doc/arm/Bv9ARM.ch03.html

	Bv9ARM.ch03.html revision 2cc7515f8a0c2f5f86ec85a853c7cb855b3d9536
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!--
c92c50783e4e93699f2a42643b8f200b9b719c87Automatic Updater - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<!-- $Id$ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<html>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<title>Chapter�3.�Name Server Configuration</title>
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="next" href="Bv9ARM.ch04.html" title="Chapter�4.�Advanced DNS Features">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="navheader">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<table width="100%" summary="Navigation header">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr><th colspan="3" align="center">Chapter�3.�Name Server Configuration</th></tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="left">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<th width="60%" align="center">�</th>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<hr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="chapter" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="Bv9ARM.ch03"></a>Chapter�3.�Name Server Configuration</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="toc">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><b>Table of Contents</b></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dl>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><dl>
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567771">A Caching-only Name Server</a></span></dt>
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567992">An Authoritative-only Name Server</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></dd>
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568014">Load Balancing</a></span></dt>
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568369">Name Server Operations</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><dl>
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568374">Tools for Use With the Name Server Daemon</a></span></dt>
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570692">Signals</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater      In this chapter we provide some suggested configurations along
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      with guidelines for their use.  We suggest reasonable values for
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      certain option settings.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="sect1" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="sect2" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<a name="id2567771"></a>A Caching-only Name Server</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          The following sample configuration is appropriate for a caching-only
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          name server for use by clients internal to a corporation.  All
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          queries
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          from outside clients are refused using the <span><strong class="command">allow-query</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          option.  Alternatively, the same effect could be achieved using
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          suitable
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          firewall rules.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<pre class="programlisting">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein// Two corporate subnets we wish to allow queries from.
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptions {
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // Working directory
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     directory "/etc/namedb";
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson     allow-query { corpnets; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater// Provide a reverse mapping for the loopback
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater// address 127.0.0.1
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone "0.0.127.in-addr.arpa" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     type master;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     file "localhost.rev";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     notify no;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</pre>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="sect2" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<a name="id2567992"></a>An Authoritative-only Name Server</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          This sample configuration is for an authoritative-only server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          that is the master server for "<code class="filename">example.com</code>"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          and a slave for the subdomain "<code class="filename">eng.example.com</code>".
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<pre class="programlisting">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinoptions {
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // Working directory
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     directory "/etc/namedb";
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // Do not allow access to cache
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     allow-query-cache { none; };
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // This is the default
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     allow-query { any; };
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // Do not provide recursive service
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     recursion no;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater// Provide a reverse mapping for the loopback
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater// address 127.0.0.1
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone "0.0.127.in-addr.arpa" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     type master;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     file "localhost.rev";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     notify no;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// We are the master server for example.com
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone "example.com" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     type master;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     file "example.com.db";
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // IP addresses of slave servers allowed to
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // transfer example.com
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     allow-transfer {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce          192.168.4.14;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce          192.168.5.53;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// We are a slave server for eng.example.com
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone "eng.example.com" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     type slave;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     file "eng.example.com.bk";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     // IP address of eng.example.com master server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     masters { 192.168.4.12; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</pre>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="sect1" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<a name="id2568014"></a>Load Balancing</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        A primitive form of load balancing can be achieved in
1224c3b69b3d18f7127aa042644936af25a2d679Mark Andrews        the <acronym class="acronym">DNS</acronym> by using multiple records
1224c3b69b3d18f7127aa042644936af25a2d679Mark Andrews        (such as multiple A records) for one name.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        For example, if you have three WWW servers with network addresses
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        following means that clients will connect to each machine one third
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        of the time:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="informaltable"><table border="1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<colgroup>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<col>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<col>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<col>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<col>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<col>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</colgroup>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tbody>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Name
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  TTL
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  CLASS
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  TYPE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Resource Record (RR) Data
