bin/rndc/rndc.docbook

	rndc.docbook revision b8a9632333a92d73a503afe1aaa7990016c8bee9
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
bec154197d3d640b0d5b416cd5218ea58dca5d3aTinderbox User               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews               [<!ENTITY mdash "&#8212;">]>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!--
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Copyright (C) 2004, 2005, 2007, 2013, 2014  Internet Systems Consortium, Inc. ("ISC")
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Copyright (C) 2000, 2001  Internet Software Consortium.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Permission to use, copy, modify, and/or distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<refentry id="man.rndc">
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews  <refentryinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <date>February 07, 2014</date>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refentryinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <refmeta>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <refentrytitle><application>rndc</application></refentrytitle>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <manvolnum>8</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <refmiscinfo>BIND9</refmiscinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refmeta>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <refnamediv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <refname><application>rndc</application></refname>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <refpurpose>name server control utility</refpurpose>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refnamediv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <docinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <copyright>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2004</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2005</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2007</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2013</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2014</year>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </copyright>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <copyright>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2000</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2001</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <holder>Internet Software Consortium.</holder>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </copyright>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User  </docinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <refsynopsisdiv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <cmdsynopsis>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <command>rndc</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <arg><option>-b <replaceable class="parameter">source-address</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <arg><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <arg><option>-q</option></arg>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <arg><option>-V</option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <arg choice="req">command</arg>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </cmdsynopsis>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User  </refsynopsisdiv>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <refsect1>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <title>DESCRIPTION</title>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <para><command>rndc</command>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      controls the operation of a name
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      server.  It supersedes the <command>ndc</command> utility
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      that was provided in old BIND releases.  If
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <command>rndc</command> is invoked with no command line
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      options or arguments, it prints a short summary of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      supported commands and the available options and their
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      arguments.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para><command>rndc</command>
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater      communicates with the name server over a TCP connection, sending
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User      commands authenticated with digital signatures.  In the current
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater      versions of
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater      <command>rndc</command> and <command>named</command>,
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User      the only supported authentication algorithms are HMAC-MD5
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater      (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User      (default), HMAC-SHA384 and HMAC-SHA512.
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater      They use a shared secret on each end of the connection.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      This provides TSIG-style authentication for the command
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      request and the name server's response.  All commands sent
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User      over the channel must be signed by a key_id known to the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User    <para><command>rndc</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      reads a configuration file to
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User      determine how to contact the name server and decide what
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      algorithm and key it should use.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User  </refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User  <refsect1>
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User    <title>OPTIONS</title>
c986916269e0d9ca0a31efb62ff5ac06938815dbTinderbox User
7208386cd37a2092c70eddf80cf29519b16c4c80Mark Andrews    <variablelist>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
507151045be68c671ffd4e2f37e17cdfa0376fc4Automatic Updater        <term>-b <replaceable class="parameter">source-address</replaceable></term>
507151045be68c671ffd4e2f37e17cdfa0376fc4Automatic Updater        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Use <replaceable class="parameter">source-address</replaceable>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            as the source address for the connection to the server.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews            Multiple instances are permitted to allow setting of both
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews            the IPv4 and IPv6 source addresses.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews        </listitem>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews        <term>-c <replaceable class="parameter">config-file</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews            Use <replaceable class="parameter">config-file</replaceable>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            as the configuration file instead of the default,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <filename>/etc/rndc.conf</filename>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term>-k <replaceable class="parameter">key-file</replaceable></term>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Use <replaceable class="parameter">key-file</replaceable>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            as the key file instead of the default,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <filename>/etc/rndc.key</filename>.  The key in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <filename>/etc/rndc.key</filename> will be used to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            authenticate
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            commands sent to the server if the <replaceable class="parameter">config-file</replaceable>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            does not exist.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term>-s <replaceable class="parameter">server</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para><replaceable class="parameter">server</replaceable> is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            the name or address of the server which matches a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            server statement in the configuration file for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>rndc</command>.  If no server is supplied on the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            command line, the host named by the default-server clause
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            in the options statement of the <command>rndc</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            configuration file will be used.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term>-p <replaceable class="parameter">port</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Send commands to TCP port
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <replaceable class="parameter">port</replaceable>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            instead
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            of BIND 9's default control channel port, 953.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <term>-q</term>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <listitem>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          <para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            Quiet mode: Message text returned by the server
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            will not be printed except when there is an error.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          </para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        </listitem>
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews      </varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <term>-V</term>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <listitem>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          <para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            Enable verbose logging.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term>-y <replaceable class="parameter">key_id</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Use the key <replaceable class="parameter">key_id</replaceable>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            from the configuration file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <replaceable class="parameter">key_id</replaceable>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            must be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            known by named with the same algorithm and secret string
