rndc.docbook revision 0c27b3fe77ac1d5094ba3521e8142d9e7973133f
80833bb9a1bf25dcf19e814438a4b311d2e1f4cffuankg - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
1337c7673efc1f80f634139fbad7cbb98a0dc657ylavic - This Source Code Form is subject to the terms of the Mozilla Public
1337c7673efc1f80f634139fbad7cbb98a0dc657ylavic - License, v. 2.0. If a copy of the MPL was not distributed with this
1337c7673efc1f80f634139fbad7cbb98a0dc657ylavic - file, You can obtain one at http://mozilla.org/MPL/2.0/.
4da61833a1cbbca94094f9653fd970582b97a72etrawick<!-- Converted by db4-upgrade version 1.0 -->
4da61833a1cbbca94094f9653fd970582b97a72etrawick<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc">
4789804be088bcd86ae637a29cdb7fda25169521jailletc <refentryinfo>
4789804be088bcd86ae637a29cdb7fda25169521jailletc <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
e50c3026198fd496f183cda4c32a202925476778covener </refentryinfo>
5b88c8507d5ef6d0c4cfbc78230294968175b638minfrin <refentrytitle><application>rndc</application></refentrytitle>
4f29b65ab4b547ad5dbe506e2d0ff5d12ead9247ylavic <refnamediv>
0a0df13b7f1f4f1a74fe295253d89ca3911b301aylavic </refnamediv>
69301145375a889e7e37caf7cc7321ac0f91801erpluem <copyright>
d58a848a016d401b965111e50ef829e1641f7834minfrin <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
d58a848a016d401b965111e50ef829e1641f7834minfrin </copyright>
2e6f4d654c96c98b761fb012fd25c5d5b1558c44sf <copyright>
17e6c95f3b22d18acdf8380fb26a8d0e10c80767ylavic </copyright>
17e6c95f3b22d18acdf8380fb26a8d0e10c80767ylavic <refsynopsisdiv>
e8bd80a4bb88199d2f9a24a50345688e52d9c116ylavic <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">source-address</replaceable></option></arg>
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">server</replaceable></option></arg>
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic <arg choice="opt" rep="norepeat"><option>-q</option></arg>
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic <arg choice="opt" rep="norepeat"><option>-r</option></arg>
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic <arg choice="opt" rep="norepeat"><option>-V</option></arg>
d7205b1a86c51c27b71a2c458dc453fd53a261c1covener <arg choice="opt" rep="norepeat"><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
d7205b1a86c51c27b71a2c458dc453fd53a261c1covener </cmdsynopsis>
d7205b1a86c51c27b71a2c458dc453fd53a261c1covener </refsynopsisdiv>
44ff304057225e944e220e981d434a046d14cf06covener controls the operation of a name
5d1ba75b8794925e67591c209085a49279791de9covener server. It supersedes the <command>ndc</command> utility
5d1ba75b8794925e67591c209085a49279791de9covener that was provided in old BIND releases. If
5d1ba75b8794925e67591c209085a49279791de9covener <command>rndc</command> is invoked with no command line
032982212dbcc7c3cce95bf89c503bb56e185ac7kbrand options or arguments, it prints a short summary of the
032982212dbcc7c3cce95bf89c503bb56e185ac7kbrand supported commands and the available options and their
caad2986f81ab263f7af41467dd622dc9add17f3ylavic communicates with the name server over a TCP connection, sending
caad2986f81ab263f7af41467dd622dc9add17f3ylavic commands authenticated with digital signatures. In the current
caad2986f81ab263f7af41467dd622dc9add17f3ylavic versions of
45a10d38e6051fd7bdf9d742aaae633d97ff02abjailletc <command>rndc</command> and <command>named</command>,
f7317ff316c2b141feea31bddb74d5d3fa1584edjorton the only supported authentication algorithms are HMAC-MD5
f7317ff316c2b141feea31bddb74d5d3fa1584edjorton (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256
2165214331e4afafca4048f66f303d0253d7b001covener (default), HMAC-SHA384 and HMAC-SHA512.
a34684a59b60a4173c25035d0c627ef17e6dc215rpluem They use a shared secret on each end of the connection.
a34684a59b60a4173c25035d0c627ef17e6dc215rpluem This provides TSIG-style authentication for the command
1e2d421a36999d292042a5539971070d54aa6c63ylavic request and the name server's response. All commands sent
1e2d421a36999d292042a5539971070d54aa6c63ylavic over the channel must be signed by a key_id known to the
fa7ed98b9dc94c5845cf845aea0a44ecacd290c9humbedooh reads a configuration file to
0b67eb8568cd58bb77082703951679b42cf098actrawick determine how to contact the name server and decide what
0b67eb8568cd58bb77082703951679b42cf098actrawick algorithm and key it should use.