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">www</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">600</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">IN</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">A</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">10.0.0.1</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">600</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">IN</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">A</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">10.0.0.2</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">600</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">IN</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">A</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">10.0.0.3</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tbody>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews        When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        them and respond to the query with the records in a different
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        order.  In the example above, clients will randomly receive
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        will use the first record returned and discard the rest.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        For more detail on ordering responses, check the
f7b2875691497b292eacb60609be23a813d14e63Automatic Updater        <span><strong class="command">rrset-order</strong></span> sub-statement in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <span><strong class="command">options</strong></span> statement, see
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="sect1" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<a name="id2568369"></a>Name Server Operations</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="sect2" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<a name="id2568374"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          This section describes several indispensable diagnostic,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          administrative and monitoring tools available to the system
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          administrator for controlling and debugging the name server
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          daemon.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="sect3" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h4 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <span><strong class="command">nslookup</strong></span> programs are all command
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            line tools
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            for manually querying name servers.  They differ in style and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            output format.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="variablelist"><dl>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The domain information groper (<span><strong class="command">dig</strong></span>)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  is the most versatile and complete of these lookup tools.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  It has two modes: simple interactive
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  mode for a single query, and batch mode which executes a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  query for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  each in a list of several query lines. All query options are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  accessible
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  from the command line.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">dig</code>  [@<em class="replaceable"><code>server</code></em>]  <em class="replaceable"><code>domain</code></em>  [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic Updater                  The usual simple use of <span><strong class="command">dig</strong></span> will take the form
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">dig @server domain query-type query-class</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  For more information and a list of available commands and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  options, see the <span><strong class="command">dig</strong></span> man
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  page.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><span><strong class="command">host</strong></span></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The <span><strong class="command">host</strong></span> utility emphasizes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  simplicity
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  and ease of use.  By default, it converts
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  between host names and Internet addresses, but its
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  functionality
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  can be extended with the use of options.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark Andrews<div class="cmdsynopsis"><p><code class="command">host</code>  [-aCdlnrsTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] [-m <em class="replaceable"><code>flag</code></em>] [-4] [-6]  <em class="replaceable"><code>hostname</code></em>  [<em class="replaceable"><code>server</code></em>]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  For more information and a list of available commands and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  options, see the <span><strong class="command">host</strong></span> man
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  page.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span><strong class="command">nslookup</strong></span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  has two modes: interactive and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  non-interactive. Interactive mode allows the user to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  query name servers for information about various
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  hosts and domains or to print a list of hosts in a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  domain. Non-interactive mode is used to print just
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  the name and requested information for a host or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  domain.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<div class="cmdsynopsis"><p><code class="command">nslookup</code>  [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] |  [- [server]]]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Interactive mode is entered when no arguments are given (the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  default name server will be used) or when the first argument
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  is a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  hyphen (`-') and the second argument is the host name or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Internet address
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  of a name server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Non-interactive mode is used when the name or Internet
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  address
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  of the host to be looked up is given as the first argument.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  optional second argument specifies the host name or address
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  of a name server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Due to its arcane user interface and frequently inconsistent
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Use <span><strong class="command">dig</strong></span> instead.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="sect3" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h4 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Administrative tools play an integral part in the management
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            of a server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="variablelist"><dl>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The <span><strong class="command">named-checkconf</strong></span> program
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  checks the syntax of a <code class="filename">named.conf</code> file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The <span><strong class="command">named-checkzone</strong></span> program
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  checks a master file for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  syntax and consistency.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>]  <em class="replaceable"><code>zone</code></em>  [<em class="replaceable"><code>filename</code></em>]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt>
7208386cd37a2092c70eddf80cf29519b16c4c80Mark Andrews<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span>
7208386cd37a2092c70eddf80cf29519b16c4c80Mark Andrews</dt>
7208386cd37a2092c70eddf80cf29519b16c4c80Mark Andrews<dd><p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  Similar to <span><strong class="command">named-checkzone,</strong></span> but
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  it always dumps the zone content to a specified file
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  (typically in a different format).
