rndc.html revision 60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - Copyright (C) 2000, 2001 Internet Software Consortium
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - Permission to use, copy, modify, and distribute this software for any
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - purpose with or without fee is hereby granted, provided that the above
841179549b6433e782c164a562eb3422f603533dAndreas Gustafsson - copyright notice and this permission notice appear in all copies.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas Gustafsson - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - PERFORMANCE OF THIS SOFTWARE.
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas Gustafsson<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<meta name="generator" content="DocBook XSL Stylesheets V1.68.1">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<a name="id2456614"></a><div class="titlepage"></div>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<p><span class="application">rndc</span> — name server control utility</p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<p><span><strong class="command">rndc</strong></span>
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas Gustafsson controls the operation of a name
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce server. It supersedes the <span><strong class="command">ndc</strong></span> utility
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce that was provided in old BIND releases. If
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span><strong class="command">rndc</strong></span> is invoked with no command line
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce options or arguments, it prints a short summary of the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce supported commands and the available options and their
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<p><span><strong class="command">rndc</strong></span>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce communicates with the name server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce over a TCP connection, sending commands authenticated with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce digital signatures. In the current versions of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span> named
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce the only supported authentication algorithm is HMAC-MD5,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce which uses a shared secret on each end of the connection.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce This provides TSIG-style authentication for the command
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce request and the name server's response. All commands sent
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce over the channel must be signed by a key_id known to the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<p><span><strong class="command">rndc</strong></span>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce reads a configuration file to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce determine how to contact the name server and decide what
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce algorithm and key it should use.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Use <em class="replaceable"><code>source-address</code></em>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce as the source address for the connection to the server.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Multiple instances are permitted to allow setting of both
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce the IPv4 and IPv6 source addresses.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Use <em class="replaceable"><code>config-file</code></em>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce as the configuration file instead of the default,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Use <em class="replaceable"><code>key-file</code></em>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce as the key file instead of the default,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <code class="filename">/etc/rndc.key</code>. The key in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <code class="filename">/etc/rndc.key</code> will be used to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce authenticate
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce does not exist.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<dd><p><em class="replaceable"><code>server</code></em> is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce the name or address of the server which matches a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce server statement in the configuration file for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span><strong class="command">rndc</strong></span>. If no server is supplied on
4c706de3c7129fb8e3ea21c439a86cf57a71c99aAndreas Gustafsson command line, the host named by the default-server clause
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce in the option statement of the configuration file will be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Send commands to TCP port
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce of BIND 9's default control channel port, 953.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Enable verbose logging.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<dt><span class="term">-y <em class="replaceable"><code>keyid</code></em></span></dt>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Use the key <em class="replaceable"><code>keyid</code></em>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce from the configuration file.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce known by named with the same algorithm and secret string
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce in order for control message validation to succeed.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce If no <em class="replaceable"><code>keyid</code></em>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce is specified, <span><strong class="command">rndc</strong></span> will first look
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce for a key clause in the server statement of the server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce being used, or if no server statement is present for that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce host, then the default-key clause of the options statement.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Note that the configuration file contains shared secrets
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce which are used to send authenticated control commands
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce to name servers. It should therefore not have general read
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce or write access.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce see the BIND 9 Administrator Reference Manual or run
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span><strong class="command">rndc</strong></span> without arguments to see its help
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<p><span><strong class="command">rndc</strong></span>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce does not yet support all the commands of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce the BIND 8 <span><strong class="command">ndc</strong></span> utility.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce There is currently no way to provide the shared secret for a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <code class="option">key_id</code> without using the configuration file.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Several error messages could be clearer.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<p><span class="corpauthor">Internet Systems Consortium</span>