1N/A - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") 1N/A - Copyright (C) 2000, 2001 Internet Software Consortium. 1N/A - Permission to use, copy, modify, and distribute this software for any 1N/A - purpose with or without fee is hereby granted, provided that the above 1N/A - copyright notice and this permission notice appear in all copies. 1N/A - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 1N/A - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 1N/A - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 1N/A - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 1N/A - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 1N/A - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 1N/A - PERFORMANCE OF THIS SOFTWARE. 1N/ACONTENT="Modular DocBook HTML Stylesheet Version 1.73 1N/A> -- name server control utility</
DIV 1N/ACLASS="REFSYNOPSISDIV" > controls the operation of a name
server. It supersedes the <
B that was provided in old BIND releases. If
> is invoked with no command line
options or arguments, it prints a short summary of the
supported commands and the available options and their
> communicates with the name server
over a TCP connection, sending commands authenticated with
digital signatures. In the current versions of
the only supported authentication algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection.
This provides TSIG-style authentication for the command
request and the name server's response. All commands sent
over the channel must be signed by a key_id known to the
> reads a configuration file to
determine how to contact the name server and decide what
algorithm and key it should use.
as the configuration file instead of the default,
as the key file instead of the default,
> will be used to authenticate
commands sent to the server if the <
TT the name or address of the server which matches a
server statement in the configuration file for
>. If no server is supplied on the
command line, the host named by the default-server clause
in the option statement of the configuration file will be
> Send commands to TCP port
of BIND 9's default control channel port, 953.
> Enable verbose logging.
from the configuration file.
known by named with the same algorithm and secret string
in order for control message validation to succeed.
for a key clause in the server statement of the server
being used, or if no server statement is present for that
host, then the default-key clause of the options statement.
Note that the configuration file contains shared secrets
which are used to send authenticated control commands
to name servers. It should therefore not have general read
> For the complete set of commands supported by <
B see the BIND 9 Administrator Reference Manual or run
> without arguments to see its help message.
> does not yet support all the commands of
> There is currently no way to provide the shared secret for a
> without using the configuration file.
> Several error messages could be clearer.
>BIND 9 Administrator Reference Manual</
I> Internet Software Consortium