rndc.html revision e21a2904f02a03fa06b6db04d348f65fe9c67b2b
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering - Copyright (C) 2000, 2001 Internet Software Consortium.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering - Permission to use, copy, modify, and distribute this software for any
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering - purpose with or without fee is hereby granted, provided that the above
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John - copyright notice and this permission notice appear in all copies.
4670e9d5f23fc39360c086fb58eadf8b157ee205Jan Engelhardt - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
4670e9d5f23fc39360c086fb58eadf8b157ee205Jan Engelhardt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
4670e9d5f23fc39360c086fb58eadf8b157ee205Jan Engelhardt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek - PERFORMANCE OF THIS SOFTWARE.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<!-- $Id: rndc.html,v 1.25 2006/12/12 01:45:21 marka Exp $ -->
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<a name="man.rndc"></a><div class="titlepage"></div>
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John<p><span class="application">rndc</span> — name server control utility</p>
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<a name="id2543600"></a><h2>DESCRIPTION</h2>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<p><span><strong class="command">rndc</strong></span>
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John controls the operation of a name
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt server. It supersedes the <span><strong class="command">ndc</strong></span> utility
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John that was provided in old BIND releases. If
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering <span><strong class="command">rndc</strong></span> is invoked with no command line
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering options or arguments, it prints a short summary of the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering supported commands and the available options and their
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<p><span><strong class="command">rndc</strong></span>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering communicates with the name server
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering over a TCP connection, sending commands authenticated with
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering digital signatures. In the current versions of
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span> named
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt the only supported authentication algorithm is HMAC-MD5,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering which uses a shared secret on each end of the connection.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering This provides TSIG-style authentication for the command
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering request and the name server's response. All commands sent
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering over the channel must be signed by a key_id known to the
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<p><span><strong class="command">rndc</strong></span>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering reads a configuration file to
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering determine how to contact the name server and decide what
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering algorithm and key it should use.
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek<a name="id2543635"></a><h2>OPTIONS</h2>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Use <em class="replaceable"><code>source-address</code></em>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering as the source address for the connection to the server.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Multiple instances are permitted to allow setting of both
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering the IPv4 and IPv6 source addresses.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Use <em class="replaceable"><code>config-file</code></em>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering as the configuration file instead of the default,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering <code class="filename">/etc/rndc.conf</code>.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Use <em class="replaceable"><code>key-file</code></em>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering as the key file instead of the default,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering <code class="filename">/etc/rndc.key</code>. The key in
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering <code class="filename">/etc/rndc.key</code> will be used to
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering does not exist.
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<dd><p><em class="replaceable"><code>server</code></em> is
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering the name or address of the server which matches a
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt server statement in the configuration file for
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John <span><strong class="command">rndc</strong></span>. If no server is supplied on
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John command line, the host named by the default-server clause
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John in the option statement of the configuration file will be
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Send commands to TCP port
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering <em class="replaceable"><code>port</code></em>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering of BIND 9's default control channel port, 953.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Enable verbose logging.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<dt><span class="term">-y <em class="replaceable"><code>keyid</code></em></span></dt>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Use the key <em class="replaceable"><code>keyid</code></em>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering from the configuration file.
4c2413bffa7861bd3c4b3589c821ab7e0ac51c83Jan Engelhardt <em class="replaceable"><code>keyid</code></em>
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John known by named with the same algorithm and secret string
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering in order for control message validation to succeed.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering If no <em class="replaceable"><code>keyid</code></em>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering is specified, <span><strong class="command">rndc</strong></span> will first look
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering for a key clause in the server statement of the server
8e420494bc59d8b9d43e6d34d8ec8bb765946c74Lennart Poettering being used, or if no server statement is present for that
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering host, then the default-key clause of the options statement.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering Note that the configuration file contains shared secrets
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering which are used to send authenticated control commands
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering to name servers. It should therefore not have general read
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering or write access.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering see the BIND 9 Administrator Reference Manual or run
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering <span><strong class="command">rndc</strong></span> without arguments to see its help
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<a name="id2543838"></a><h2>LIMITATIONS</h2>
8b7d0494a3fe35209d4db0d1b9e065e7e5cc9875Jason St. John<p><span><strong class="command">rndc</strong></span>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering does not yet support all the commands of
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering the BIND 8 <span><strong class="command">ndc</strong></span> utility.
b97610038a122ff30e60b1996369ca4b979d8b19Kay Sievers There is currently no way to provide the shared secret for a
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering <code class="option">key_id</code> without using the configuration file.
270f1624022039b370b9db311f9d33492833ad24Lennart Poettering Several error messages could be clearer.
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek<a name="id2543865"></a><h2>SEE ALSO</h2>
1e190502e78cea1f8bcb62e6d390305c89e41e6aZbigniew Jędrzejewski-Szmek<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
e49b5aada0df13c9e8fce7338ae34e075dd7ccd1Lennart Poettering<p><span class="corpauthor">Internet Systems Consortium</span>