bin/rndc/rndc.docbook

	rndc.docbook revision d4ef65050feac78554addf6e16a06c6e2e0bd331
c313914d0e66b20969215e519bbf2ab4ecf39512Tinderbox User<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
c80e152862cc3e3207dc837fde7116bd4c0e4b9dTinderbox User<!--
c80e152862cc3e3207dc837fde7116bd4c0e4b9dTinderbox User - Copyright (C) 2001  Internet Software Consortium.
8d1b3ceb4d491ce32572f1702f37ed585eede993Evan Hunt -
8d1b3ceb4d491ce32572f1702f37ed585eede993Evan Hunt - Permission to use, copy, modify, and distribute this software for any
d77cb075aae5595e460e3299bfc1e8ea5d42b560Evan Hunt - purpose with or without fee is hereby granted, provided that the above
d77cb075aae5595e460e3299bfc1e8ea5d42b560Evan Hunt - copyright notice and this permission notice appear in all copies.
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews -
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
701a93f5a592e4652343e049aa495d409c3ee133Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
7ec97ae74e42ec21b354fd2d1366313b41d947d6Evan Hunt - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
701a93f5a592e4652343e049aa495d409c3ee133Mark Andrews - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
701a93f5a592e4652343e049aa495d409c3ee133Mark Andrews - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
002f1373374a0b72fc0329baa682917929bef168Tony Finch-->
002f1373374a0b72fc0329baa682917929bef168Tony Finch
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews<!-- $Id: rndc.docbook,v 1.6 2001/06/10 13:57:53 tale Exp $ -->
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews<refentry>
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews  <refentryinfo>
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    <date>June 30, 2000</date>
73cf0ba4e82c6baef638ecc4e31321223f841d28Mark Andrews  </refentryinfo>
73cf0ba4e82c6baef638ecc4e31321223f841d28Mark Andrews
73cf0ba4e82c6baef638ecc4e31321223f841d28Mark Andrews  <refmeta>
d8351dfc9b725b0d727be7acab6247d7d501d9a0Mark Andrews    <refentrytitle><application>rndc</application></refentrytitle>
d8351dfc9b725b0d727be7acab6247d7d501d9a0Mark Andrews    <manvolnum>8</manvolnum>
d8351dfc9b725b0d727be7acab6247d7d501d9a0Mark Andrews    <refmiscinfo>BIND9</refmiscinfo>
3a29ce9c08dd31709c73e7187aebda0d360c537bEvan Hunt  </refmeta>
3a29ce9c08dd31709c73e7187aebda0d360c537bEvan Hunt
5c78f1f50e53d8e2ed51a187efc2c9a0f43b4b1bMark Andrews  <refnamediv>
f1740da065d4555039fe8bb53beb4153e3f94de3Mark Andrews    <refname><application>rndc</application></refname>
f1740da065d4555039fe8bb53beb4153e3f94de3Mark Andrews    <refpurpose>name server control utility</refpurpose>
f1740da065d4555039fe8bb53beb4153e3f94de3Mark Andrews  </refnamediv>
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews  <refsynopsisdiv>
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews    <cmdsynopsis>
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews      <command>rndc</command>
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews      <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
ad309e8dfa0601d6053aaa12770a98a6940f89deEvan Hunt      <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
ad309e8dfa0601d6053aaa12770a98a6940f89deEvan Hunt      <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
635e4351b04fd61ca6d853bdac6268c090b55129Mark Andrews      <arg><option>-V</option></arg>
635e4351b04fd61ca6d853bdac6268c090b55129Mark Andrews      <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
fc04365d2f83f197c8a54545dd9cd4ce6a209940Mark Andrews      <arg choice="req">command</arg>
fc04365d2f83f197c8a54545dd9cd4ce6a209940Mark Andrews    </cmdsynopsis>
7cbac360bf98c0a52b2d6866ad887616c32d4d3aMark Andrews  </refsynopsisdiv>
7cbac360bf98c0a52b2d6866ad887616c32d4d3aMark Andrews
7cbac360bf98c0a52b2d6866ad887616c32d4d3aMark Andrews  <refsect1>
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt    <title>DESCRIPTION</title>
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt    <para>
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt        <command>rndc</command> controls the operation of a name
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt    server.  It supersedes the <command>ndc</command> utility
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt    that was provided in old BIND releases.  If
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt    <command>rndc</command> is invoked with no command line
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt    options or arguments, it prints a short summary of the
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt    supported commands and the available options and their
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaraman    arguments.