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p></dd>
7208386cd37a2092c70eddf80cf29519b16c4c80Mark Andrews<dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The remote name daemon control
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  (<span><strong class="command">rndc</strong></span>) program allows the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  system
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  administrator to control the operation of a name server.
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews                  Since <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span>
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews                  supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span>
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews                  utility except <span><strong class="command">ndc start</strong></span> and
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews                  <span><strong class="command">ndc restart</strong></span>, which were also
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews                  not supported in <span><strong class="command">ndc</strong></span>'s
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews                  channel mode.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  If you run <span><strong class="command">rndc</strong></span> without any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  options
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  it will display a usage message as follows:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">rndc</code>  [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>]  <em class="replaceable"><code>command</code></em>  [<em class="replaceable"><code>command</code></em>...]</p></div>
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews<p>The <span><strong class="command">command</strong></span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  is one of the following:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="variablelist"><dl>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Reload configuration file and zones.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        [<span class="optional"><em class="replaceable"><code>class</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Reload the given zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        [<span class="optional"><em class="replaceable"><code>class</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Schedule zone maintenance for the given zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        [<span class="optional"><em class="replaceable"><code>class</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Retransfer the given zone from the master.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater<dt><span class="term"><strong class="userinput"><code>sign <em class="replaceable"><code>zone</code></em>
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater                        [<span class="optional"><em class="replaceable"><code>class</code></em>
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater<dd>
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater<p>
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater                        Fetch all DNSSEC keys for the given zone
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater                        from the key directory (see
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater                        <span><strong class="command">key-directory</strong></span> in
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater                        <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater          Usage">the section called &#8220;<span><strong class="command">options</strong></span> Statement Definition and
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater          Usage&#8221;</a>).  If they are within
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        their publication period, merge them into the
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        zone's DNSKEY RRset.  If the DNSKEY RRset
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        is changed, then the zone is automatically
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        re-signed with the new key set.
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater                      </p>
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater<p>
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater                        This command requires that the
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater                        <span><strong class="command">auto-dnssec</strong></span> zone option be set
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater                        to <code class="literal">allow</code> or
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater                        <code class="literal">maintain</code>,
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater                        and also requires the zone to be configured to
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater                        allow dynamic DNS.
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater                        See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater                        more details.
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater                      </p>
3b2c6af63e0367c6eabe0a21ca23841ca87cd22fAutomatic Updater</dd>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        [<span class="optional"><em class="replaceable"><code>class</code></em>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater<dd>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater<p>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        Fetch all DNSSEC keys for the given zone
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        from the key directory (see
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        <span><strong class="command">key-directory</strong></span> in
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater          Usage">the section called &#8220;<span><strong class="command">options</strong></span> Statement Definition and
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater          Usage&#8221;</a>).  If they are within
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        their publication period, merge them into the
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        zone's DNSKEY RRset.  Unlike <span><strong class="command">rndc
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        sign</strong></span>, however, the zone is not
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        immediately re-signed by the new keys, but is
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        allowed to incrementally re-sign over time.
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                      </p>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater<p>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        This command requires that the
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater                        <span><strong class="command">auto-dnssec</strong></span> zone option
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater                        be set to <code class="literal">maintain</code>,
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater                        and also requires the zone to be configured to
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater                        allow dynamic DNS.
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                        more details.
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater                      </p>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater</dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>freeze
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        [<span class="optional"><em class="replaceable"><code>zone</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein       [<span class="optional"><em class="replaceable"><code>class</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Suspend updates to a dynamic zone.  If no zone is
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        specified, then all zones are suspended.  This allows
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        manual edits to be made to a zone normally updated by
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        dynamic update.  It also causes changes in the
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        journal file to be synced into the master file.
