159f597953d21dffc1615cb250Brian Wellington </varlistentry>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <varlistentry>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <term>-y <replaceable class="parameter">keyid</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Use the key <replaceable class="parameter">keyid</replaceable>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein from the configuration file.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <replaceable class="parameter">keyid</replaceable>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein known by named with the same algorithm and secret string
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein in order for control message validation to succeed.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein If no <replaceable class="parameter">keyid</replaceable>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein is specified, <command>rndc</command> will first look
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein for a key clause in the server statement of the server
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein being used, or if no server statement is present for that
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein host, then the default-key clause of the options statement.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Note that the configuration file contains shared secrets
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein which are used to send authenticated control commands
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein to name servers. It should therefore not have general read
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein or write access.
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </varlistentry>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </variablelist>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley For the complete set of commands supported by <command>rndc</command>,
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley see the BIND 9 Administrator Reference Manual or run
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <command>rndc</command> without arguments to see its help
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein does not yet support all the commands of
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein There is currently no way to provide the shared secret for a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <option>key_id</option> without using the configuration file.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Several error messages could be clearer.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </citerefentry>,
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <citerefentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </citerefentry>,
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <citerefentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </citerefentry>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <citerefentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <refentrytitle>ndc</refentrytitle><manvolnum>8</manvolnum>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </citerefentry>,
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <para><corpauthor>Internet Systems Consortium</corpauthor>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley - Local variables:
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley - mode: sgml