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaraman    </para>
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaraman    <para>
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman        <command>rndc</command> communicates with the name server
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman    over a TCP connection, sending commands authenticated with
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman    digital signatures.  In the current versions of
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman    <command>rndc</command> and <command>named</command> named
4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews        the only supported authentication algorithm is HMAC-MD5,
4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews    which uses a shared secret on each end of the connection.
4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews    This provides TSIG-style authentication for the command
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews    request and the name server's response.  All commands sent
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews    over the channel must be signed by a key_id known to the
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews    server.
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews    </para>
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt    <para>
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt        <command>rndc</command> reads a configuration file to
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt    determine how to contact the name server and decide what
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt    algorithm and key it should use.
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt    </para>
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont  </refsect1>
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont  <refsect1>
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont    <title>OPTIONS</title>
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień    <variablelist>
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień      <varlistentry>
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień        <term>-c <replaceable class="parameter">config-file</replaceable></term>
929329d2d66a7e1083c70a9c918381935bf12799Mukund Sivaraman    <listitem>
929329d2d66a7e1083c70a9c918381935bf12799Mukund Sivaraman      <para>
929329d2d66a7e1083c70a9c918381935bf12799Mukund Sivaraman          Use <replaceable class="parameter">config-file</replaceable>
7e1a62eea2e4ba9d6c3fc718e679b965fa514f69Mark Andrews          as the configuration file instead of the default,
ec29d217ba3a2bf3e617a7b5b6708ae221bee999Mark Andrews          <filename>/etc/rndc.conf</filename>.
ec29d217ba3a2bf3e617a7b5b6708ae221bee999Mark Andrews      </para>
afefd754734f896bf3e0590177fff83e7cdfdf35Mark Andrews    </listitem>
afefd754734f896bf3e0590177fff83e7cdfdf35Mark Andrews      </varlistentry>
afefd754734f896bf3e0590177fff83e7cdfdf35Mark Andrews
f0353a586c2bfbae999193cb644b6bc94c7944d8Mark Andrews      <varlistentry>
f0353a586c2bfbae999193cb644b6bc94c7944d8Mark Andrews        <term>-s <replaceable class="parameter">server</replaceable></term>
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt    <listitem>
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt      <para>
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt           <replaceable class="parameter">server</replaceable> is
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt           the name or address of the server which matches a
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt           server statement in the configuration file for
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt           <command>rndc</command>.  If no server is supplied on the
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt           command line, the host named by the default-server clause
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt           in the option statement of the configuration file will be
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt           used.
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt      </para>
cad79077bd5b2616bc4a7a6b3cbc0953bef8917fMark Andrews    </listitem>
cad79077bd5b2616bc4a7a6b3cbc0953bef8917fMark Andrews      </varlistentry>
cad79077bd5b2616bc4a7a6b3cbc0953bef8917fMark Andrews
cad79077bd5b2616bc4a7a6b3cbc0953bef8917fMark Andrews      <varlistentry>
adfe58e8e5cd1890585e92b67f1fd01989a1fa7dMark Andrews        <term>-p <replaceable class="parameter">port</replaceable></term>
adfe58e8e5cd1890585e92b67f1fd01989a1fa7dMark Andrews    <listitem>
adfe58e8e5cd1890585e92b67f1fd01989a1fa7dMark Andrews      <para>
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews           Send commands to TCP port
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews           <replaceable class="parameter">port</replaceable> instead
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews           of BIND 9's default control channel port, 953.