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        All dynamic update attempts will be refused while
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        the zone is frozen.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>thaw
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        [<span class="optional"><em class="replaceable"><code>zone</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein       [<span class="optional"><em class="replaceable"><code>class</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        Enable updates to a frozen dynamic zone.  If no
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        zone is specified, then all frozen zones are
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        enabled.  This causes the server to reload the zone
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        from disk, and re-enables dynamic updates after the
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        load has completed.  After a zone is thawed,
aa801d4cc3174fc04ddefb47d5a70f3b350921eaAutomatic Updater                        dynamic updates will no longer be refused.  If
aa801d4cc3174fc04ddefb47d5a70f3b350921eaAutomatic Updater                        the zone has changed and the
aa801d4cc3174fc04ddefb47d5a70f3b350921eaAutomatic Updater                        <span><strong class="command">ixfr-from-differences</strong></span> option is
aa801d4cc3174fc04ddefb47d5a70f3b350921eaAutomatic Updater                        in use, then the journal file will be updated to
aa801d4cc3174fc04ddefb47d5a70f3b350921eaAutomatic Updater                        reflect changes in the zone.  Otherwise, if the
aa801d4cc3174fc04ddefb47d5a70f3b350921eaAutomatic Updater                        zone has changed, any existing journal file will be
aa801d4cc3174fc04ddefb47d5a70f3b350921eaAutomatic Updater                        removed.
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                      </p></dd>
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater<dt><span class="term"><strong class="userinput"><code>sync
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        [<span class="optional">-clean</span>]
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        [<span class="optional"><em class="replaceable"><code>zone</code></em>
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater       [<span class="optional"><em class="replaceable"><code>class</code></em>
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater<dd><p>
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        Sync changes in the journal file for a dynamic zone
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        to the master file.  If the "-clean" option is
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        specified, the journal file is also removed.  If
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater                        no zone is specified, then all zones are synced.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        [<span class="optional"><em class="replaceable"><code>class</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                        Resend NOTIFY messages for the zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Reload the configuration file and load new zones,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        but do not reload existing zone files even if they
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        have changed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        This is faster than a full <span><strong class="command">reload</strong></span> when there
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        is a large number of zones because it avoids the need
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        to examine the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        modification times of the zones files.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater<dt><span class="term"><strong class="userinput"><code>zonestatus
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater                        [<span class="optional"><em class="replaceable"><code>zone</code></em>
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater       [<span class="optional"><em class="replaceable"><code>class</code></em>
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater<dd><p>
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater                        Displays the current status of the given zone,
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater                        including the master file name and any include
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater                        files from which it was loaded, when it was most
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater                        recently loaded, the current serial number, the
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater                        number of nodes, whether the zone supports
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater                        dynamic updates, whether the zone is DNSSEC
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater                        signed, whether it uses automatic DNSSEC key
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater                        management or inline signing, and the scheduled
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater                        refresh or expiry times for the zone.
150d28abc8fc6f8a3df17650c61ce1635aeb192cAutomatic Updater                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Write server statistics to the statistics file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater<dt><span class="term"><strong class="userinput"><code>querylog</code></strong>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                          [<span class="optional">on|off</span>]
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                    </span></dt>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater<dd>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater<p>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                        Enable or disable query logging.  (For backward
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                        compatibility, this command can also be used without
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                        an argument to toggle query logging on and off.)
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                      </p>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater<p>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                        Query logging can also be enabled
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        by explicitly directing the <span><strong class="command">queries</strong></span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                        <span><strong class="command">category</strong></span> to a
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                        <span><strong class="command">channel</strong></span> in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        <span><strong class="command">logging</strong></span> section of
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                        <code class="filename">named.conf</code> or by specifying
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                        <span><strong class="command">querylog yes;</strong></span> in the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                        <span><strong class="command">options</strong></span> section of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        <code class="filename">named.conf</code>.
