rndc.docbook revision dafcb997e390efa4423883dafd100c975c4095d6
c330021bf3f45cbf187fa644781e67f7e470a58awrowe<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
c330021bf3f45cbf187fa644781e67f7e470a58awrowe - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz - Copyright (C) 2001 Internet Software Consortium.
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe - Permission to use, copy, modify, and distribute this software for any
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe - purpose with or without fee is hereby granted, provided that the above
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe - copyright notice and this permission notice appear in all copies.
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe - PERFORMANCE OF THIS SOFTWARE.
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe<!-- $Id: rndc.docbook,v 1.8 2004/03/05 04:58:20 marka Exp $ -->
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe <refentryinfo>
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz </refentryinfo>
87d944bf70927764edf8ef69e46d3b4b8fa09131pquerna <refentrytitle><application>rndc</application></refentrytitle>
0cba3a63e59bfa77f67955cb4e034264ed6c5523jerenkrantz <refnamediv>
84cbf7ab5adeca6b94c462a46d74f17388b6ff6fjerenkrantz <refname><application>rndc</application></refname>
84cbf7ab5adeca6b94c462a46d74f17388b6ff6fjerenkrantz <refpurpose>name server control utility</refpurpose>
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj </refnamediv>
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe <refsynopsisdiv>
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe <cmdsynopsis>
d96ee8cda2799e1f2743c1603adeb4833ed0e15fslive <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz <arg><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz </cmdsynopsis>
d96ee8cda2799e1f2743c1603adeb4833ed0e15fslive </refsynopsisdiv>
5ca8e11fadb6f7a8d9d0367c1800205c99d4bcd6jerenkrantz <command>rndc</command> controls the operation of a name
62f7716b14b71603a8004434ca3536902bfb8899wrowe server. It supersedes the <command>ndc</command> utility
45b0e1c775c1cfed6473c9e5304179ccb9609f53stoddard that was provided in old BIND releases. If
dbec4658981e4f9127e8676457c28d42932be7cdtrawick <command>rndc</command> is invoked with no command line
f6a9b598f78b2e745456bfc4bbc4afd2d1572aa9stas options or arguments, it prints a short summary of the
f6a9b598f78b2e745456bfc4bbc4afd2d1572aa9stas supported commands and the available options and their
0db0abcbe4211435c08e0c0e8f5daa278bed3524wsanchez <command>rndc</command> communicates with the name server
f6a9b598f78b2e745456bfc4bbc4afd2d1572aa9stas over a TCP connection, sending commands authenticated with
f6a9b598f78b2e745456bfc4bbc4afd2d1572aa9stas digital signatures. In the current versions of
f6a9b598f78b2e745456bfc4bbc4afd2d1572aa9stas <command>rndc</command> and <command>named</command> named
0db0abcbe4211435c08e0c0e8f5daa278bed3524wsanchez the only supported authentication algorithm is HMAC-MD5,
47c81da11264e8870b146dbdf3ac0384d3290ae9jerenkrantz which uses a shared secret on each end of the connection.
0db0abcbe4211435c08e0c0e8f5daa278bed3524wsanchez This provides TSIG-style authentication for the command
d64eb0a76ec10c2405d14b892b0eb0f7ce27a613stas request and the name server's response. All commands sent
d64eb0a76ec10c2405d14b892b0eb0f7ce27a613stas over the channel must be signed by a key_id known to the
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <command>rndc</command> reads a configuration file to
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz determine how to contact the name server and decide what
f95a0b59eb24c631f15bd83e20c6cf823c432d83trawick algorithm and key it should use.
f95a0b59eb24c631f15bd83e20c6cf823c432d83trawick </refsect1>
f95a0b59eb24c631f15bd83e20c6cf823c432d83trawick <variablelist>
f95a0b59eb24c631f15bd83e20c6cf823c432d83trawick <varlistentry>
418f39e60a288f855ec033b566744489c3bbbf39trawick <term>-c <replaceable class="parameter">config-file</replaceable></term>
ddafc111b94558ef4e2d7357ceda623315566ce3slive Use <replaceable class="parameter">config-file</replaceable>
ddafc111b94558ef4e2d7357ceda623315566ce3slive as the configuration file instead of the default,
ddafc111b94558ef4e2d7357ceda623315566ce3slive </listitem>
93f189f1198f539d3cfa75a15b23dcde60ee35ffrbb </varlistentry>
bca5b27d271b6e1690134a83963424b9825d93bdstriker <varlistentry>
bca5b27d271b6e1690134a83963424b9825d93bdstriker <term>-k <replaceable class="parameter">key-file</replaceable></term>
13402b2193f52031b2acfbee2b0965e02f3f29b4wrowe Use <replaceable class="parameter">key-file</replaceable>
38d2c5d41cdb5eb28668d0290b59f8c76ae2a4bfjim as the key file instead of the default,
38d2c5d41cdb5eb28668d0290b59f8c76ae2a4bfjim <filename>/etc/rndc.key</filename> will be used to authenticate
93f189f1198f539d3cfa75a15b23dcde60ee35ffrbb commands sent to the server if the <replaceable class="parameter">config-file</replaceable>
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz does not exist.