0b67eb8568cd58bb77082703951679b42cf098actrawick </refsection>
6502b7b32f980cc2093bb3ebce37e5e4dc68fba4ylavic <variablelist>
3060ce7f798fbda7999cd4ddf89b525d2b294185covener <varlistentry>
c1a63b8fad09c419c1a64f75993feb8a343a6801ylavic <term>-b <replaceable class="parameter">source-address</replaceable></term>
e6b4bd1113567627ab6bb6c6a7105e1e01a7d889jailletc Use <replaceable class="parameter">source-address</replaceable>
e6b4bd1113567627ab6bb6c6a7105e1e01a7d889jailletc as the source address for the connection to the server.
e466c40e1801982602ee0200c9e8b61cc148742djailletc Multiple instances are permitted to allow setting of both
e466c40e1801982602ee0200c9e8b61cc148742djailletc the IPv4 and IPv6 source addresses.
457468b82e59d01eba00dd9d0817309c8f5e414ejim </listitem>
457468b82e59d01eba00dd9d0817309c8f5e414ejim </varlistentry>
04983e3bd1754764eec7d6bb772fe3b0bf391771jorton <varlistentry>
15890c9306ba98f6fc243e15a3c4778ddc7d773erpluem <term>-c <replaceable class="parameter">config-file</replaceable></term>
49dacedb6c387b786b7911082ff35121a45f414bcovener Use <replaceable class="parameter">config-file</replaceable>
49dacedb6c387b786b7911082ff35121a45f414bcovener as the configuration file instead of the default,
cfd9415521847b2f9394fad04fb701cfb955f503rjung </listitem>
28c31fb73c1264bd1d0ff932573677030b024c7dwrowe </varlistentry>
28c31fb73c1264bd1d0ff932573677030b024c7dwrowe <varlistentry>
28c31fb73c1264bd1d0ff932573677030b024c7dwrowe <term>-k <replaceable class="parameter">key-file</replaceable></term>
63b9f1f5880391261705f696d7d65507bbe9ace3covener Use <replaceable class="parameter">key-file</replaceable>
63b9f1f5880391261705f696d7d65507bbe9ace3covener as the key file instead of the default,
49dacedb6c387b786b7911082ff35121a45f414bcovener authenticate
49dacedb6c387b786b7911082ff35121a45f414bcovener commands sent to the server if the <replaceable class="parameter">config-file</replaceable>
49dacedb6c387b786b7911082ff35121a45f414bcovener does not exist.
3c990331fc6702119e4f5b8ba9eae3021aea5265jim </listitem>
3c990331fc6702119e4f5b8ba9eae3021aea5265jim </varlistentry>
fc42512879dd0504532f52fe5d0d0383dda96a1eniq <varlistentry>
fc42512879dd0504532f52fe5d0d0383dda96a1eniq <term>-s <replaceable class="parameter">server</replaceable></term>
fc42512879dd0504532f52fe5d0d0383dda96a1eniq <listitem>
0451df5dc50fa5d8b3e07d92ee6a92e36a1181a5niq <para><replaceable class="parameter">server</replaceable> is
0451df5dc50fa5d8b3e07d92ee6a92e36a1181a5niq the name or address of the server which matches a
0451df5dc50fa5d8b3e07d92ee6a92e36a1181a5niq server statement in the configuration file for
da0442c0440caef34706e2c2f3af05cb65921cc0jailletc <command>rndc</command>. If no server is supplied on the
983528026996668ea295be95aedb9c7a346af470ylavic command line, the host named by the default-server clause
da0442c0440caef34706e2c2f3af05cb65921cc0jailletc in the options statement of the <command>rndc</command>
da0442c0440caef34706e2c2f3af05cb65921cc0jailletc configuration file will be used.