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                      </p>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater</dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>dumpdb
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        [<span class="optional">-all|-cache|-zone</span>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews                        Dump the server's caches (default) and/or zones to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        dump file for the specified views.  If no view is
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews                        specified, all
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        views are dumped.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
1238b38c9f0ab563b762dc0fd00ac6c34c2b7295Automatic Updater<dt><span class="term"><strong class="userinput"><code>secroots
1238b38c9f0ab563b762dc0fd00ac6c34c2b7295Automatic Updater                        [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
1238b38c9f0ab563b762dc0fd00ac6c34c2b7295Automatic Updater<dd><p>
1238b38c9f0ab563b762dc0fd00ac6c34c2b7295Automatic Updater                        Dump the server's security roots to the secroots
1238b38c9f0ab563b762dc0fd00ac6c34c2b7295Automatic Updater                        file for the specified views.  If no view is
1238b38c9f0ab563b762dc0fd00ac6c34c2b7295Automatic Updater                        specified, security roots for all
1238b38c9f0ab563b762dc0fd00ac6c34c2b7295Automatic Updater                        views are dumped.
1238b38c9f0ab563b762dc0fd00ac6c34c2b7295Automatic Updater                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Stop the server, making sure any recent changes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        made through dynamic update or IXFR are first saved to
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                        the master files of the updated zones.
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic Updater                        If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic Updater                        This allows an external process to determine when <span><strong class="command">named</strong></span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                        had completed stopping.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Stop the server immediately.  Recent changes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        made through dynamic update or IXFR are not saved to
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                        the master files, but will be rolled forward from the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                        journal files when the server is restarted.
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic Updater                        If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic Updater                        This allows an external process to determine when <span><strong class="command">named</strong></span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                        had completed halting.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Increment the servers debugging level by one.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Sets the server's debugging level to an explicit
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        value.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Sets the server's debugging level to 0.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Flushes the server's cache.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater<dt><span class="term"><strong class="userinput"><code>flushname</code></strong>
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater                       <em class="replaceable"><code>name</code></em>
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater                       [<span class="optional"><em class="replaceable"><code>view</code></em></span>]
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater                       </span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater                        Flushes the given name from the server's DNS cache,
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater                        and from the server's nameserver address database
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater                        if applicable.
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater                      </p></dd>
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater<dt><span class="term"><strong class="userinput"><code>flushtree</code></strong>
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater                       <em class="replaceable"><code>name</code></em>
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater                       [<span class="optional"><em class="replaceable"><code>view</code></em></span>]
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater                       </span></dt>
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater<dd><p>
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater                        Flushes the given name, and all of its subdomains,
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater                        from the server's DNS cache.  (The server's
f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8Automatic Updater                        nameserver address database is not affected.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        Display status of the server.
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews                        Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        and the default <span><strong class="command">/IN</strong></span>
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews                        hint zone if there is not an
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        explicit root zone configured.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic Updater                        Dump the list of queries <span><strong class="command">named</strong></span> is currently recursing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                        on.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                      </p></dd>
f8c849e22415de8f739c17552b0f0ee9a6c7c9fcAutomatic Updater<dt><span class="term"><strong class="userinput"><code>validation
f8c849e22415de8f739c17552b0f0ee9a6c7c9fcAutomatic Updater                        [<span class="optional">on|off</span>]
f8c849e22415de8f739c17552b0f0ee9a6c7c9fcAutomatic Updater                        [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]
f8c849e22415de8f739c17552b0f0ee9a6c7c9fcAutomatic Updater                    </code></strong></span></dt>
f8c849e22415de8f739c17552b0f0ee9a6c7c9fcAutomatic Updater<dd><p>
f8c849e22415de8f739c17552b0f0ee9a6c7c9fcAutomatic Updater                        Enable or disable DNSSEC validation.
