rndc.docbook revision 4eb998928b9aef0ceda42d7529980d658138698a
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
6825f304c5f0cc2d4ba22fa2b6f7a431f9c1de59Tinderbox User "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont [<!ENTITY mdash "—">]>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont - Copyright (C) 2000, 2001 Internet Software Consortium.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont - Permission to use, copy, modify, and/or distribute this software for any
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont - purpose with or without fee is hereby granted, provided that the above
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont - copyright notice and this permission notice appear in all copies.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont - PERFORMANCE OF THIS SOFTWARE.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont<!-- $Id: rndc.docbook,v 1.21 2007/12/14 20:39:14 marka Exp $ -->
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <refentryinfo>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont </refentryinfo>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <refentrytitle><application>rndc</application></refentrytitle>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <refname><application>rndc</application></refname>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <refpurpose>name server control utility</refpurpose>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </refnamediv>
de283bda6a902c2102a795192eeab3a769001c7dTinderbox User <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
de283bda6a902c2102a795192eeab3a769001c7dTinderbox User <holder>Internet Software Consortium.</holder>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <refsynopsisdiv>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <cmdsynopsis>
de283bda6a902c2102a795192eeab3a769001c7dTinderbox User <arg><option>-b <replaceable class="parameter">source-address</replaceable></option></arg>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
de283bda6a902c2102a795192eeab3a769001c7dTinderbox User <arg><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
de283bda6a902c2102a795192eeab3a769001c7dTinderbox User <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
de283bda6a902c2102a795192eeab3a769001c7dTinderbox User <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont </cmdsynopsis>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </refsynopsisdiv>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont controls the operation of a name
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont server. It supersedes the <command>ndc</command> utility
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User that was provided in old BIND releases. If
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <command>rndc</command> is invoked with no command line
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont options or arguments, it prints a short summary of the
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont supported commands and the available options and their
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont communicates with the name server over a TCP connection, sending
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User commands authenticated with digital signatures. In the current
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <command>rndc</command> and <command>named</command>,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the only supported authentication algorithms are HMAC-MD5
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont (default), HMAC-SHA384 and HMAC-SHA512.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont They use a shared secret on each end of the connection.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont This provides TSIG-style authentication for the command
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont request and the name server's response. All commands sent
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User over the channel must be signed by a key_id known to the
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont reads a configuration file to
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont determine how to contact the name server and decide what
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User algorithm and key it should use.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <variablelist>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <varlistentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <term>-b <replaceable class="parameter">source-address</replaceable></term>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User Use <replaceable class="parameter">source-address</replaceable>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont as the source address for the connection to the server.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont Multiple instances are permitted to allow setting of both
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the IPv4 and IPv6 source addresses.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont </varlistentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <varlistentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <term>-c <replaceable class="parameter">config-file</replaceable></term>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont Use <replaceable class="parameter">config-file</replaceable>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont as the configuration file instead of the default,
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont </varlistentry>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <varlistentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <term>-k <replaceable class="parameter">key-file</replaceable></term>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont Use <replaceable class="parameter">key-file</replaceable>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User as the key file instead of the default,
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <filename>/etc/rndc.key</filename>. The key in
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <filename>/etc/rndc.key</filename> will be used to
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont commands sent to the server if the <replaceable class="parameter">config-file</replaceable>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User does not exist.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont </varlistentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <varlistentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <term>-s <replaceable class="parameter">server</replaceable></term>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <para><replaceable class="parameter">server</replaceable> is
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the name or address of the server which matches a
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont server statement in the configuration file for
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <command>rndc</command>. If no server is supplied on the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User command line, the host named by the default-server clause
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont in the options statement of the <command>rndc</command>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User configuration file will be used.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont </varlistentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <varlistentry>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <term>-p <replaceable class="parameter">port</replaceable></term>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Send commands to TCP port
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <replaceable class="parameter">port</replaceable>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont of BIND 9's default control channel port, 953.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont </varlistentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <varlistentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont Enable verbose logging.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont </varlistentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <varlistentry>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <term>-y <replaceable class="parameter">key_id</replaceable></term>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont Use the key <replaceable class="parameter">key_id</replaceable>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User from the configuration file.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <replaceable class="parameter">key_id</replaceable>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont known by named with the same algorithm and secret string
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont in order for control message validation to succeed.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont If no <replaceable class="parameter">key_id</replaceable>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User is specified, <command>rndc</command> will first look
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont for a key clause in the server statement of the server
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User being used, or if no server statement is present for that
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont host, then the default-key clause of the options statement.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Note that the configuration file contains shared secrets
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont which are used to send authenticated control commands
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont to name servers. It should therefore not have general read
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont or write access.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </varlistentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont </variablelist>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User For the complete set of commands supported by <command>rndc</command>,
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont see the BIND 9 Administrator Reference Manual or run
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <command>rndc</command> without arguments to see its help
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont does not yet support all the commands of
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont There is currently no way to provide the shared secret for a
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <option>key_id</option> without using the configuration file.
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont Several error messages could be clearer.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont </citerefentry>,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <citerefentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont </citerefentry>,
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <citerefentry>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont </citerefentry>,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <citerefentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont </citerefentry>,
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <citerefentry>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <refentrytitle>ndc</refentrytitle><manvolnum>8</manvolnum>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </citerefentry>,
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <para><corpauthor>Internet Systems Consortium</corpauthor>
7768b049c0b39662baca604ec32b32c6480f8dc6Francis Dupont - Local variables: