rndc.docbook revision d82cc2260cb6d49c4832ad781a776c03bc4365fe
5cd4555ad444fd391002ae32450572054369fd42Rob Austein<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt [<!ENTITY mdash "&#8212;">]>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<!--
b129f72d951663755496670606e5f7303e8f2dc2Tinderbox User - Copyright (C) 2004, 2005, 2007, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews - Copyright (C) 2000, 2001 Internet Software Consortium.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington -
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - purpose with or without fee is hereby granted, provided that the above
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - copyright notice and this permission notice appear in all copies.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington -
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington-->
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews
b5ad6dfea4cc3e7d1d322ac99f1e5a31096837c4Mark Andrews<refentry id="man.rndc">
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refentryinfo>
2f5461d23b4044b62d4d668732611909d902e54dJeremy C. Reed <date>August 15, 2014</date>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </refentryinfo>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refmeta>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refentrytitle><application>rndc</application></refentrytitle>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <manvolnum>8</manvolnum>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refmiscinfo>BIND9</refmiscinfo>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </refmeta>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refnamediv>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refname><application>rndc</application></refname>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refpurpose>name server control utility</refpurpose>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </refnamediv>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <docinfo>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <year>2004</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <year>2005</year>
c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85Mark Andrews <year>2007</year>
cfa2326b5c96a3a4c720262e077b2baf9fc27970Tinderbox User <year>2013</year>
81f58902eb5a1c1ab22742c72bd6cf318acbc06aTinderbox User <year>2014</year>
b129f72d951663755496670606e5f7303e8f2dc2Tinderbox User <year>2015</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <year>2000</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <year>2001</year>
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews <holder>Internet Software Consortium.</holder>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </docinfo>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refsynopsisdiv>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <cmdsynopsis>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <command>rndc</command>
c4f9e613e12f03795bee18cf2ca8e6a9d39d6468Mark Andrews <arg><option>-b <replaceable class="parameter">source-address</replaceable></option></arg>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
a769eca4e3b223866b01dc8f7a4dde8d9e49bab0Mark Andrews <arg><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
431859b442e89281a0d42652200a8de0668bc6b9Evan Hunt <arg><option>-q</option></arg>
b435b1ded3def3159f597953d21dffc1615cb250Brian Wellington <arg><option>-V</option></arg>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
9b6a170d22d61026d31bde87523f3320628b6ebcBrian Wellington <arg choice="req">command</arg>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </cmdsynopsis>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </refsynopsisdiv>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refsect1>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <title>DESCRIPTION</title>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <para><command>rndc</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein controls the operation of a name
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein server. It supersedes the <command>ndc</command> utility
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein that was provided in old BIND releases. If
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <command>rndc</command> is invoked with no command line
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein options or arguments, it prints a short summary of the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein supported commands and the available options and their
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein arguments.
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <para><command>rndc</command>
4eb998928b9aef0ceda42d7529980d658138698aEvan Hunt communicates with the name server over a TCP connection, sending
4eb998928b9aef0ceda42d7529980d658138698aEvan Hunt commands authenticated with digital signatures. In the current
4eb998928b9aef0ceda42d7529980d658138698aEvan Hunt versions of
122c58bd11790c7576cdb1c6fd8e4439d0d7f7a5Mark Andrews <command>rndc</command> and <command>named</command>,
4eb998928b9aef0ceda42d7529980d658138698aEvan Hunt the only supported authentication algorithms are HMAC-MD5
4eb998928b9aef0ceda42d7529980d658138698aEvan Hunt (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256
4eb998928b9aef0ceda42d7529980d658138698aEvan Hunt (default), HMAC-SHA384 and HMAC-SHA512.
4eb998928b9aef0ceda42d7529980d658138698aEvan Hunt They use a shared secret on each end of the connection.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein This provides TSIG-style authentication for the command
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein request and the name server's response. All commands sent
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein over the channel must be signed by a key_id known to the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein server.
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <para><command>rndc</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein reads a configuration file to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein determine how to contact the name server and decide what
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein algorithm and key it should use.
