d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson

5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User<refentry>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refentryinfo>

5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User <date>June 30, 2000</date>

5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User </refentryinfo>

5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson <refmeta>

d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews <refentrytitle><application>rndc</application></refentrytitle>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <manvolnum>8</manvolnum>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refmiscinfo>BIND9</refmiscinfo>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refmeta>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refnamediv>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <refname><application>rndc</application></refname>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <refpurpose>name server control utility</refpurpose>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </refnamediv>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <refsynopsisdiv>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <cmdsynopsis>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <command>rndc</command>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <arg><option>-v</option></arg>

e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg rep="repeat">command</arg>

e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews </cmdsynopsis>

2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User </refsynopsisdiv>

e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews

2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <refsect1>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <title>DESCRIPTION</title>

e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews <para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <command>rndc</command> controls the operation of a name

e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews server. It supersedes the <command>ndc</command> utility

2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User that was provided in old BIND releases. If

e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews <command>rndc</command> is invoked with no command line

2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User options or arguments, it prints a short summary of the

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein supported commands and the available options and their

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User arguments.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </para>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <para>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <command>rndc</command> communicates with the name server

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein over a TCP connection, sending commands authenticated with

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein digital signatures. In the current versions of

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <command>rndc</command> and <command>named</command> named

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the only supported authentication algorithm is HMAC-MD5,

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein which uses a shared secret on each end of the connection.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User This provides TSIG-style authentication for the command

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein request and the name server's response. All commands sent

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein over the channel must be signed by a key_id known to the

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein server.

61e1dc26d62c2a0059e3ca7efe2ad0f4a5b8df92Mark Andrews </para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <command>rndc</command> reads a configuration file to

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein determine how to contact the name server and decide what

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User algorithm and key it should use.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refsect1>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <refsect1>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <title>OPTIONS</title>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <variablelist>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <term>-c <replaceable class="parameter">config-file</replaceable></term>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <listitem>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Use <replaceable class="parameter">config-file</replaceable>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User as the configuration file instead of the default,

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <filename>/etc/rndc.conf</filename>.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </listitem>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </varlistentry>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <varlistentry>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <term>-s <replaceable class="parameter">server</replaceable></term>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <listitem>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <replaceable class="parameter">server</replaceable> is

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the name or address of the server which matches a

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein server statement in the configuration file for

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <command>rndc</command>. If no server is supplied on the

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User command line, the host named by the default-server clause

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User in the option statement of the configuration file will be

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User used.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </para>

61e1dc26d62c2a0059e3ca7efe2ad0f4a5b8df92Mark Andrews </listitem>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </varlistentry>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <varlistentry>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-p <replaceable class="parameter">port</replaceable></term>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <listitem>

<para>

Send commands to TCP port

<replaceable class="parameter">port</replaceable> instead

of BIND 9's default control channel port, 953.

</para>

</listitem>

</varlistentry>

<varlistentry>

<term>-y <replaceable class="parameter">keyid</replaceable></term>

<listitem>

<para>

Use the key <replaceable class="parameter">keyid</replaceable>

from the configuration file.

<replaceable class="parameter">keyid</replaceable> must be

known by named with the same algorithm and secret string

in order for control message validation to succeed.

If no <replaceable class="parameter">keyid</replaceable>

is specified, <command>rndc</command> will first look

for a key clause in the server statement of the server

being used, or if no server statement is present for that

host, then the default-key clause of the options statement.

Note that the configuration file contains shared secrets

which are used to send authenticated control commands

to name servers. It should therefore not have general read

or write access.

</para>

</listitem>

</varlistentry>

<varlistentry>

<term>-v</term>

<listitem>

<para>

Enable verbose logging.

</para>

</listitem>

</varlistentry>

</variablelist>

<para>

For the complete set of commands supported by <command>rndc</command>,

see the BIND 9 Administrator Reference Manual or run

<command>rndc</command> without arguments to see its help message.

</para>

</refsect1>

<refsect1>

<title>LIMITATIONS</title>

<para>

<command>rndc</command> does not yet support all the commands of

the BIND 8 <command>ndc</command> utility.

</para>

<para>

There is currently no way to provide the shared secret for a

<option>key_id</option> without using the configuration file.

</para>

<para>

Several error messages could be clearer.

</para>

</refsect1>

<refsect1>

<title>SEE ALSO</title>

<para>

<citerefentry>

<refentrytitle>rndc.conf</refentrytitle>

<manvolnum>5</manvolnum>

</citerefentry>,

<citerefentry>

<refentrytitle>named</refentrytitle>

<manvolnum>8</manvolnum>

</citerefentry>,

<citerefentry>

<refentrytitle>named.conf</refentrytitle>

<manvolnum>5</manvolnum>

</citerefentry>

<citerefentry>

<refentrytitle>ndc</refentrytitle>

<manvolnum>8</manvolnum>

</citerefentry>,

<citetitle>BIND 9 Administrator Reference Manual</citetitle>.

</para>

</refsect1>

<refsect1>

<title>AUTHOR</title>

<para>

<corpauthor>Internet Software Consortium</corpauthor>

</para>

</refsect1>

</refentry>