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            in order for control message validation to succeed.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater            If no <replaceable class="parameter">key_id</replaceable>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater            is specified, <command>rndc</command> will first look
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater            for a key clause in the server statement of the server
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater            being used, or if no server statement is present for that
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater            host, then the default-key clause of the options statement.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater            Note that the configuration file contains shared secrets
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater            which are used to send authenticated control commands
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater            to name servers.  It should therefore not have general read
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater            or write access.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater          </para>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater        </listitem>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater      </varlistentry>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </variablelist>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <title>COMMANDS</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      A list of commands supported by <command>rndc</command> can
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      be seen by running <command>rndc</command> without arguments.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Currently supported commands are:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <variablelist>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>reload</userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Reload configuration file and zones.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>reload <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Reload the given zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>refresh <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews          <para>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews            Schedule zone maintenance for the given zone.
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews          </para>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews        </listitem>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      </varlistentry>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      <varlistentry>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews        <term><userinput>retransfer <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews            Retransfer the given slave zone from the master server.
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews          </para>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            If the zone is configured to use
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews            <command>inline-signing</command>, the signed
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews            version of the zone is discarded; after the
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews            retransfer of the unsigned version is complete, the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            signed version will be regenerated with all new
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            signatures.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>sign <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Fetch all DNSSEC keys for the given zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            from the key directory (see the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>key-directory</command> option in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            the BIND 9 Administrator Reference Manual).  If they are within
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            their publication period, merge them into the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            zone's DNSKEY RRset.  If the DNSKEY RRset
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User            is changed, then the zone is automatically
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User            re-signed with the new key set.
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User          </para>
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User          <para>
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User            This command requires that the
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User            <command>auto-dnssec</command> zone option be set
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User            to <literal>allow</literal> or
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User            <literal>maintain</literal>,
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User            and also requires the zone to be configured to
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User            allow dynamic DNS.
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User            (See "Dynamic Update Policies" in the Administrator
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User            Reference Manual for more details.)
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User          </para>
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User        </listitem>
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>loadkeys <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Fetch all DNSSEC keys for the given zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            from the key directory.  If they are within
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            their publication period, merge them into the
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews            zone's DNSKEY RRset.  Unlike <command>rndc
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            sign</command>, however, the zone is not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            immediately re-signed by the new keys, but is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            allowed to incrementally re-sign over time.
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            This command requires that the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>auto-dnssec</command> zone option
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            be set to <literal>maintain</literal>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            and also requires the zone to be configured to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            allow dynamic DNS.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            (See "Dynamic Update Policies" in the Administrator
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Reference Manual for more details.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>freeze <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Suspend updates to a dynamic zone.  If no zone is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            specified, then all zones are suspended.  This allows
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            manual edits to be made to a zone normally updated by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            dynamic update.  It also causes changes in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            journal file to be synced into the master file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            All dynamic update attempts will be refused while
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            the zone is frozen.
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews          </para>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews        </listitem>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      </varlistentry>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>thaw <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Enable updates to a frozen dynamic zone.  If no
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            zone is specified, then all frozen zones are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            enabled.  This causes the server to reload the zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            from disk, and re-enables dynamic updates after the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            load has completed.  After a zone is thawed,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            dynamic updates will no longer be refused.  If
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            the zone has changed and the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>ixfr-from-differences</command> option is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            in use, then the journal file will be updated to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            reflect changes in the zone.  Otherwise, if the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            zone has changed, any existing journal file will be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            removed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>scan</userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein             Scan the list of available network interfaces
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein             for changes, without performing a full
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein             <command>reconfig</command> or waiting for the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein             <command>interface-interval</command> timer.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>sync <optional>-clean</optional> <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Sync changes in the journal file for a dynamic zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            to the master file.  If the "-clean" option is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            specified, the journal file is also removed.  If
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews            no zone is specified, then all zones are synced.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>notify <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Resend NOTIFY messages for the zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>reconfig</userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Reload the configuration file and load new zones,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            but do not reload existing zone files even if they
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            have changed.