06b8f183140c8e02e0974e938a05078b511d1603covener </listitem>
06b8f183140c8e02e0974e938a05078b511d1603covener </varlistentry>
259878293a997ff49f5ddfc53d3739cbdc25444ecovener <varlistentry>
259878293a997ff49f5ddfc53d3739cbdc25444ecovener <term>-p <replaceable class="parameter">port</replaceable></term>
15890c9306ba98f6fc243e15a3c4778ddc7d773erpluem Send commands to TCP port
b54b024c06a19926832d77d40ba35ad8c41e4d3dminfrin of BIND 9's default control channel port, 953.
65967d05f839dbf27cf91d91fa79585eeae19660minfrin </listitem>
65967d05f839dbf27cf91d91fa79585eeae19660minfrin </varlistentry>
8152945ae46857b170cb227e79bb799f4fc7710dminfrin <varlistentry>
75f5c2db254c0167a0e396254460de09b775d203trawick Quiet mode: Message text returned by the server
75f5c2db254c0167a0e396254460de09b775d203trawick will not be printed except when there is an error.
4f0358189bfa57b8e75bd6b94db264302a8f336amrumph </listitem>
4f0358189bfa57b8e75bd6b94db264302a8f336amrumph </varlistentry>
5716f9c6daa92dde5f2f9d11ed63f7c9549c223atrawick <varlistentry>
54d750a84a175d8e338880514d440773eb986b50covener Instructs <command>rndc</command> to print the result code
54d750a84a175d8e338880514d440773eb986b50covener returned by <command>named</command> after executing the
54d750a84a175d8e338880514d440773eb986b50covener requested command (e.g., ISC_R_SUCCESS, ISC_R_FAILURE, etc).
54d750a84a175d8e338880514d440773eb986b50covener </listitem>
54d750a84a175d8e338880514d440773eb986b50covener </varlistentry>
54d750a84a175d8e338880514d440773eb986b50covener <varlistentry>
83b50288fa7d306324bba68832011ea08f5c7832covener Enable verbose logging.
83b50288fa7d306324bba68832011ea08f5c7832covener </listitem>
5f066f496cd9f20a2a701255bc67d44e7cb46daetrawick </varlistentry>
5f066f496cd9f20a2a701255bc67d44e7cb46daetrawick <varlistentry>
2e15620d724fb8e3a5be183b917359a2fd6e9468covener <term>-y <replaceable class="parameter">key_id</replaceable></term>
2e15620d724fb8e3a5be183b917359a2fd6e9468covener Use the key <replaceable class="parameter">key_id</replaceable>
1b988c41ee505962781d110a3e4c2c90f1ea0aa4covener from the configuration file.
1b988c41ee505962781d110a3e4c2c90f1ea0aa4covener known by <command>named</command> with the same algorithm and secret string
b8efdc95bec9cf089aa1be0bfd07d46aa1137a7acovener in order for control message validation to succeed.
b8efdc95bec9cf089aa1be0bfd07d46aa1137a7acovener If no <replaceable class="parameter">key_id</replaceable>
b8efdc95bec9cf089aa1be0bfd07d46aa1137a7acovener is specified, <command>rndc</command> will first look
f06e7c4b1bce6b6491e5de0b7998d3f5696b293dchrisd for a key clause in the server statement of the server
f06e7c4b1bce6b6491e5de0b7998d3f5696b293dchrisd being used, or if no server statement is present for that
f06e7c4b1bce6b6491e5de0b7998d3f5696b293dchrisd host, then the default-key clause of the options statement.
179565be4043d7e5f9161aa75271fa0a001866d9covener Note that the configuration file contains shared secrets
179565be4043d7e5f9161aa75271fa0a001866d9covener which are used to send authenticated control commands
179565be4043d7e5f9161aa75271fa0a001866d9covener to name servers. It should therefore not have general read
111436a32ba1254291e4883292fb116d15fe8f64covener or write access.
fce4949fb0b309a5744afcd503c6ed2d35621ee2covener </listitem>
fce4949fb0b309a5744afcd503c6ed2d35621ee2covener </varlistentry>
7b7430e701e9a31ce809da7c220bb8dfcf68c86etrawick </variablelist>
7b7430e701e9a31ce809da7c220bb8dfcf68c86etrawick </refsection>
ccc20788c1e5fc973f36df634399c89acb70deaejerenkrantz <refsection><info><title>COMMANDS</title></info>
273e512f20f262e5e2aa8e0e83371d1929fb76adjkaluza A list of commands supported by <command>rndc</command> can
273e512f20f262e5e2aa8e0e83371d1929fb76adjkaluza be seen by running <command>rndc</command> without arguments.
