rndc.docbook revision b5ad6dfea4cc3e7d1d322ac99f1e5a31096837c4
10139N/A<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
10139N/A "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
12219N/A [<!ENTITY mdash "&#8212;">]>
10139N/A<!--
10139N/A - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
10139N/A - Copyright (C) 2000, 2001 Internet Software Consortium.
10139N/A -
10139N/A - Permission to use, copy, modify, and distribute this software for any
10139N/A - purpose with or without fee is hereby granted, provided that the above
15291N/A - copyright notice and this permission notice appear in all copies.
10139N/A -
16382N/A - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10139N/A - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10139N/A - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
10139N/A - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
10139N/A - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16155N/A - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
10794N/A - PERFORMANCE OF THIS SOFTWARE.
10794N/A-->
12773N/A
12773N/A<!-- $Id: rndc.docbook,v 1.14 2005/07/19 04:55:21 marka Exp $ -->
12773N/A<refentry id="man.rndc">
10794N/A <refentryinfo>
10139N/A <date>June 30, 2000</date>
10815N/A </refentryinfo>
16114N/A
16114N/A <refmeta>
16464N/A <refentrytitle><application>rndc</application></refentrytitle>
16155N/A <manvolnum>8</manvolnum>
16114N/A <refmiscinfo>BIND9</refmiscinfo>
16475N/A </refmeta>
16475N/A
16475N/A <refnamediv>
16475N/A <refname><application>rndc</application></refname>
16475N/A <refpurpose>name server control utility</refpurpose>
16475N/A </refnamediv>
16475N/A
10139N/A <docinfo>
10139N/A <copyright>
10139N/A <year>2004</year>
10139N/A <year>2005</year>
10139N/A <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
10139N/A </copyright>
10139N/A <copyright>
10139N/A <year>2000</year>
10139N/A <year>2001</year>
10139N/A <holder>Internet Software Consortium.</holder>
10139N/A </copyright>
10139N/A </docinfo>
10139N/A
10139N/A <refsynopsisdiv>
10139N/A <cmdsynopsis>
10139N/A <command>rndc</command>
10139N/A <arg><option>-b <replaceable class="parameter">source-address</replaceable></option></arg>
10139N/A <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
10139N/A <arg><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
10139N/A <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
10139N/A <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
10139N/A <arg><option>-V</option></arg>
10139N/A <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
10139N/A <arg choice="req">command</arg>
10139N/A </cmdsynopsis>
10139N/A </refsynopsisdiv>
10139N/A
10139N/A <refsect1>
10139N/A <title>DESCRIPTION</title>
10139N/A <para><command>rndc</command>
10139N/A controls the operation of a name
10139N/A server. It supersedes the <command>ndc</command> utility
10139N/A that was provided in old BIND releases. If
10139N/A <command>rndc</command> is invoked with no command line
10139N/A options or arguments, it prints a short summary of the
10139N/A supported commands and the available options and their
10139N/A arguments.
10139N/A </para>
10139N/A <para><command>rndc</command>
10139N/A communicates with the name server
10139N/A over a TCP connection, sending commands authenticated with
10139N/A digital signatures. In the current versions of
10139N/A <command>rndc</command> and <command>named</command> named
10139N/A the only supported authentication algorithm is HMAC-MD5,
10139N/A which uses a shared secret on each end of the connection.
10139N/A This provides TSIG-style authentication for the command
10139N/A request and the name server's response. All commands sent
10139N/A over the channel must be signed by a key_id known to the
10139N/A server.
10139N/A </para>
10139N/A <para><command>rndc</command>
10139N/A reads a configuration file to
10139N/A determine how to contact the name server and decide what
10139N/A algorithm and key it should use.
10794N/A </para>
10794N/A </refsect1>
12754N/A
10794N/A <refsect1>
11087N/A <title>OPTIONS</title>
16114N/A
16155N/A <variablelist>
16114N/A <varlistentry>
16475N/A <term>-b <replaceable class="parameter">source-address</replaceable></term>
16475N/A <listitem>
13621N/A <para>
10139N/A Use <replaceable class="parameter">source-address</replaceable>
10139N/A as the source address for the connection to the server.
10139N/A Multiple instances are permitted to allow setting of both
10139N/A the IPv4 and IPv6 source addresses.
10139N/A </para>
10139N/A </listitem>
10139N/A </varlistentry>
10139N/A
10139N/A <varlistentry>
10139N/A <term>-c <replaceable class="parameter">config-file</replaceable></term>
10139N/A <listitem>
10139N/A <para>
10139N/A Use <replaceable class="parameter">config-file</replaceable>
10139N/A as the configuration file instead of the default,
10139N/A <filename>/etc/rndc.conf</filename>.