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            This is faster than a full <command>reload</command> when there
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            is a large number of zones because it avoids the need
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            to examine the
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            modification times of the zones files.
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater          </para>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater        </listitem>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater      </varlistentry>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater      <varlistentry>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater        <term><userinput>zonestatus <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater        <listitem>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater          <para>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            Displays the current status of the given zone,
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            including the master file name and any include
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            files from which it was loaded, when it was most
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            recently loaded, the current serial number, the
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            number of nodes, whether the zone supports
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            dynamic updates, whether the zone is DNSSEC
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            signed, whether it uses automatic DNSSEC key
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            management or inline signing, and the scheduled
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            refresh or expiry times for the zone.
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater          </para>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater        </listitem>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater      </varlistentry>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater      <varlistentry>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater        <term><userinput>stats</userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Write server statistics to the statistics file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User      <varlistentry>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User        <term><userinput>querylog</userinput> <optional>on|off</optional> </term>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            Enable or disable query logging.  (For backward
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User            compatibility, this command can also be used without
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User            an argument to toggle query logging on and off.)
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User          </para>
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User          <para>
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User            Query logging can also be enabled
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User            by explicitly directing the <command>queries</command>
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User            <command>category</command> to a
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User            <command>channel</command> in the
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User            <command>logging</command> section of
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User            <filename>named.conf</filename> or by specifying
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User            <command>querylog yes;</command> in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>options</command> section of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <filename>named.conf</filename>.
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User          </para>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User        </listitem>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <term><userinput>dumpdb <optional>-all|-cache|-zone</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User        <listitem>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User          <para>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User            Dump the server's caches (default) and/or zones to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            dump file for the specified views.  If no view is
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User            specified, all
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User            views are dumped.
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User          </para>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User        </listitem>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User      </varlistentry>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>secroots <optional><replaceable>view ...</replaceable></optional></userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Dump the server's security roots and negative trust anchors
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            to the secroots file for the specified views.  If no view is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            specified, all views are dumped.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>stop <optional>-p</optional></userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Stop the server, making sure any recent changes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            made through dynamic update or IXFR are first saved to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            the master files of the updated zones.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            If <option>-p</option> is specified <command>named</command>'s process id is returned.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            This allows an external process to determine when <command>named</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            had completed stopping.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>halt <optional>-p</optional></userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Stop the server immediately.  Recent changes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            made through dynamic update or IXFR are not saved to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            the master files, but will be rolled forward from the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            journal files when the server is restarted.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            If <option>-p</option> is specified <command>named</command>'s process id is returned.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            This allows an external process to determine when <command>named</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            had completed halting.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>trace</userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            Increment the servers debugging level by one.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>trace <replaceable>level</replaceable></userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            Sets the server's debugging level to an explicit
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            value.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>notrace</userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Sets the server's debugging level to 0.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>flush</userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Flushes the server's cache.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>flushname</userinput> <replaceable>name</replaceable> <optional><replaceable>view</replaceable></optional> </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Flushes the given name from the server's DNS cache
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            and, if applicable, from the server's nameserver address
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews            database or bad-server cache.
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews      <varlistentry>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews        <term><userinput>flushtree</userinput> <optional>-all</optional> <replaceable>name</replaceable> <optional><replaceable>view</replaceable></optional> </term>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews        <listitem>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews          <para>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews            Flushes the given name, and all of its subdomains,
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews            from the server's DNS cache, the address database,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            and the bad server cache.
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater          </para>
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews      <varlistentry>
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews        <term><userinput>status</userinput></term>
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews        <listitem>
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews          <para>
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews            Display status of the server.
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews            Note that the number of zones includes the internal <command>bind/CH</command> zone
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews            and the default <command>/IN</command>
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews            hint zone if there is not an
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews            explicit root zone configured.
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews      </varlistentry>
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews      <varlistentry>
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater        <term><userinput>recursing</userinput></term>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews        <listitem>
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Dump the list of queries <command>named</command> is currently recursing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            on.