fe83f60b41477b14a37edcfcd1f7f5c5a1ebfe44minfrin Currently supported commands are:
993d1261a278d7322bccef219101220b7b4fb8c5jkaluza <variablelist>
993d1261a278d7322bccef219101220b7b4fb8c5jkaluza <varlistentry>
ba050a6f942b9fa0e81ed73437588005c569655ccovener <term><userinput>addzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> <replaceable>configuration</replaceable> </userinput></term>
ba050a6f942b9fa0e81ed73437588005c569655ccovener Add a zone while the server is running. This
135ddda3a989215d2bedbcf1529bfb269c3eda23niq command requires the
001a44c352f89c9ec332ffd3e0a6927dcd19432chumbedooh specified on the command line is the zone
001a44c352f89c9ec332ffd3e0a6927dcd19432chumbedooh configuration text that would ordinarily be
9b0076ddd1103e5fa9c1f9bafde4b06ce244fbaecovener The configuration is saved in a file called
9b0076ddd1103e5fa9c1f9bafde4b06ce244fbaecovener <filename><replaceable>name</replaceable>.nzf</filename>,
249d09d51808cb7981af99762c3b3736ca126cd5jkaluza name of the view, or if it contains characters
249d09d51808cb7981af99762c3b3736ca126cd5jkaluza that are incompatible with use as a file name, a
249d09d51808cb7981af99762c3b3736ca126cd5jkaluza cryptographic hash generated from the name
249d09d51808cb7981af99762c3b3736ca126cd5jkaluza of the view.
56589be3d7a3e9343370df240010c6928cc78b39jkaluza restarted, the file will be loaded into the view
56589be3d7a3e9343370df240010c6928cc78b39jkaluza configuration, so that zones that were added
77ca16c5676da23155311e13cee61e7eaba9fa3ejailletc can persist after a restart.
f87299dab99bc04b51a6b8cad51b6795db862c0atrawick to the default view:
4d12805e6c18253040223ea637acd6b3b3c18f60jorton<prompt>$ </prompt><userinput>rndc addzone example.com '{ type master; file "example.com.db"; };'</userinput>
85eacfc96a04547ef25aabbc06440039715084c2jorton (Note the brackets and semi-colon around the zone
e5d909f2b06bd880fb3675cd49363df981caa631trawick configuration text.)
a4df2cd1e1391575a327c2a90ba4315f805a0a78covener See also <command>rndc delzone</command> and <command>rndc modzone</command>.
cb666b29f81df1d11d65002250153353568021fccovener </listitem>
cb666b29f81df1d11d65002250153353568021fccovener </varlistentry>
1c2cab00d988fc48cbe59032cf76cc0bab20d6f7covener <varlistentry>
6a80c3c6f4b8ea7ba5e89402b8b779b09ce020e0covener <term><userinput>delzone <optional>-clean</optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
75a230a728338d84dcfe81edd375352f34de22d0covener Delete a zone while the server is running.
1f50dc34ae069adeed20b2986e5ffdefa5c410e0covener If the <option>-clean</option> argument is specified,
63a5ea80bddcc84a462e40f402b4f330e0e05411covener the zone's master file (and journal file, if any)
63a5ea80bddcc84a462e40f402b4f330e0e05411covener will be deleted along with the zone. Without the
63a5ea80bddcc84a462e40f402b4f330e0e05411covener be cleaned up by hand. (If the zone is of
65a4e663b82f8bce28ac22ab2edfd7502de36998sf type "slave" or "stub", the files needing to
65a4e663b82f8bce28ac22ab2edfd7502de36998sf be cleaned up will be reported in the output
74e7f6c55fd67b10cb400b3f6d1dc718a303d944minfrin If the zone was originally added via
74e7f6c55fd67b10cb400b3f6d1dc718a303d944minfrin removed permanently. However, if it was originally
a511a29faf2ff7ead3b67680154a624effb31aafminfrin that original configuration is still in place; when
a511a29faf2ff7ead3b67680154a624effb31aafminfrin the server is restarted or reconfigured, the zone will
a511a29faf2ff7ead3b67680154a624effb31aafminfrin come back. To remove it permanently, it must also be
63921358ef93fcb41bc71d9894221ba3d7fbb87bminfrin See also <command>rndc addzone</command> and <command>rndc modzone</command>.
deec48c67d4786bc77112ffbf3a4e70b931097edminfrin </listitem>
6d601599d3d65df0410eae6e573e75b2dbfb1fb4minfrin </varlistentry>
6d601599d3d65df0410eae6e573e75b2dbfb1fb4minfrin <varlistentry>
5c43d2fb853f84497b5ece2d414ef9484aa87e5fsf Close and re-open DNSTAP output files. This allows the files
05a5a9c3e16f21566e1b61f4bd68025ce1b741ccjoes to be renamed externally then to be re-opened.