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </para>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </refsect1>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refsect1>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <title>OPTIONS</title>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <variablelist>
c4f9e613e12f03795bee18cf2ca8e6a9d39d6468Mark Andrews <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term>-b <replaceable class="parameter">source-address</replaceable></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Use <replaceable class="parameter">source-address</replaceable>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt as the source address for the connection to the server.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Multiple instances are permitted to allow setting of both
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt the IPv4 and IPv6 source addresses.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term>-c <replaceable class="parameter">config-file</replaceable></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Use <replaceable class="parameter">config-file</replaceable>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt as the configuration file instead of the default,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <filename>/etc/rndc.conf</filename>.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term>-k <replaceable class="parameter">key-file</replaceable></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Use <replaceable class="parameter">key-file</replaceable>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt as the key file instead of the default,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <filename>/etc/rndc.key</filename>. The key in
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <filename>/etc/rndc.key</filename> will be used to
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt authenticate
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt commands sent to the server if the <replaceable class="parameter">config-file</replaceable>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt does not exist.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term>-s <replaceable class="parameter">server</replaceable></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para><replaceable class="parameter">server</replaceable> is
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt the name or address of the server which matches a
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt server statement in the configuration file for
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>rndc</command>. If no server is supplied on the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt command line, the host named by the default-server clause
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt in the options statement of the <command>rndc</command>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt configuration file will be used.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term>-p <replaceable class="parameter">port</replaceable></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Send commands to TCP port
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <replaceable class="parameter">port</replaceable>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt instead
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt of BIND 9's default control channel port, 953.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term>-q</term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Quiet mode: Message text returned by the server
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt will not be printed except when there is an error.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term>-V</term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Enable verbose logging.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term>-y <replaceable class="parameter">key_id</replaceable></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Use the key <replaceable class="parameter">key_id</replaceable>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt from the configuration file.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <replaceable class="parameter">key_id</replaceable>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt must be
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt known by named with the same algorithm and secret string
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt in order for control message validation to succeed.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt If no <replaceable class="parameter">key_id</replaceable>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt is specified, <command>rndc</command> will first look
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt for a key clause in the server statement of the server
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt being used, or if no server statement is present for that
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt host, then the default-key clause of the options statement.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Note that the configuration file contains shared secrets
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt which are used to send authenticated control commands
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt to name servers. It should therefore not have general read
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt or write access.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </varlistentry>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </variablelist>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </refsect1>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <refsect1>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <title>COMMANDS</title>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <para>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt A list of commands supported by <command>rndc</command> can
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt be seen by running <command>rndc</command> without arguments.
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </para>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <para>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt Currently supported commands are:
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </para>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <variablelist>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>reload</userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Reload configuration file and zones.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>reload <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Reload the given zone.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>refresh <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Schedule zone maintenance for the given zone.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>retransfer <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Retransfer the given slave zone from the master server.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt If the zone is configured to use
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>inline-signing</command>, the signed
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt version of the zone is discarded; after the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt retransfer of the unsigned version is complete, the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt signed version will be regenerated with all new
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt signatures.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>sign <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Fetch all DNSSEC keys for the given zone
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt from the key directory (see the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>key-directory</command> option in
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt the BIND 9 Administrator Reference Manual). If they are within
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt their publication period, merge them into the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt zone's DNSKEY RRset. If the DNSKEY RRset
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt is changed, then the zone is automatically
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt re-signed with the new key set.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt This command requires that the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>auto-dnssec</command> zone option be set
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt to <literal>allow</literal> or
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <literal>maintain</literal>,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt and also requires the zone to be configured to
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt allow dynamic DNS.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt (See "Dynamic Update Policies" in the Administrator
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Reference Manual for more details.)
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>loadkeys <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Fetch all DNSSEC keys for the given zone
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt from the key directory. If they are within
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt their publication period, merge them into the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt zone's DNSKEY RRset. Unlike <command>rndc
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt sign</command>, however, the zone is not
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt immediately re-signed by the new keys, but is
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt allowed to incrementally re-sign over time.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt This command requires that the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>auto-dnssec</command> zone option
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt be set to <literal>maintain</literal>,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt and also requires the zone to be configured to
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt allow dynamic DNS.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt (See "Dynamic Update Policies" in the Administrator
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Reference Manual for more details.)