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater          </para>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews        </listitem>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews      </varlistentry>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews      <varlistentry>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews        <term><userinput>validation ( on | off | check ) <optional><replaceable>view ...</replaceable></optional> </userinput></term>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews        <listitem>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews          <para>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews            Enable, disable, or check the current status of
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews            DNSSEC validation.
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews            Note <command>dnssec-enable</command> also needs to be
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews            set to <userinput>yes</userinput> or
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews            <userinput>auto</userinput> to be effective.
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews            It defaults to enabled.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <term><userinput>nta
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <optional>( -d | -f | -r | -l <replaceable>duration</replaceable>)</optional>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews    <replaceable>domain</replaceable>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <optional><replaceable>view</replaceable></optional>
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews    </userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Sets a DNSSEC negative trust anchor (NTA)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            for <option>domain</option>, with a lifetime of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <option>lifetime</option>.  The default lifetime is
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            configured in <file>named.conf</file> via the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <option>nta-lifetime</option>, and defaults to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            one hour.  The lifetime cannot exceed one day.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            A negative trust anchor selectively disables
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews            DNSSEC validation for zones that known to be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            failing because of misconfiguration rather than
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            an attack.  When data to be validated is
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater            at or below an active NTA (and above any other
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater            configured trust anchors), <command>named</command> will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            abort the DNSSEC validation process and treat the data as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            insecure rather than bogus.  This continues until the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            NTA's lifetime is elapsed, or until the server is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            restarted (NTA's do not persist across restarts).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            An existing NTA can be removed by using the
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews            <option>-remove</option> option.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            An NTA's lifetime can be specified with the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <option>-lifetime</option> option.  TTL-style
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            suffixes can be used to specify the lifetime in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            seconds, minutes, or hours.  If the specified NTA
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            already exists, its lifetime will be updated to the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            new value.  Setting <option>lifetime</option> to zero
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            is equivalent to <option>-remove</option>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            If <option>-dump</option> is used, any other arguments
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            are ignored, and a list of existing NTAs is printed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            (note that this may include NTAs that are expired but
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            have not yet been cleaned up).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce          <para>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce            Normally, <command>named</command> will periodically
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce            test to see whether data below an NTA can now be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            validated (see the <option>nta-recheck</option> option
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            in the Administrator Reference Manual for details).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            If data can be validated, then the NTA is regarded as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            no longer necessary, and will be allowed to expire
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            early.  The <option>-force</option> overrides this
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            behavior and forces an NTA to persist for its entire
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            lifetime, regardless of whether data could be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            validated if the NTA were not present.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            All of these options can be shortened, i.e., to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <option>-l</option>, <option>-r</option>, <option>-d</option>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            and <option>-f</option>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      </varlistentry>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>tsig-list</userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            List the names of all TSIG keys currently configured
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            for use by <command>named</command> in each view.  The
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            list both statically configured keys and dynamic
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            TKEY-negotiated keys.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>tsig-delete</userinput> <replaceable>keyname</replaceable> <optional><replaceable>view</replaceable></optional></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce          <para>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce            Delete a given TKEY-negotiated key from the server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            (This does not apply to statically configured TSIG
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            keys.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>addzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> <replaceable>configuration</replaceable> </userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Add a zone while the server is running.  This
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            command requires the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>allow-new-zones</command> option to be set
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            to <userinput>yes</userinput>.  The
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <replaceable>configuration</replaceable> string
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            specified on the command line is the zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            configuration text that would ordinarily be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            placed in <filename>named.conf</filename>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews            The configuration is saved in a file called
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein           <filename><replaceable>hash</replaceable>.nzf</filename>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            where <replaceable>hash</replaceable> is a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            cryptographic hash generated from the name of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            the view.  When <command>named</command> is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            restarted, the file will be loaded into the view
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            configuration, so that zones that were added
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            can persist after a restart.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            This sample <command>addzone</command> command