f8c849e22415de8f739c17552b0f0ee9a6c7c9fcAutomatic Updater                        Note <span><strong class="command">dnssec-enable</strong></span> also needs to be
f8c849e22415de8f739c17552b0f0ee9a6c7c9fcAutomatic Updater                        set to <strong class="userinput"><code>yes</code></strong> to be effective.
f8c849e22415de8f739c17552b0f0ee9a6c7c9fcAutomatic Updater                        It defaults to enabled.
f8c849e22415de8f739c17552b0f0ee9a6c7c9fcAutomatic Updater                      </p></dd>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater<dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater<dd><p>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                        List the names of all TSIG keys currently configured
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                        for use by <span><strong class="command">named</strong></span> in each view.  The
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                        list both statically configured keys and dynamic
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                        TKEY-negotiated keys.
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                      </p></dd>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater<dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                     <em class="replaceable"><code>keyname</code></em>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                     [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater<dd><p>
2cc7515f8a0c2f5f86ec85a853c7cb855b3d9536Tinderbox User                        Delete a given TKEY-negotiated key from the server.
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                        (This does not apply to statically configured TSIG
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                        keys.)
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater                      </p></dd>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater<dt><span class="term"><strong class="userinput"><code>addzone
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        <em class="replaceable"><code>zone</code></em>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        [<span class="optional"><em class="replaceable"><code>class</code></em>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        <em class="replaceable"><code>configuration</code></em>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                    </code></strong></span></dt>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater<dd>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater<p>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        Add a zone while the server is running.  This
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        command requires the
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        <span><strong class="command">allow-new-zones</strong></span> option to be set
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        to <strong class="userinput"><code>yes</code></strong>.  The
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        <em class="replaceable"><code>configuration</code></em> string
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        specified on the command line is the zone
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        configuration text that would ordinarily be
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        placed in <code class="filename">named.conf</code>.
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                      </p>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater<p>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        The configuration is saved in a file called
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                       <code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>,
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        where <em class="replaceable"><code>hash</code></em> is a
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        cryptographic hash generated from the name of
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        the view.  When <span><strong class="command">named</strong></span> is
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        restarted, the file will be loaded into the view
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        configuration, so that zones that were added
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        can persist after a restart.
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                      </p>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater<p>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        This sample <span><strong class="command">addzone</strong></span> command
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        would add the zone <code class="literal">example.com</code>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        to the default view:
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                      </p>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater<p>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater<code class="prompt">$ </code><strong class="userinput"><code>rndc addzone example.com '{ type master; file "example.com.db"; };'</code></strong>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                      </p>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater<p>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        (Note the brackets and semi-colon around the zone
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        configuration text.)
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                      </p>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater</dd>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater<dt><span class="term"><strong class="userinput"><code>delzone
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        <em class="replaceable"><code>zone</code></em>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        [<span class="optional"><em class="replaceable"><code>class</code></em>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                    </code></strong></span></dt>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater<dd><p>
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        Delete a zone while the server is running.
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        Only zones that were originally added via
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        <span><strong class="command">rndc addzone</strong></span> can be deleted
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                        in this matter.
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updater                      </p></dd>
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater<dt><span class="term"><strong class="userinput"><code>signing
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        [<span class="optional">( -list | -clear <em class="replaceable"><code>keyid/algorithm</code></em> | -clear <code class="literal">all</code> | -nsec3param ( <em class="replaceable"><code>parameters</code></em> | <code class="literal">none</code> ) ) </span>]
e839bf134fb138920d4833cf05cb8b8906787a8dAutomatic Updater                        <em class="replaceable"><code>zone</code></em>
e839bf134fb138920d4833cf05cb8b8906787a8dAutomatic Updater                        [<span class="optional"><em class="replaceable"><code>class</code></em>
e839bf134fb138920d4833cf05cb8b8906787a8dAutomatic Updater                        [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]
e839bf134fb138920d4833cf05cb8b8906787a8dAutomatic Updater                    </code></strong></span></dt>
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater<dd>
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater<p>
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        List, edit, or remove the DNSSEC signing state for
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        the specified zone.  The status of ongoing DNSSEC
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        operations (such as signing or generating
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        NSEC3 chains) is stored in the zone in the form
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        of DNS resource records of type
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        <span><strong class="command">sig-signing-type</strong></span>.