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>freeze <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Suspend updates to a dynamic zone. If no zone is
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt specified, then all zones are suspended. This allows
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt manual edits to be made to a zone normally updated by
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt dynamic update. It also causes changes in the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt journal file to be synced into the master file.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt All dynamic update attempts will be refused while
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt the zone is frozen.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>thaw <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Enable updates to a frozen dynamic zone. If no
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt zone is specified, then all frozen zones are
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt enabled. This causes the server to reload the zone
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt from disk, and re-enables dynamic updates after the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt load has completed. After a zone is thawed,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt dynamic updates will no longer be refused. If
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt the zone has changed and the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>ixfr-from-differences</command> option is
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt in use, then the journal file will be updated to
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt reflect changes in the zone. Otherwise, if the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt zone has changed, any existing journal file will be
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt removed.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>scan</userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Scan the list of available network interfaces
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt for changes, without performing a full
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>reconfig</command> or waiting for the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>interface-interval</command> timer.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>sync <optional>-clean</optional> <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Sync changes in the journal file for a dynamic zone
d82cc2260cb6d49c4832ad781a776c03bc4365feJeremy C. Reed to the master file. If the <option>-clean</option> option is
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt specified, the journal file is also removed. If
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt no zone is specified, then all zones are synced.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>notify <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Resend NOTIFY messages for the zone.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>reconfig</userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Reload the configuration file and load new zones,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt but do not reload existing zone files even if they
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt have changed.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt This is faster than a full <command>reload</command> when there
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt is a large number of zones because it avoids the need
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt to examine the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt modification times of the zones files.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>zonestatus <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Displays the current status of the given zone,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt including the master file name and any include
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt files from which it was loaded, when it was most
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt recently loaded, the current serial number, the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt number of nodes, whether the zone supports
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt dynamic updates, whether the zone is DNSSEC
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt signed, whether it uses automatic DNSSEC key
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt management or inline signing, and the scheduled
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt refresh or expiry times for the zone.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
ea1f331c7547c09e7e769d9dd7dd483cecba00e7Evan Hunt <term><userinput>managed-keys <replaceable>(status | refresh | sync)</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt When run with the "status" keyword, print the current
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt status of the managed-keys database for the specified
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt view, or for all views if none is specified. When run
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt with the "refresh" keyword, force an immediate refresh
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt of all the managed-keys in the specified view, or all
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt views. When run with the "sync" keyword, force an
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt immediate dump of the managed-keys database to disk (in
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt the file <filename>managed-keys.bind</filename> or
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt (<filename><replaceable>viewname</replaceable>.mkeys</filename>).
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>stats</userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Write server statistics to the statistics file.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>querylog</userinput> <optional>on|off</optional> </term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Enable or disable query logging. (For backward
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt compatibility, this command can also be used without
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt an argument to toggle query logging on and off.)