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            would add the zone <literal>example.com</literal>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            to the default view:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<prompt>$ </prompt><userinput>rndc addzone example.com '{ type master; file "example.com.db"; };'</userinput>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            (Note the brackets and semi-colon around the zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            configuration text.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>delzone <optional>-clean</optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Delete a zone while the server is running.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Only zones that were originally added via
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>rndc addzone</command> can be deleted
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            in this manner.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            If the <option>-clean</option> is specified,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            the zone's master file (and journal file, if any)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            will be deleted along with the zone.  Without the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <option>-clean</option> option, zone files must
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            be cleaned up by hand.  (If the zone is of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            type "slave" or "stub", the files needing to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            be cleaned up will be reported in the output
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            of the <command>rndc delzone</command> command.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><userinput>signing <optional>( -list | -clear <replaceable>keyid/algorithm</replaceable> | -clear <literal>all</literal> | -nsec3param ( <replaceable>parameters</replaceable> | <literal>none</literal> ) ) </optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            List, edit, or remove the DNSSEC signing state records
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            for the specified zone.  The status of ongoing DNSSEC
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            operations (such as signing or generating
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            NSEC3 chains) is stored in the zone in the form
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            of DNS resource records of type
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>sig-signing-type</command>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>rndc signing -list</command> converts
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            these records into a human-readable form,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            indicating which keys are currently signing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            or have finished signing the zone, and which NSEC3
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            chains are being created or removed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>rndc signing -clear</command> can remove
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            a single key (specified in the same format that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>rndc signing -list</command> uses to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            display it), or all keys.  In either case, only
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            completed keys are removed; any record indicating
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            that a key has not yet finished signing the zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            will be retained.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>rndc signing -nsec3param</command> sets
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            the NSEC3 parameters for a zone.  This is the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            only supported mechanism for using NSEC3 with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>inline-signing</command> zones.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Parameters are specified in the same format as
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews            an NSEC3PARAM resource record: hash algorithm,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            flags, iterations, and salt, in that order.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Currently, the only defined value for hash algorithm
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            is <literal>1</literal>, representing SHA-1.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            The <option>flags</option> may be set to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <literal>0</literal> or <literal>1</literal>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            depending on whether you wish to set the opt-out
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            bit in the NSEC3 chain.  <option>iterations</option>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            defines the number of additional times to apply
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic Updater            the algorithm when generating an NSEC3 hash.  The
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic Updater            <option>salt</option> is a string of data expressed
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic Updater            in hexadecimal, a hyphen (`-') if no salt is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            to be used, or the keyword <literal>auto</literal>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            which causes <command>named</command> to generate a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            random 64-bit salt.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            So, for example, to create an NSEC3 chain using
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            the SHA-1 hash algorithm, no opt-out flag,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            10 iterations, and a salt value of "FFFF", use:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>rndc signing -nsec3param 1 0 10 FFFF <replaceable>zone</replaceable></command>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            To set the opt-out flag, 15 iterations, and no
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            salt, use:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>rndc signing -nsec3param 1 1 15 - <replaceable>zone</replaceable></command>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>rndc signing -nsec3param none</command>
c6d486af36165da7eb970354981d145249e342e4Mark Andrews            removes an existing NSEC3 chain and replaces it
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater            with NSEC.
c6d486af36165da7eb970354981d145249e342e4Mark Andrews          </para>
c6d486af36165da7eb970354981d145249e342e4Mark Andrews        </listitem>
c6d486af36165da7eb970354981d145249e342e4Mark Andrews      </varlistentry>
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater    </variablelist>
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater  </refsect1>
c6d486af36165da7eb970354981d145249e342e4Mark Andrews
c6d486af36165da7eb970354981d145249e342e4Mark Andrews  <refsect1>
c6d486af36165da7eb970354981d145249e342e4Mark Andrews    <title>LIMITATIONS</title>
c6d486af36165da7eb970354981d145249e342e4Mark Andrews    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      There is currently no way to provide the shared secret for a
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater      <option>key_id</option> without using the configuration file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Several error messages could be clearer.
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater    </para>
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater  </refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <title>SEE ALSO</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para><citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </citerefentry>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </citerefentry>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </citerefentry>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater      </citerefentry>,
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater      <citerefentry>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater        <refentrytitle>ndc</refentrytitle><manvolnum>8</manvolnum>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater      </citerefentry>,
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater    </para>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater  </refsect1>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater  <refsect1>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater    <title>AUTHOR</title>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater    <para><corpauthor>Internet Systems Consortium</corpauthor>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</refentry><!--
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Local variables:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - mode: sgml
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - End:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein