fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">

d362465c77b375be2707bc83cebc731d0645d12dAutomatic Updater

dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews<refentry>

40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence <refentryinfo>

ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater <date>June 30, 2000</date>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence </refentryinfo>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence

40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence <refmeta>

dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews <refentrytitle><application>rndc</application></refentrytitle>

dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews <manvolnum>8</manvolnum>

dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews <refmiscinfo>BIND9</refmiscinfo>

dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews </refmeta>

dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews

dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews <refnamediv>

dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews <refname><application>rndc</application></refname>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <refpurpose>name server control utility</refpurpose>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence </refnamediv>

9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <refsynopsisdiv>

29747dfe5e073a299b3681e01f5c55540f8bfed7Mark Andrews <cmdsynopsis>

ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein <command>rndc</command>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <arg><option>-v</option></arg>

b09983678f5d116d3c8387aaeab4f2dc4deb0454David Lawrence <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <arg rep="repeat">command</arg>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence </cmdsynopsis>

f621719829356f27e831507b75e88e8a655e48d8Danny Mayer </refsynopsisdiv>

f621719829356f27e831507b75e88e8a655e48d8Danny Mayer

f621719829356f27e831507b75e88e8a655e48d8Danny Mayer <refsect1>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <title>DESCRIPTION</title>

5fe5a0c02634eaadfcbc3528bf2c184557110a3bAndreas Gustafsson <para>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <command>rndc</command> controls the operation of a name

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence server. It supersedes the <command>ndc</command> utility

024face21cdfbfc7a862a3be061e6780533ef755Andreas Gustafsson that was provided in old BIND releases. If

230bc05e7e4a6ba7fa4ee396048ab669552dcbe2Andreas Gustafsson <command>rndc</command> is invoked with no command line

2c2cda0045ec97d0db445ed777411930f27c0dd0Bob Halley options or arguments, it prints a short summary of the

81ae5e1ae678320e46342d4bbb71bfb81227a248Andreas Gustafsson supported commands and the available options and their

81ae5e1ae678320e46342d4bbb71bfb81227a248Andreas Gustafsson arguments.

20c266cbc999c724e03e6edd437fb4181b92f095Michael Graff </para>

ff7f1dc0393cfc8a033be7e94aa56cd57c97d174Andreas Gustafsson <para>

4607e7a9b8dfb1b41c70e51c2b603daaf22cf302Mark Andrews <command>rndc</command> communicates with the name server

bc6af069c80ca33a5619d71d57859724cab1f4c4Mark Andrews over a TCP connection, sending commands authenticated with

9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver digital signatures. In the current versions of

230bc05e7e4a6ba7fa4ee396048ab669552dcbe2Andreas Gustafsson <command>rndc</command> and <command>named</command> named

5fe5a0c02634eaadfcbc3528bf2c184557110a3bAndreas Gustafsson the only supported authentication algorithm is HMAC-MD5,

5fe5a0c02634eaadfcbc3528bf2c184557110a3bAndreas Gustafsson which uses a shared secret on each end of the connection.

5fe5a0c02634eaadfcbc3528bf2c184557110a3bAndreas Gustafsson This provides TSIG-style authentication for the command

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence request and the name server's response. All commands sent

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence over the channel must be signed by a key_id known to the

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence server.

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence </para>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <para>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <command>rndc</command> reads a configuration file to

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence determine how to contact the name server and decide what

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence algorithm and key it should use.

249aa1914b5462a77f24c4a8dc9a1b9f0ff8ee5fJames Brister </para>

2c2cda0045ec97d0db445ed777411930f27c0dd0Bob Halley </refsect1>

70f6053bd1c18f0a0ebe5b52c8ddbf464e92a1c5Mark Andrews

61ba96e2f90930c7dfde73e05ac6d2c5a611afa7Andreas Gustafsson <refsect1>

cfec676d095c14a8f79bb84939d74f22272309c6Michael Graff <title>OPTIONS</title>

81ae5e1ae678320e46342d4bbb71bfb81227a248Andreas Gustafsson

81ae5e1ae678320e46342d4bbb71bfb81227a248Andreas Gustafsson <variablelist>

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson <varlistentry>

230bc05e7e4a6ba7fa4ee396048ab669552dcbe2Andreas Gustafsson <term>-c <replaceable class="parameter">config-file</replaceable></term>

20c266cbc999c724e03e6edd437fb4181b92f095Michael Graff <listitem>

8b61d2012063306528286680bd9f086fa868d86eMark Andrews <para>

84fcfe530b60140f3f95f1d3894358d8c8ba4391Andreas Gustafsson Use <replaceable class="parameter">config-file</replaceable>

d4edcfe5eb6862ff4d5922e974e509d1f6cdf76fBrian Wellington as the configuration file instead of the default,

d4edcfe5eb6862ff4d5922e974e509d1f6cdf76fBrian Wellington <filename>/etc/rndc.conf</filename>.

