rndc.docbook revision 83a28ca274521e15086fc39febde507bcc4e145e
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews - This Source Code Form is subject to the terms of the Mozilla Public
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews - License, v. 2.0. If a copy of the MPL was not distributed with this
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews - file, You can obtain one at http://mozilla.org/MPL/2.0/.
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews<!-- Converted by db4-upgrade version 1.0 -->
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc">
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <refentryinfo>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
7ed4399c6598276b76df95e6dc91ed7b2834abc6Evan Hunt </refentryinfo>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <refentrytitle><application>rndc</application></refentrytitle>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <refnamediv>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <refname><application>rndc</application></refname>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <refpurpose>name server control utility</refpurpose>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews </refnamediv>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews </copyright>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <refsynopsisdiv>
7ed4399c6598276b76df95e6dc91ed7b2834abc6Evan Hunt <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">source-address</replaceable></option></arg>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">server</replaceable></option></arg>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <arg choice="opt" rep="norepeat"><option>-q</option></arg>
7ed4399c6598276b76df95e6dc91ed7b2834abc6Evan Hunt <arg choice="opt" rep="norepeat"><option>-r</option></arg>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <arg choice="opt" rep="norepeat"><option>-V</option></arg>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <arg choice="opt" rep="norepeat"><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews </cmdsynopsis>
7ed4399c6598276b76df95e6dc91ed7b2834abc6Evan Hunt </refsynopsisdiv>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <refsection><info><title>DESCRIPTION</title></info>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews controls the operation of a name
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews server. It supersedes the <command>ndc</command> utility
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews that was provided in old BIND releases. If
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <command>rndc</command> is invoked with no command line
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews options or arguments, it prints a short summary of the
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews supported commands and the available options and their
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews communicates with the name server over a TCP connection, sending
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews commands authenticated with digital signatures. In the current
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <command>rndc</command> and <command>named</command>,
7ed4399c6598276b76df95e6dc91ed7b2834abc6Evan Hunt the only supported authentication algorithms are HMAC-MD5
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews (default), HMAC-SHA384 and HMAC-SHA512.
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews They use a shared secret on each end of the connection.
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews This provides TSIG-style authentication for the command
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews request and the name server's response. All commands sent
7ed4399c6598276b76df95e6dc91ed7b2834abc6Evan Hunt over the channel must be signed by a key_id known to the
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews reads a configuration file to
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews determine how to contact the name server and decide what
7ed4399c6598276b76df95e6dc91ed7b2834abc6Evan Hunt algorithm and key it should use.
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews </refsection>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <refsection><info><title>OPTIONS</title></info>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <variablelist>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <varlistentry>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <term>-b <replaceable class="parameter">source-address</replaceable></term>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews Use <replaceable class="parameter">source-address</replaceable>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews as the source address for the connection to the server.
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews Multiple instances are permitted to allow setting of both
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews the IPv4 and IPv6 source addresses.
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews </varlistentry>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <varlistentry>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <term>-c <replaceable class="parameter">config-file</replaceable></term>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews Use <replaceable class="parameter">config-file</replaceable>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews as the configuration file instead of the default,
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews </varlistentry>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <varlistentry>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <term>-k <replaceable class="parameter">key-file</replaceable></term>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews Use <replaceable class="parameter">key-file</replaceable>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews as the key file instead of the default,
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <filename>/etc/rndc.key</filename> will be used to
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews authenticate
7ed4399c6598276b76df95e6dc91ed7b2834abc6Evan Hunt commands sent to the server if the <replaceable class="parameter">config-file</replaceable>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews does not exist.
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews </varlistentry>
7ed4399c6598276b76df95e6dc91ed7b2834abc6Evan Hunt <varlistentry>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <term>-s <replaceable class="parameter">server</replaceable></term>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews <para><replaceable class="parameter">server</replaceable> is
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews the name or address of the server which matches a
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews server statement in the configuration file for
7ed4399c6598276b76df95e6dc91ed7b2834abc6Evan Hunt <command>rndc</command>. If no server is supplied on the
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews command line, the host named by the default-server clause
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews in the options statement of the <command>rndc</command>
1c9f629c181dfd14bb429a6699d22c3c023aa218Mark Andrews configuration file will be used.
requested command (e.g., ISC_R_SUCCESS, ISC_R_FAILURE, etc).
<term><userinput>addzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> <replaceable>configuration</replaceable> </userinput></term>
<prompt>$ </prompt><userinput>rndc addzone example.com '{ type master; file "example.com.db"; };'</userinput>
<term><userinput>delzone <optional>-clean</optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
<term><userinput>dnstap ( -reopen | -roll <optional><replaceable>number</replaceable></optional> )</userinput></term>
<term><userinput>dumpdb <optional>-all|-cache|-zone|-adb|-bad|-fail</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term>
<term><userinput>flushname</userinput> <replaceable>name</replaceable> <optional><replaceable>view</replaceable></optional> </term>
<term><userinput>flushtree</userinput> <replaceable>name</replaceable> <optional><replaceable>view</replaceable></optional> </term>
<term><userinput>freeze <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
<term><userinput>loadkeys <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
<term><userinput>managed-keys <replaceable>(status | refresh | sync)</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
<term><userinput>modzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> <replaceable>configuration</replaceable> </userinput></term>
<term><userinput>notify <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
All of these options can be shortened, i.e., to
<term><userinput>refresh <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
<term><userinput>reload <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
<term><userinput>retransfer <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
<term><userinput>secroots <optional>-</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term>
<term><userinput>showzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
<term><userinput>sign <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>
<term><userinput>signing <optional>( -list | -clear <replaceable>keyid/algorithm</replaceable> | -clear <literal>all</literal> | -nsec3param ( <replaceable>parameters</replaceable> | <literal>none</literal> ) | -serial <replaceable>value</replaceable> ) </optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term>
<term><userinput>sync <optional>-clean</optional> <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
<term><userinput>thaw <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term>
<term><userinput>tsig-delete</userinput> <replaceable>keyname</replaceable> <optional><replaceable>view</replaceable></optional></term>
<term><userinput>validation ( on | off | check ) <optional><replaceable>view ...</replaceable></optional> </userinput></term>