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        <span><strong class="command">rndc signing -list</strong></span> converts
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        these records into a human-readable form,
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        indicating which keys are currently signing
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        or have finished signing the zone, and which NSEC3
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        NSEC3 chains are being created or removed.
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                      </p>
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater<p>
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        <span><strong class="command">rndc signing -clear</strong></span> can remove
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        a single key (specified in the same format that
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        <span><strong class="command">rndc signing -list</strong></span> uses to
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        display it), or all keys.  In either case, only
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        completed keys are removed; any record indicating
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        that a key has not yet finished signing the zone
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        will be retained.
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                      </p>
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater<p>
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        <span><strong class="command">rndc signing -nsec3param</strong></span> sets
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        the NSEC3 parameters for a zone.  This is the
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        only supported mechanism for using NSEC3 with
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        <span><strong class="command">inline-signing</strong></span> zones.
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        Parameters are specified in the same format as
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        an NSEC3PARAM resource record: hash algorithm,
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        flags, iterations, and salt, in that order.
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                      </p>
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User<p>
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        Currently, the only defined value for hash algorithm
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        is <code class="literal">1</code>, representing SHA-1.
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        The <code class="option">flags</code> may be set to
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        <code class="literal">0</code> or <code class="literal">1</code>,
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        depending on whether you wish to set the opt-out
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        bit in the NSEC3 chain.  <code class="option">iterations</code>
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        defines the number of additional times to apply
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        the algorithm when generating an NSEC3 hash.  The
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        <code class="option">salt</code> is a string of data expressed
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        in hexidecimal, or a hyphen (`-') if no salt is
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        to be used.
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                      </p>
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User<p>
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        So, for example, to create an NSEC3 chain using
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        the SHA-1 hash algorithm, no opt-out flag,
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        10 iterations, and a salt value of "FFFF", use:
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        <span><strong class="command">rndc signing -nsec3param 1 0 10 FFFF &lt;zone&gt;</strong></span>.
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        To set the opt-out flag, 15 iterations, and no
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        salt, use:
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                        <span><strong class="command">rndc signing -nsec3param 1 1 15 - &lt;zone&gt;</strong></span>.
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User                      </p>
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User<p>
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        <span><strong class="command">rndc signing -nsec3param none</strong></span>
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        removes an existing NSEC3 chain and replaces it
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                        with NSEC.
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater                      </p>
23967fcd6e214ac5194222a6b7f41fe869db4f9cAutomatic Updater</dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  A configuration file is required, since all
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  communication with the server is authenticated with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  digital signatures that rely on a shared secret, and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  there is no way to provide that secret other than with a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  configuration file.  The default location for the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">rndc</strong></span> configuration file is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="filename">/etc/rndc.conf</code>, but an
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  alternate
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  location can be specified with the <code class="option">-c</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  option.  If the configuration file is not found,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">rndc</strong></span> will also look in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="filename">/etc/rndc.key</code> (or whatever
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="varname">sysconfdir</code> was defined when
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews                  the <acronym class="acronym">BIND</acronym> build was
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  configured).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The <code class="filename">rndc.key</code> file is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  generated by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  running <span><strong class="command">rndc-confgen -a</strong></span> as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  described in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          Usage">the section called &#8220;<span><strong class="command">controls</strong></span> Statement Definition and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          Usage&#8221;</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The format of the configuration file is similar to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  that of <code class="filename">named.conf</code>, but
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  limited to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  only four statements, the <span><strong class="command">options</strong></span>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">include</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  statements.  These statements are what associate the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  secret keys to the servers with which they are meant to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  be shared.  The order of statements is not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  significant.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The <span><strong class="command">options</strong></span> statement has
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  three clauses:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  and <span><strong class="command">default-port</strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">default-server</strong></span> takes a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  host name or address argument  and represents the server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  that will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  be contacted if no <code class="option">-s</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  option is provided on the command line.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">default-key</strong></span> takes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">default-port</strong></span> specifies the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  port to which