eac8e1d5fcccaa2af0041861f2d1edbaea234329Andreas Gustafsson </para>

911ed0d3bee586b3bec42cb6c376d5cc6c0e1e24Brian Wellington </listitem>

73ac1894ea64bc50aff7406872d0e9c5df6d9cf6Mark Andrews </varlistentry>

d0eb2cc33c5db3366a16b1cb0abcca6ec7c8ee3cTatuya JINMEI 神明達哉

03e200df5dc283f24a6a349f0b31d3eab26da893Mark Andrews <varlistentry>

4e55893d307162770fbd7e0967043f0aef9d7583Evan Hunt <term>-s <replaceable class="parameter">server</replaceable></term>

20c266cbc999c724e03e6edd437fb4181b92f095Michael Graff <listitem>

b09983678f5d116d3c8387aaeab4f2dc4deb0454David Lawrence <para>

b09983678f5d116d3c8387aaeab4f2dc4deb0454David Lawrence <replaceable class="parameter">server</replaceable> is

edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence the name or address of the server which matches a

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence server statement in the configuration file for

ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein <command>rndc</command>. If no server is supplied on the

c90f5e8d1edbd5c277f2ee320167a12a30ba7c7bMichael Graff command line, the host named by the default-server clause

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence in the option statement of the configuration file will be

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence used.

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence </para>

ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein </listitem>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence </varlistentry>

ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <varlistentry>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <term>-p <replaceable class="parameter">port</replaceable></term>

45b4efd07f8d0ee11e4695900ac9ac30ec0570c1Francis Dupont <listitem>

edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence <para>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence Send commands to TCP port

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <replaceable class="parameter">port</replaceable> instead

c90f5e8d1edbd5c277f2ee320167a12a30ba7c7bMichael Graff of BIND 9's default control channel port, 953.

c90f5e8d1edbd5c277f2ee320167a12a30ba7c7bMichael Graff </para>

ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein </listitem>

c90f5e8d1edbd5c277f2ee320167a12a30ba7c7bMichael Graff </varlistentry>

c90f5e8d1edbd5c277f2ee320167a12a30ba7c7bMichael Graff

c90f5e8d1edbd5c277f2ee320167a12a30ba7c7bMichael Graff <varlistentry>

c90f5e8d1edbd5c277f2ee320167a12a30ba7c7bMichael Graff <term>-y <replaceable class="parameter">keyid</replaceable></term>

ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein <listitem>

c90f5e8d1edbd5c277f2ee320167a12a30ba7c7bMichael Graff <para>

c90f5e8d1edbd5c277f2ee320167a12a30ba7c7bMichael Graff Use the key <replaceable class="parameter">keyid</replaceable>

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence from the configuration file.

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence <replaceable class="parameter">keyid</replaceable> must be

fc80027fb54b501cdd88461bf879d078259e0226David Lawrence known by named with the same algorithm and secret string

in order for control message validation to succeed.

If no <replaceable class="parameter">keyid</replaceable>

is specified, <command>rndc</command> will first look

for a key clause in the server statement of the server

being used, or if no server statement is present for that

host, then the default-key clause of the options statement.

Note that the configuration file contains shared secrets

which are used to send authenticated control commands

to name servers. It should therefore not have general read

or write access.

</para>

</listitem>

</varlistentry>

<varlistentry>

<term>-v</term>

<listitem>

<para>

Enable verbose logging.

</para>

</listitem>

</varlistentry>

</variablelist>

<para>

For the complete set of commands supported by <command>rndc</command>,

see the BIND 9 Administrator Reference Manual or run

<command>rndc</command> without arguments to see its help message.

</para>

</refsect1>

<refsect1>

<title>LIMITATIONS</title>

<para>

<command>rndc</command> does not yet support all the commands of

the BIND 8 <command>ndc</command> utility.

</para>

<para>

There is currently no way to provide the shared secret for a

<option>key_id</option> without using the configuration file.

</para>

<para>

Several error messages could be clearer.

</para>

</refsect1>

<refsect1>

<title>SEE ALSO</title>

<para>

<citerefentry>

<refentrytitle>rndc.conf</refentrytitle>

<manvolnum>5</manvolnum>

</citerefentry>,

<citerefentry>

<refentrytitle>named</refentrytitle>

<manvolnum>8</manvolnum>

</citerefentry>,

<citerefentry>

<refentrytitle>named.conf</refentrytitle>

<manvolnum>5</manvolnum>

</citerefentry>

<citerefentry>

<refentrytitle>ndc</refentrytitle>

<manvolnum>8</manvolnum>

</citerefentry>,

<citetitle>BIND 9 Administrator Reference Manual</citetitle>.

</para>

</refsect1>

<refsect1>

<title>AUTHOR</title>

<para>

<corpauthor>Internet Software Consortium</corpauthor>

</para>

</refsect1>

</refentry>