bin/rndc/rndc.html

	rndc.html revision e21a2904f02a03fa06b6db04d348f65fe9c67b2b
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<!--
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync - Copyright (C) 2000, 2001 Internet Software Consortium.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync -
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync - Permission to use, copy, modify, and distribute this software for any
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync - purpose with or without fee is hereby granted, provided that the above
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync - copyright notice and this permission notice appear in all copies.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync -
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync - PERFORMANCE OF THIS SOFTWARE.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync-->
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<!-- $Id: rndc.html,v 1.25 2006/12/12 01:45:21 marka Exp $ -->
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<html>
930b5f872e89407f445d4000d4e4aaecaa6a0998vboxsync<head>
930b5f872e89407f445d4000d4e4aaecaa6a0998vboxsync<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
930b5f872e89407f445d4000d4e4aaecaa6a0998vboxsync<title>rndc</title>
930b5f872e89407f445d4000d4e4aaecaa6a0998vboxsync<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
930b5f872e89407f445d4000d4e4aaecaa6a0998vboxsync</head>
930b5f872e89407f445d4000d4e4aaecaa6a0998vboxsync<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
930b5f872e89407f445d4000d4e4aaecaa6a0998vboxsync<a name="man.rndc"></a><div class="titlepage"></div>
930b5f872e89407f445d4000d4e4aaecaa6a0998vboxsync<div class="refnamediv">
930b5f872e89407f445d4000d4e4aaecaa6a0998vboxsync<h2>Name</h2>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<p><span class="application">rndc</span> &#8212; name server control utility</p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync</div>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<div class="refsynopsisdiv">
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<h2>Synopsis</h2>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<div class="cmdsynopsis"><p><code class="command">rndc</code>  [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync</div>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<div class="refsect1" lang="en">
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<a name="id2543600"></a><h2>DESCRIPTION</h2>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<p><span><strong class="command">rndc</strong></span>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      controls the operation of a name
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      server.  It supersedes the <span><strong class="command">ndc</strong></span> utility
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      that was provided in old BIND releases.  If
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      <span><strong class="command">rndc</strong></span> is invoked with no command line
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      options or arguments, it prints a short summary of the
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      supported commands and the available options and their
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      arguments.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync    </p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<p><span><strong class="command">rndc</strong></span>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      communicates with the name server
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      over a TCP connection, sending commands authenticated with
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      digital signatures.  In the current versions of
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span> named
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      the only supported authentication algorithm is HMAC-MD5,
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      which uses a shared secret on each end of the connection.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      This provides TSIG-style authentication for the command
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      request and the name server's response.  All commands sent
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      over the channel must be signed by a key_id known to the
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      server.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync    </p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<p><span><strong class="command">rndc</strong></span>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      reads a configuration file to
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      determine how to contact the name server and decide what
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      algorithm and key it should use.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync    </p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync</div>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<div class="refsect1" lang="en">
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<a name="id2543635"></a><h2>OPTIONS</h2>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<div class="variablelist"><dl>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dd><p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            Use <em class="replaceable"><code>source-address</code></em>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            as the source address for the connection to the server.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            Multiple instances are permitted to allow setting of both
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            the IPv4 and IPv6 source addresses.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync          </p></dd>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dd><p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            Use <em class="replaceable"><code>config-file</code></em>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            as the configuration file instead of the default,
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            <code class="filename">/etc/rndc.conf</code>.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync          </p></dd>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dd><p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            Use <em class="replaceable"><code>key-file</code></em>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            as the key file instead of the default,
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            <code class="filename">/etc/rndc.key</code>.  The key in
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            <code class="filename">/etc/rndc.key</code> will be used to
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            authenticate
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            does not exist.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync          </p></dd>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dd><p><em class="replaceable"><code>server</code></em> is
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync                       the name or address of the server which matches a
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            server statement in the configuration file for
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            <span><strong class="command">rndc</strong></span>.  If no server is supplied on
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            the
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            command line, the host named by the default-server clause
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            in the option statement of the configuration file will be
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            used.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync          </p></dd>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dd><p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            Send commands to TCP port
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            <em class="replaceable"><code>port</code></em>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            instead
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            of BIND 9's default control channel port, 953.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync          </p></dd>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dt><span class="term">-V</span></dt>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dd><p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            Enable verbose logging.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync          </p></dd>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dt><span class="term">-y <em class="replaceable"><code>keyid</code></em></span></dt>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<dd><p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            Use the key <em class="replaceable"><code>keyid</code></em>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            from the configuration file.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            <em class="replaceable"><code>keyid</code></em>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            must be
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            known by named with the same algorithm and secret string
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            in order for control message validation to succeed.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            If no <em class="replaceable"><code>keyid</code></em>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            is specified, <span><strong class="command">rndc</strong></span> will first look
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            for a key clause in the server statement of the server
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            being used, or if no server statement is present for that
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            host, then the default-key clause of the options statement.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            Note that the configuration file contains shared secrets
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            which are used to send authenticated control commands
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            to name servers.  It should therefore not have general read
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync            or write access.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync          </p></dd>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync</dl></div>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      see the BIND 9 Administrator Reference Manual or run
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      <span><strong class="command">rndc</strong></span> without arguments to see its help
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      message.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync    </p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync</div>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<div class="refsect1" lang="en">
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<a name="id2543838"></a><h2>LIMITATIONS</h2>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<p><span><strong class="command">rndc</strong></span>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      does not yet support all the commands of
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      the BIND 8 <span><strong class="command">ndc</strong></span> utility.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync    </p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      There is currently no way to provide the shared secret for a
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      <code class="option">key_id</code> without using the configuration file.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync    </p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      Several error messages could be clearer.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync    </p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync</div>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<div class="refsect1" lang="en">
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<a name="id2543865"></a><h2>SEE ALSO</h2>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync    </p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync</div>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<div class="refsect1" lang="en">
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<a name="id2543912"></a><h2>AUTHOR</h2>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync<p><span class="corpauthor">Internet Systems Consortium</span>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync    </p>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync</div>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync</div></body>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync</html>
3194da424708abdd288b28d96892b3a5f3f7df0bvboxsync