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz </varlistentry>
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <varlistentry>
b9b0788ea79de3ee230ccb0abf93a0c2c08f6287lars <term>-s <replaceable class="parameter">server</replaceable></term>
38d2c5d41cdb5eb28668d0290b59f8c76ae2a4bfjim the name or address of the server which matches a
38d2c5d41cdb5eb28668d0290b59f8c76ae2a4bfjim server statement in the configuration file for
b9b0788ea79de3ee230ccb0abf93a0c2c08f6287lars command line, the host named by the default-server clause
b9b0788ea79de3ee230ccb0abf93a0c2c08f6287lars in the option statement of the configuration file will be
7718f3d5b4da70eb063877f5300ee361435910f4nd </listitem>
1af5c0e25a649bb298e25ddfa5418fa18bdcb107aaron </varlistentry>
82455c2e3b6991846fbcbf0c9e41f57dbc681217brianp <varlistentry>
84cbf7ab5adeca6b94c462a46d74f17388b6ff6fjerenkrantz <term>-p <replaceable class="parameter">port</replaceable></term>
62f7716b14b71603a8004434ca3536902bfb8899wrowe Send commands to TCP port
1b3f48fd6b1ccb8745f908e40156c5a85ca3c347jerenkrantz <replaceable class="parameter">port</replaceable> instead
b05930e6008f69bd323abe0c10f81f40ffd27983brianp of BIND 9's default control channel port, 953.
d96ee8cda2799e1f2743c1603adeb4833ed0e15fslive </varlistentry>
ed7c594e460858633e768386dbc1447a2ccdfe04pquerna <varlistentry>
0723420d6007137272f4f140ffd17035b17c1563nd <listitem>
0723420d6007137272f4f140ffd17035b17c1563nd Enable verbose logging.
0723420d6007137272f4f140ffd17035b17c1563nd </listitem>
0723420d6007137272f4f140ffd17035b17c1563nd </varlistentry>
0723420d6007137272f4f140ffd17035b17c1563nd <varlistentry>
0723420d6007137272f4f140ffd17035b17c1563nd <term>-y <replaceable class="parameter">keyid</replaceable></term>
0723420d6007137272f4f140ffd17035b17c1563nd <listitem>
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz Use the key <replaceable class="parameter">keyid</replaceable>
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz from the configuration file.
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz <replaceable class="parameter">keyid</replaceable> must be
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz known by named with the same algorithm and secret string
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz in order for control message validation to succeed.
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz If no <replaceable class="parameter">keyid</replaceable>
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz is specified, <command>rndc</command> will first look
56afb23a30271d30e87f225cce6c69969d6dd8bbwrowe for a key clause in the server statement of the server
56afb23a30271d30e87f225cce6c69969d6dd8bbwrowe being used, or if no server statement is present for that
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz host, then the default-key clause of the options statement.
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe Note that the configuration file contains shared secrets
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe which are used to send authenticated control commands
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe to name servers. It should therefore not have general read
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe or write access.
b3b4e853e4958357ee2d50e2fe41effecfde9eedwrowe </listitem>
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe </varlistentry>
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe </variablelist>
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe For the complete set of commands supported by <command>rndc</command>,
6362fd5c48f6b2193f5d356a9747172101b24e91jerenkrantz see the BIND 9 Administrator Reference Manual or run
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe <command>rndc</command> without arguments to see its help message.
c330021bf3f45cbf187fa644781e67f7e470a58awrowe </refsect1>
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe <command>rndc</command> does not yet support all the commands of
b05930e6008f69bd323abe0c10f81f40ffd27983brianp There is currently no way to provide the shared secret for a
b05930e6008f69bd323abe0c10f81f40ffd27983brianp <option>key_id</option> without using the configuration file.
4c7dab038d90d7feb67ef8ddbfacc77be8c9dbf0jwoolley Several error messages could be clearer.
bb2a72a6e2327ae4f177c9d26e9d433033cfc27eaaron </refsect1>
f9b8e29cfca92cf0a996e8ab17fa1a1f447cecc7stoddard <citerefentry>
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe </citerefentry>,
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe <citerefentry>
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe </citerefentry>,
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe <citerefentry>
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe </citerefentry>
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe <citerefentry>
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe </citerefentry>,
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe </refsect1>
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe </refsect1>
db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb</refentry>
db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb - Local variables:
db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb - mode: sgml