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">rndc</strong></span> should connect if no
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  port is given on the command line or in a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">server</strong></span> statement.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews                  The <span><strong class="command">key</strong></span> statement defines a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  key to be used
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  by <span><strong class="command">rndc</strong></span> when authenticating
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">named</strong></span>.  Its syntax is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  identical to the
58d9e9169e7ab4355a0b0bfc13bc616bc5247dfeAutomatic Updater                  <span><strong class="command">key</strong></span> statement in <code class="filename">named.conf</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The keyword <strong class="userinput"><code>key</code></strong> is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  followed by a key name, which must be a valid
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  domain name, though it need not actually be hierarchical;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  thus,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  name.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The <span><strong class="command">key</strong></span> statement has two
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  clauses:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  While the configuration parser will accept any string as the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  argument
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  has any meaning.  The secret is a base-64 encoded string
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  as specified in RFC 3548.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The <span><strong class="command">server</strong></span> statement
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  associates a key
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  defined using the <span><strong class="command">key</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  statement with a server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The keyword <strong class="userinput"><code>server</code></strong> is followed by a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  host name or address.  The <span><strong class="command">server</strong></span> statement
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The <span><strong class="command">key</strong></span> clause specifies the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  name of the key
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  to be used when communicating with this server, and the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <span><strong class="command">port</strong></span> clause can be used to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  specify the port <span><strong class="command">rndc</strong></span> should
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  connect
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  to on the server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  A sample minimal configuration file is as follows:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<pre class="programlisting">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinkey rndc_key {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     algorithm "hmac-md5";
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     secret
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater       "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptions {
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson     default-server 127.0.0.1;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     default-key    rndc_key;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</pre>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  This file, if installed as <code class="filename">/etc/rndc.conf</code>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  would allow the command:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  to connect to 127.0.0.1 port 953 and cause the name server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  to reload, if a name server on the local machine were
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  running with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  following controls statements:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<pre class="programlisting">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincontrols {
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater        inet 127.0.0.1
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater            allow { localhost; } keys { rndc_key; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</pre>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  and it had an identical key statement for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">rndc_key</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Running the <span><strong class="command">rndc-confgen</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  program will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  conveniently create a <code class="filename">rndc.conf</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  file for you, and also display the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  corresponding <span><strong class="command">controls</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  statement that you need to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  add to <code class="filename">named.conf</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Alternatively,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  you can run <span><strong class="command">rndc-confgen -a</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  to set up
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  a <code class="filename">rndc.key</code> file and not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  modify
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="filename">named.conf</code> at all.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="sect2" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
9941177e7eb530451d5970959cc2828c53cb36c9Tinderbox User<a name="id2570692"></a>Signals</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          Certain UNIX signals cause the name server to take specific
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          actions, as described in the following table.  These signals can
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          be sent using the <span><strong class="command">kill</strong></span> command.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="informaltable"><table border="1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<colgroup>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<col>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<col>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</colgroup>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tbody>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <p><span><strong class="command">SIGHUP</strong></span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                    Causes the server to read <code class="filename">named.conf</code> and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                    reload the database.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <p><span><strong class="command">SIGTERM</strong></span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                    Causes the server to clean up and exit.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <p><span><strong class="command">SIGINT</strong></span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                    Causes the server to clean up and exit.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tbody>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="navfooter">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<hr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<table width="100%" summary="Navigation footer">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="left">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center">�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<td width="40%" align="left" valign="top">Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="right" valign="top">�Chapter�4.�Advanced DNS Features</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</body>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</html>