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Query logging can also be enabled
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt by explicitly directing the <command>queries</command>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>category</command> to a
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>channel</command> in the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>logging</command> section of
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <filename>named.conf</filename> or by specifying
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>querylog yes;</command> in the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>options</command> section of
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <filename>named.conf</filename>.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>dumpdb <optional>-all|-cache|-zone</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Dump the server's caches (default) and/or zones to
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt dump file for the specified views. If no view is
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt specified, all
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt views are dumped.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </varlistentry>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>secroots <optional>-</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Dump the server's security roots and negative trust anchors
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt for the specified views. If no view is specified, all views
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt are dumped.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt If the first argument is "-", then the output is
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt returned via the <command>rndc</command> response channel
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt and printed to the standard output.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Otherwise, it is written to the secroots dump file, which
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt defaults to <filename>named.secroots</filename>, but can be
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt overridden via the <option>secroots-file</option> option in
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <filename>named.conf</filename>.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>stop <optional>-p</optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Stop the server, making sure any recent changes
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt made through dynamic update or IXFR are first saved to
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt the master files of the updated zones.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt If <option>-p</option> is specified <command>named</command>'s process id is returned.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt This allows an external process to determine when <command>named</command>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt had completed stopping.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>halt <optional>-p</optional></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Stop the server immediately. Recent changes
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt made through dynamic update or IXFR are not saved to
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt the master files, but will be rolled forward from the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt journal files when the server is restarted.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt If <option>-p</option> is specified <command>named</command>'s process id is returned.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt This allows an external process to determine when <command>named</command>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt had completed halting.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </varlistentry>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>trace</userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Increment the servers debugging level by one.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </varlistentry>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>trace <replaceable>level</replaceable></userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Sets the server's debugging level to an explicit
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt value.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </varlistentry>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>notrace</userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Sets the server's debugging level to 0.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>flush</userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Flushes the server's cache.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </varlistentry>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>flushname</userinput> <replaceable>name</replaceable> <optional><replaceable>view</replaceable></optional> </term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Flushes the given name from the view's DNS cache
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt and, if applicable, from the view's nameserver address
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt database, bad server cache and SERVFAIL cache.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </varlistentry>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>flushtree</userinput> <replaceable>name</replaceable> <optional><replaceable>view</replaceable></optional> </term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Flushes the given name, and all of its subdomains,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt from the view's DNS cache, address database,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt bad server cache, and SERVFAIL cache.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </varlistentry>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>status</userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Display status of the server.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Note that the number of zones includes the internal <command>bind/CH</command> zone
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt and the default <command>/IN</command>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt hint zone if there is not an
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt explicit root zone configured.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </varlistentry>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>recursing</userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Dump the list of queries <command>named</command> is currently recursing
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt on.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </varlistentry>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>validation ( on | off | check ) <optional><replaceable>view ...</replaceable></optional> </userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Enable, disable, or check the current status of
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt DNSSEC validation.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Note <command>dnssec-enable</command> also needs to be
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt set to <userinput>yes</userinput> or
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <userinput>auto</userinput> to be effective.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt It defaults to enabled.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </varlistentry>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt
0cfb24736841b3e98bb25853229a0efabab88bddEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>nta
b8a9632333a92d73a503afe1aaa7990016c8bee9Evan Hunt <optional>( -d | -f | -r | -l <replaceable>duration</replaceable>)</optional>
b8a9632333a92d73a503afe1aaa7990016c8bee9Evan Hunt <replaceable>domain</replaceable>
b8a9632333a92d73a503afe1aaa7990016c8bee9Evan Hunt <optional><replaceable>view</replaceable></optional>
b8a9632333a92d73a503afe1aaa7990016c8bee9Evan Hunt </userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Sets a DNSSEC negative trust anchor (NTA)
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt for <option>domain</option>, with a lifetime of
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <option>duration</option>. The default lifetime is
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt configured in <filename>named.conf</filename> via the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <option>nta-lifetime</option> option, and defaults to
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt one hour. The lifetime cannot exceed one week.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt A negative trust anchor selectively disables
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt DNSSEC validation for zones that are known to be
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt failing because of misconfiguration rather than
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt an attack. When data to be validated is
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt at or below an active NTA (and above any other
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt configured trust anchors), <command>named</command> will
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt abort the DNSSEC validation process and treat the data as
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt insecure rather than bogus. This continues until the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt NTA's lifetime is elapsed.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt NTAs persist across restarts of the named server.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt The NTAs for a view are saved in a file called
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <filename><replaceable>name</replaceable>.nta</filename>,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt where <replaceable>name</replaceable> is the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt name of the view, or if it contains characters
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt that are incompatible with use as a file name, a
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt cryptographic hash generated from the name
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt of the view.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt An existing NTA can be removed by using the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <option>-remove</option> option.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt An NTA's lifetime can be specified with the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <option>-lifetime</option> option. TTL-style
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt suffixes can be used to specify the lifetime in
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt seconds, minutes, or hours. If the specified NTA
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt already exists, its lifetime will be updated to the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt new value. Setting <option>lifetime</option> to zero
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt is equivalent to <option>-remove</option>.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt If <option>-dump</option> is used, any other arguments
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt are ignored, and a list of existing NTAs is printed
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt (note that this may include NTAs that are expired but
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt have not yet been cleaned up).