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq </listitem>
26c5829347f6a355c00f1ba0301d575056b69536niq </varlistentry>
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq <varlistentry>
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq <term><userinput>dumpdb <optional>-all|-cache|-zone|-adb|-bad|-fail</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term>
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq <listitem>
c12917da693bae4028a1d5a5e8224bceed8c739dsf dump file for the specified views. If no view is
c12917da693bae4028a1d5a5e8224bceed8c739dsf specified, all
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf views are dumped.
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf the BIND 9 Administrator Reference Manual.)
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf </listitem>
d7ffd2da16d58b1a0de212e4d56f7aebb72bef26sf </varlistentry>
d7ffd2da16d58b1a0de212e4d56f7aebb72bef26sf <varlistentry>
4576c1a9ef54cd1e5555ee07d016a7f559f80338sf <listitem>
9811aed12bbc71783d2e544ccb5fecd193843eadsf Flushes the server's cache.
9811aed12bbc71783d2e544ccb5fecd193843eadsf </listitem>
88fac54d9d64f85bbdab5d7010816f4377f95bd7rjung </varlistentry>
bd3f5647b96d378d9c75c954e3f13582af32c643sf <varlistentry>
bd3f5647b96d378d9c75c954e3f13582af32c643sf <term><userinput>flushname</userinput> <replaceable>name</replaceable> <optional><replaceable>view</replaceable></optional> </term>
bd3f5647b96d378d9c75c954e3f13582af32c643sf <listitem>
bd3f5647b96d378d9c75c954e3f13582af32c643sf Flushes the given name from the view's DNS cache
2a7beea91d46beb41f043a84eaad060047ee04aafabien and, if applicable, from the view's nameserver address
2a7beea91d46beb41f043a84eaad060047ee04aafabien database, bad server cache and SERVFAIL cache.
2a7beea91d46beb41f043a84eaad060047ee04aafabien </listitem>
584a85dd4047e38d3ed3a29b6662fcc9d100ae4csf </varlistentry>
584a85dd4047e38d3ed3a29b6662fcc9d100ae4csf <varlistentry>
f21e9e3d0bfb7a507ecc5bc963f2159d693503d1sf <term><userinput>flushtree</userinput> <replaceable>name</replaceable> <optional><replaceable>view</replaceable></optional> </term>
f21e9e3d0bfb7a507ecc5bc963f2159d693503d1sf <listitem>
f6b9c755a0b793e8a3a3aebd327ca20a86478117sf Flushes the given name, and all of its subdomains,
f6b9c755a0b793e8a3a3aebd327ca20a86478117sf from the view's DNS cache, address database,
f6b9c755a0b793e8a3a3aebd327ca20a86478117sf bad server cache, and SERVFAIL cache.
132ee6ac1c26d6e8953836316ba50734eefab47bsf </listitem>
132ee6ac1c26d6e8953836316ba50734eefab47bsf </varlistentry>
85eacfc96a04547ef25aabbc06440039715084c2jorton <varlistentry>
85eacfc96a04547ef25aabbc06440039715084c2jorton <term><userinput>freeze <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
536d2e7cd1fdec1255b8c3bdf41fdc714c506a54trawick Suspend updates to a dynamic zone. If no zone is
536d2e7cd1fdec1255b8c3bdf41fdc714c506a54trawick specified, then all zones are suspended. This allows
79c5787b92ac5f0e1cc82393816c77a006399316trawick manual edits to be made to a zone normally updated by
79c5787b92ac5f0e1cc82393816c77a006399316trawick dynamic update. It also causes changes in the
79c5787b92ac5f0e1cc82393816c77a006399316trawick journal file to be synced into the master file.