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews      </para>
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews    </listitem>
cb616c6d5c2ece1fac37fa6e0bca2b53d4043098Mark Andrews      </varlistentry>
cb616c6d5c2ece1fac37fa6e0bca2b53d4043098Mark Andrews
cb616c6d5c2ece1fac37fa6e0bca2b53d4043098Mark Andrews      <varlistentry>
c0a2210466dec0cc81ebf2ffbe21693b57b9c29cMark Andrews        <term>-V</term>
c0a2210466dec0cc81ebf2ffbe21693b57b9c29cMark Andrews    <listitem>
c0a2210466dec0cc81ebf2ffbe21693b57b9c29cMark Andrews      <para>
534057c9f91a3eb6e0541f3526459c716239b337Mark Andrews           Enable verbose logging.
534057c9f91a3eb6e0541f3526459c716239b337Mark Andrews      </para>
534057c9f91a3eb6e0541f3526459c716239b337Mark Andrews    </listitem>
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews      </varlistentry>
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews      <varlistentry>
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews        <term>-y <replaceable class="parameter">keyid</replaceable></term>
f7f4730e563a2749629fe7fef4cd9513cd2bfab7Mark Andrews    <listitem>
f7f4730e563a2749629fe7fef4cd9513cd2bfab7Mark Andrews      <para>
1848d38f441ebf70ab21f6151bc3487a92d25b63Mark Andrews           Use the key <replaceable class="parameter">keyid</replaceable>
1848d38f441ebf70ab21f6151bc3487a92d25b63Mark Andrews           from the configuration file.
2d82ed9456e72dc4373bea19d63411afe1c48962Mark Andrews           <replaceable class="parameter">keyid</replaceable> must be
2d82ed9456e72dc4373bea19d63411afe1c48962Mark Andrews           known by named with the same algorithm and secret string
2d82ed9456e72dc4373bea19d63411afe1c48962Mark Andrews           in order for control message validation to succeed.
a5a1cbece45e6ca68aafe3b9b995eac6b0f45dd2Mark Andrews           If no <replaceable class="parameter">keyid</replaceable>
a5a1cbece45e6ca68aafe3b9b995eac6b0f45dd2Mark Andrews           is specified, <command>rndc</command> will first look
0d6328ce5f6b799f8e7c6cbbb3b965cf29bfb7baMark Andrews           for a key clause in the server statement of the server
0d6328ce5f6b799f8e7c6cbbb3b965cf29bfb7baMark Andrews           being used, or if no server statement is present for that
0d6328ce5f6b799f8e7c6cbbb3b965cf29bfb7baMark Andrews           host, then the default-key clause of the options statement.
e01ef6f01c7e8f80122cd80a2e011425a0135489Mark Andrews           Note that the configuration file contains shared secrets
677f507de7c546c187c1505c48bc7b440545485cMark Andrews           which are used to send authenticated control commands
677f507de7c546c187c1505c48bc7b440545485cMark Andrews           to name servers.  It should therefore not have general read
677f507de7c546c187c1505c48bc7b440545485cMark Andrews           or write access.
124cc0660c7eff8021c2422fb47441e9ca08b3f9Tinderbox User      </para>
e01ef6f01c7e8f80122cd80a2e011425a0135489Mark Andrews    </listitem>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews      </varlistentry>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews
677f507de7c546c187c1505c48bc7b440545485cMark Andrews    </variablelist>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews
677f507de7c546c187c1505c48bc7b440545485cMark Andrews    <para>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews      For the complete set of commands supported by <command>rndc</command>,
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews      see the BIND 9 Administrator Reference Manual or run
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews      <command>rndc</command> without arguments to see its help message.
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews    </para>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews
677f507de7c546c187c1505c48bc7b440545485cMark Andrews  </refsect1>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews  <refsect1>
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt    <title>LIMITATIONS</title>
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt    <para>
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt        <command>rndc</command> does not yet support all the commands of
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt    the BIND 8 <command>ndc</command> utility.