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Normally, <command>named</command> will periodically
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt test to see whether data below an NTA can now be
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt validated (see the <option>nta-recheck</option> option
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt in the Administrator Reference Manual for details).
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt If data can be validated, then the NTA is regarded as
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt no longer necessary, and will be allowed to expire
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt early. The <option>-force</option> overrides this
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt behavior and forces an NTA to persist for its entire
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt lifetime, regardless of whether data could be
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt validated if the NTA were not present.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt All of these options can be shortened, i.e., to
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <option>-l</option>, <option>-r</option>, <option>-d</option>,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt and <option>-f</option>.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>tsig-list</userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt List the names of all TSIG keys currently configured
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt for use by <command>named</command> in each view. The
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt list both statically configured keys and dynamic
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt TKEY-negotiated keys.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>tsig-delete</userinput> <replaceable>keyname</replaceable> <optional><replaceable>view</replaceable></optional></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Delete a given TKEY-negotiated key from the server.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt (This does not apply to statically configured TSIG
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt keys.)
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>addzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> <replaceable>configuration</replaceable> </userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Add a zone while the server is running. This
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt command requires the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>allow-new-zones</command> option to be set
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt to <userinput>yes</userinput>. The
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <replaceable>configuration</replaceable> string
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt specified on the command line is the zone
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt configuration text that would ordinarily be
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt placed in <filename>named.conf</filename>.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt The configuration is saved in a file called
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <filename><replaceable>name</replaceable>.nzf</filename>,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt where <replaceable>name</replaceable> is the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt name of the view, or if it contains characters
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt that are incompatible with use as a file name, a
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt cryptographic hash generated from the name
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt of the view.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt When <command>named</command> is
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt restarted, the file will be loaded into the view
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt configuration, so that zones that were added
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt can persist after a restart.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt This sample <command>addzone</command> command
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt would add the zone <literal>example.com</literal>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt to the default view:
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt<prompt>$ </prompt><userinput>rndc addzone example.com '{ type master; file "example.com.db"; };'</userinput>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt (Note the brackets and semi-colon around the zone
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt configuration text.)
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </varlistentry>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>modzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> <replaceable>configuration</replaceable> </userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Modify the configuration of a zone while the server
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt is running. This command requires the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>allow-new-zones</command> option to be
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt set to <userinput>yes</userinput>. As with
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt <command>addzone</command>, the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <replaceable>configuration</replaceable> string
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt specified on the command line is the zone
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt configuration text that would ordinarily be
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt placed in <filename>named.conf</filename>.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt If the zone was originally added via
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt <command>rndc addzone</command>, the configuration
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt changes will be recorded permanently and will still be
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt in effect after the server is restarted or reconfigured.
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt However, if it was originally configured in
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt <filename>named.conf</filename>, then that original
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt configuration is still in place; when the server is
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt restarted or reconfigured, the zone will revert to
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt its original configuration. To make the changes
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt permanent, it must also be modified in
2817aa56ca12139849ba1017ff978833174f6294Evan Hunt <filename>named.conf</filename>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>delzone <optional>-clean</optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Delete a zone while the server is running.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt If the <option>-clean</option> is specified,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt the zone's master file (and journal file, if any)
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt will be deleted along with the zone. Without the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <option>-clean</option> option, zone files must
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt be cleaned up by hand. (If the zone is of
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt type "slave" or "stub", the files needing to
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt be cleaned up will be reported in the output
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt of the <command>rndc delzone</command> command.)