10139N/A </para>
10139N/A </listitem>
10139N/A </varlistentry>
10139N/A
10139N/A <varlistentry>
10139N/A <term>-k <replaceable class="parameter">key-file</replaceable></term>
11338N/A <listitem>
11338N/A <para>
11338N/A Use <replaceable class="parameter">key-file</replaceable>
11338N/A as the key file instead of the default,
11338N/A <filename>/etc/rndc.key</filename>. The key in
10139N/A <filename>/etc/rndc.key</filename> will be used to
10139N/A authenticate
10139N/A commands sent to the server if the <replaceable class="parameter">config-file</replaceable>
10139N/A does not exist.
10139N/A </para>
10139N/A </listitem>
10139N/A </varlistentry>
10139N/A
12773N/A <varlistentry>
12773N/A <term>-s <replaceable class="parameter">server</replaceable></term>
12773N/A <listitem>
12773N/A <para><replaceable class="parameter">server</replaceable> is
12773N/A the name or address of the server which matches a
10139N/A server statement in the configuration file for
10139N/A <command>rndc</command>. If no server is supplied on
10139N/A the
10139N/A command line, the host named by the default-server clause
10139N/A in the option statement of the configuration file will be
10139N/A used.
10139N/A </para>
10139N/A </listitem>
10139N/A </varlistentry>
10139N/A
10139N/A <varlistentry>
10139N/A <term>-p <replaceable class="parameter">port</replaceable></term>
10139N/A <listitem>
15528N/A <para>
10139N/A Send commands to TCP port
10139N/A <replaceable class="parameter">port</replaceable>
10139N/A instead
10139N/A of BIND 9's default control channel port, 953.
11338N/A </para>
11338N/A </listitem>
10139N/A </varlistentry>
10139N/A
10139N/A <varlistentry>
10139N/A <term>-V</term>
10139N/A <listitem>
10139N/A <para>
10139N/A Enable verbose logging.
10139N/A </para>
10139N/A </listitem>
10139N/A </varlistentry>
10139N/A
10139N/A <varlistentry>
10139N/A <term>-y <replaceable class="parameter">keyid</replaceable></term>
10139N/A <listitem>
10139N/A <para>
10139N/A Use the key <replaceable class="parameter">keyid</replaceable>
10139N/A from the configuration file.
10139N/A <replaceable class="parameter">keyid</replaceable>
10139N/A must be
10139N/A known by named with the same algorithm and secret string
10139N/A in order for control message validation to succeed.
10139N/A If no <replaceable class="parameter">keyid</replaceable>
10139N/A is specified, <command>rndc</command> will first look
10139N/A for a key clause in the server statement of the server
10139N/A being used, or if no server statement is present for that
10139N/A host, then the default-key clause of the options statement.
10139N/A Note that the configuration file contains shared secrets
10139N/A which are used to send authenticated control commands
10139N/A to name servers. It should therefore not have general read
10139N/A or write access.
10139N/A </para>
10139N/A </listitem>
10139N/A </varlistentry>
10139N/A
10139N/A </variablelist>
10139N/A
10139N/A <para>
10139N/A For the complete set of commands supported by <command>rndc</command>,
10139N/A see the BIND 9 Administrator Reference Manual or run
10139N/A <command>rndc</command> without arguments to see its help
10139N/A message.
16475N/A </para>
16475N/A
16475N/A </refsect1>
16475N/A
16475N/A <refsect1>
16475N/A <title>LIMITATIONS</title>
16382N/A <para><command>rndc</command>
16382N/A does not yet support all the commands of
16356N/A the BIND 8 <command>ndc</command> utility.
16356N/A </para>
16155N/A <para>
16155N/A There is currently no way to provide the shared secret for a
16155N/A <option>key_id</option> without using the configuration file.
16155N/A </para>
16114N/A <para>
16114N/A Several error messages could be clearer.
16106N/A </para>
16114N/A </refsect1>
16106N/A
16106N/A <refsect1>
16079N/A <title>SEE ALSO</title>
16079N/A <para><citerefentry>
16026N/A <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
16026N/A </citerefentry>,
16026N/A <citerefentry>
16026N/A <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
16026N/A </citerefentry>,
15858N/A <citerefentry>
15858N/A <refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
15858N/A </citerefentry>
15772N/A <citerefentry>
15772N/A <refentrytitle>ndc</refentrytitle><manvolnum>8</manvolnum>
15759N/A </citerefentry>,
15764N/A <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
15764N/A </para>
15764N/A </refsect1>
15764N/A
15759N/A <refsect1>
15693N/A <title>AUTHOR</title>
15693N/A <para><corpauthor>Internet Systems Consortium</corpauthor>
15624N/A </para>
15624N/A </refsect1>
15528N/A
15528N/A</refentry><!--
15528N/A - Local variables:
15528N/A - mode: sgml
15448N/A - End:
15448N/A-->
15301N/A