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt    </para>
81e3e3084980afcd61416f572c6e72d38a3808abMichał Kępień    <para>
81e3e3084980afcd61416f572c6e72d38a3808abMichał Kępień        There is currently no way to provide the shared secret for a
81e3e3084980afcd61416f572c6e72d38a3808abMichał Kępień        <option>key_id</option> without using the configuration file.
81e3e3084980afcd61416f572c6e72d38a3808abMichał Kępień    </para>
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews    <para>
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews        Several error messages could be clearer.
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews    </para>
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews  </refsect1>
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews  <refsect1>
75505befa93c993aa5d2df24a2b64eac0c34cbffMark Andrews    <title>SEE ALSO</title>
75505befa93c993aa5d2df24a2b64eac0c34cbffMark Andrews    <para>
75505befa93c993aa5d2df24a2b64eac0c34cbffMark Andrews      <citerefentry>
a38f07c73790170842e4523b4a474d01ca0dede1Michał Kępień        <refentrytitle>rndc.conf</refentrytitle>
a38f07c73790170842e4523b4a474d01ca0dede1Michał Kępień    <manvolnum>5</manvolnum>
a38f07c73790170842e4523b4a474d01ca0dede1Michał Kępień      </citerefentry>,
39d5523a8afc73cbdb4fa426de2ce071267a5d6fMark Andrews      <citerefentry>
39d5523a8afc73cbdb4fa426de2ce071267a5d6fMark Andrews        <refentrytitle>named</refentrytitle>
39d5523a8afc73cbdb4fa426de2ce071267a5d6fMark Andrews    <manvolnum>8</manvolnum>
39d5523a8afc73cbdb4fa426de2ce071267a5d6fMark Andrews      </citerefentry>,
1f4a3c7088594d1b64cd734eb69e1fd023fde8bfMichał Kępień      <citerefentry>
1f4a3c7088594d1b64cd734eb69e1fd023fde8bfMichał Kępień        <refentrytitle>named.conf</refentrytitle>
1f4a3c7088594d1b64cd734eb69e1fd023fde8bfMichał Kępień    <manvolnum>5</manvolnum>
91827e6fd3851a5fe129ef5409ff45833ca01a0eMark Andrews      </citerefentry>
91827e6fd3851a5fe129ef5409ff45833ca01a0eMark Andrews      <citerefentry>
91827e6fd3851a5fe129ef5409ff45833ca01a0eMark Andrews        <refentrytitle>ndc</refentrytitle>
35aae5884f410180706a89a9715bf9a85eeeb4b7Michał Kępień    <manvolnum>8</manvolnum>
35aae5884f410180706a89a9715bf9a85eeeb4b7Michał Kępień      </citerefentry>,
35aae5884f410180706a89a9715bf9a85eeeb4b7Michał Kępień      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
57b1d64d9ae12d56973716e96f9743a00d47af4aMichał Kępień    </para>
57b1d64d9ae12d56973716e96f9743a00d47af4aMichał Kępień  </refsect1>
57b1d64d9ae12d56973716e96f9743a00d47af4aMichał Kępień
2d517e233ff3b3fcd272eb5b2e2d3db6d31a1681Michał Kępień  <refsect1>
2d517e233ff3b3fcd272eb5b2e2d3db6d31a1681Michał Kępień    <title>AUTHOR</title>
2d517e233ff3b3fcd272eb5b2e2d3db6d31a1681Michał Kępień    <para>
09c3efda414314d7edcfb2aed9463fb935fc95a6Mark Andrews        <corpauthor>Internet Software Consortium</corpauthor>
09c3efda414314d7edcfb2aed9463fb935fc95a6Mark Andrews    </para>
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews  </refsect1>
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews</refentry>
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews<!--
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews - Local variables:
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews - mode: sgml
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews - End:
09c3efda414314d7edcfb2aed9463fb935fc95a6Mark Andrews-->
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews
c7e57ce1b0bca9bc7da14bec485f7a7e3e4c761fMichał Kępień