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt If the zone was originally added via
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Hunt <command>rndc addzone</command>, then it will be
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Hunt removed permanently. However, if it was originally
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Hunt configured in <filename>named.conf</filename>, then
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Hunt that original configuration is still in place; when
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Hunt the server is restarted or reconfigured, the zone will
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Hunt come back. To remove it permanently, it must also be
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Hunt removed from <filename>named.conf</filename>
74eb2f5cbc98d9646bcd13ffcb17688f0db5ab8dEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>showzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Print the configuration of a running zone.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <varlistentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <term><userinput>signing <optional>( -list | -clear <replaceable>keyid/algorithm</replaceable> | -clear <literal>all</literal> | -nsec3param ( <replaceable>parameters</replaceable> | <literal>none</literal> ) | -serial <replaceable>value</replaceable> ) </optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <listitem>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt List, edit, or remove the DNSSEC signing state records
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt for the specified zone. The status of ongoing DNSSEC
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt operations (such as signing or generating
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt NSEC3 chains) is stored in the zone in the form
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt of DNS resource records of type
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>sig-signing-type</command>.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>rndc signing -list</command> converts
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt these records into a human-readable form,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt indicating which keys are currently signing
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt or have finished signing the zone, and which NSEC3
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt chains are being created or removed.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>rndc signing -clear</command> can remove
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt a single key (specified in the same format that
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>rndc signing -list</command> uses to
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt display it), or all keys. In either case, only
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt completed keys are removed; any record indicating
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt that a key has not yet finished signing the zone
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt will be retained.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>rndc signing -nsec3param</command> sets
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt the NSEC3 parameters for a zone. This is the
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt only supported mechanism for using NSEC3 with
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>inline-signing</command> zones.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Parameters are specified in the same format as
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt an NSEC3PARAM resource record: hash algorithm,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt flags, iterations, and salt, in that order.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt Currently, the only defined value for hash algorithm
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt is <literal>1</literal>, representing SHA-1.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt The <option>flags</option> may be set to
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <literal>0</literal> or <literal>1</literal>,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt depending on whether you wish to set the opt-out
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt bit in the NSEC3 chain. <option>iterations</option>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt defines the number of additional times to apply
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt the algorithm when generating an NSEC3 hash. The
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <option>salt</option> is a string of data expressed
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt in hexadecimal, a hyphen (`-') if no salt is
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt to be used, or the keyword <literal>auto</literal>,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt which causes <command>named</command> to generate a
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt random 64-bit salt.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt So, for example, to create an NSEC3 chain using
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt the SHA-1 hash algorithm, no opt-out flag,
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt 10 iterations, and a salt value of "FFFF", use:
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>rndc signing -nsec3param 1 0 10 FFFF <replaceable>zone</replaceable></command>.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt To set the opt-out flag, 15 iterations, and no
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt salt, use:
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>rndc signing -nsec3param 1 1 15 - <replaceable>zone</replaceable></command>.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>rndc signing -nsec3param none</command>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt removes an existing NSEC3 chain and replaces it
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt with NSEC.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <command>rndc signing -serial value</command> sets
4140a96f22b2319a658c17723c976ddff0e2633aMark Andrews the serial number of the zone to value. If the value
4140a96f22b2319a658c17723c976ddff0e2633aMark Andrews would cause the serial number to go backwards it will
4140a96f22b2319a658c17723c976ddff0e2633aMark Andrews be rejected. The primary use is to set the serial on
4140a96f22b2319a658c17723c976ddff0e2633aMark Andrews inline signed zones.
4140a96f22b2319a658c17723c976ddff0e2633aMark Andrews </para>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt </listitem>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </varlistentry>
1b2a4ce2b112ec91b0f13c411144e721c7952914Evan Hunt </variablelist>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </refsect1>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refsect1>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <title>LIMITATIONS</title>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein There is currently no way to provide the shared secret for a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <option>key_id</option> without using the configuration file.
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </para>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Several error messages could be clearer.
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </para>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </refsect1>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refsect1>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <title>SEE ALSO</title>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <para><citerefentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </citerefentry>,
b39ee56af9c9a690db068a98cf44af175dbb45edMark Andrews <citerefentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum>
b39ee56af9c9a690db068a98cf44af175dbb45edMark Andrews </citerefentry>,
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <citerefentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </citerefentry>,
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <citerefentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews </citerefentry>,
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <citerefentry>
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt <refentrytitle>ndc</refentrytitle><manvolnum>8</manvolnum>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </citerefentry>,
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </para>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </refsect1>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <refsect1>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley <title>AUTHOR</title>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <para><corpauthor>Internet Systems Consortium</corpauthor>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </para>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley </refsect1>
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein</refentry><!--
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley - Local variables:
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley - mode: sgml
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley - End:
4610465ed9408cbe434dbfb8be8ea53f48969c91Bob Halley-->