79c5787b92ac5f0e1cc82393816c77a006399316trawick All dynamic update attempts will be refused while
c967bf3bc89e8aa60dbd30d9da388e448ddc1cc4trawick the zone is frozen.
79c5787b92ac5f0e1cc82393816c77a006399316trawick </listitem>
7b395e4e878c28a4784919cfd2e704ddd14a3390jorton </varlistentry>
7b395e4e878c28a4784919cfd2e704ddd14a3390jorton <varlistentry>
7b395e4e878c28a4784919cfd2e704ddd14a3390jorton <term><userinput>halt <optional>-p</optional></userinput></term>
e81785da447b469da66f218b3f0244aab507958djorton Stop the server immediately. Recent changes
e81785da447b469da66f218b3f0244aab507958djorton made through dynamic update or IXFR are not saved to
3e4e54d4e3fc0123c63d57aa84ac7ad7a8c73ff8jorton the master files, but will be rolled forward from the
3e4e54d4e3fc0123c63d57aa84ac7ad7a8c73ff8jorton journal files when the server is restarted.
3e4e54d4e3fc0123c63d57aa84ac7ad7a8c73ff8jorton If <option>-p</option> is specified <command>named</command>'s process id is returned.
53e9b27aba029b18be814df40bcf6f0428771d1efuankg This allows an external process to determine when <command>named</command>
53e9b27aba029b18be814df40bcf6f0428771d1efuankg had completed halting.
6bb524f1895f30265a1431afc460977d391cb36bsf </listitem>
ca61ccd0c306c2c72df153688ba1b49f3eceed80sf </varlistentry>
e6dd71992459d05a676b98b7963423dc5dc1e24aminfrin <varlistentry>
e6dd71992459d05a676b98b7963423dc5dc1e24aminfrin <term><userinput>loadkeys <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
23f1535d6a60817d2846bac0aea230ea475d7dccminfrin Fetch all DNSSEC keys for the given zone
23f1535d6a60817d2846bac0aea230ea475d7dccminfrin from the key directory. If they are within
23f1535d6a60817d2846bac0aea230ea475d7dccminfrin their publication period, merge them into the
23f1535d6a60817d2846bac0aea230ea475d7dccminfrin zone's DNSKEY RRset. Unlike <command>rndc
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung sign</command>, however, the zone is not
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung immediately re-signed by the new keys, but is
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung allowed to incrementally re-sign over time.
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung This command requires that the
6249dfa569d3b4f1f539665b979a80c6e335d93etrawick and also requires the zone to be configured to
6249dfa569d3b4f1f539665b979a80c6e335d93etrawick allow dynamic DNS.
0827cb14e550f6f65018431c22c2c913631c8f25kbrand (See "Dynamic Update Policies" in the Administrator
6249dfa569d3b4f1f539665b979a80c6e335d93etrawick Reference Manual for more details.)
6249dfa569d3b4f1f539665b979a80c6e335d93etrawick </listitem>
cfa64348224b66dd1c9979b809406c4d15b1c137fielding </varlistentry>
cfa64348224b66dd1c9979b809406c4d15b1c137fielding <varlistentry>
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim <term><userinput>managed-keys <replaceable>(status | refresh | sync)</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
cfa64348224b66dd1c9979b809406c4d15b1c137fielding When run with the "status" keyword, print the current
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim status of the managed-keys database for the specified
cfa64348224b66dd1c9979b809406c4d15b1c137fielding view, or for all views if none is specified. When run
<term><userinput>modzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> <replaceable>configuration</replaceable> </userinput></term>
<term><userinput>notify <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
All of these options can be shortened, i.e., to
<term><userinput>refresh <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
<term><userinput>reload <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
<term><userinput>retransfer <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
<term><userinput>secroots <optional>-</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term>
<term><userinput>showzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
<term><userinput>sign <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
<term><userinput>signing <optional>( -list | -clear <replaceable>keyid/algorithm</replaceable> | -clear <literal>all</literal> | -nsec3param ( <replaceable>parameters</replaceable> | <literal>none</literal> ) | -serial <replaceable>value</replaceable> ) </optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
<term><userinput>sync <optional>-clean</optional> <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
<term><userinput>thaw <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
<term><userinput>tsig-delete</userinput> <replaceable>keyname</replaceable> <optional><replaceable>view</replaceable></optional></term>
<term><userinput>validation ( on | off | check ) <optional><replaceable>view ...</replaceable></optional> </userinput></term>