Bv9ARM.ch03.html revision 9ce6056d520aaf5241560fab6ab096c0d4e87b36
885f47576842cf3c569315b9a48bd9f0ca03f203Automatic Updater - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater - Copyright (C) 2000-2003 Internet Software Consortium.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
2bb3422dc683c013db7042f5736240de6b86f182Automatic Updater - purpose with or without fee is hereby granted, provided that the above
0bddff542cf2ae1b6595020f2f72ca482c6b438fAutomatic Updater - copyright notice and this permission notice appear in all copies.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
ea854b585041ad19f70f7af15e08144ef2c2bd1bMark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
78cb74fab4665da2e2641ba909c6f59f74cc4193Automatic Updater - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
c89d02f2fb4c06168236d600e86831cff324f763Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<!-- $Id: Bv9ARM.ch03.html,v 1.85 2011/05/24 01:14:43 tbox Exp $ -->
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<title>Chapter�3.�Name Server Configuration</title>
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
3cc98b8ecedcbc8465f1cf2740b966b315662430Automatic Updater<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater<link rel="next" href="Bv9ARM.ch04.html" title="Chapter�4.�Advanced DNS Features">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<table width="100%" summary="Navigation header">
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<tr><th colspan="3" align="center">Chapter�3.�Name Server Configuration</th></tr>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<div class="titlepage"><div><div><h2 class="title">
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<a name="Bv9ARM.ch03"></a>Chapter�3.�Name Server Configuration</h2></div></div></div>
2d2dc37599979c83495510f8af8d1756753aa2c5Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567767">A Caching-only Name Server</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567988">An Authoritative-only Name Server</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568010">Load Balancing</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568364">Name Server Operations</a></span></dt>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568370">Tools for Use With the Name Server Daemon</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570339">Signals</a></span></dt>
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews In this chapter we provide some suggested configurations along
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews with guidelines for their use. We suggest reasonable values for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington certain option settings.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater<div class="titlepage"><div><div><h3 class="title">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<a name="id2567767"></a>A Caching-only Name Server</h3></div></div></div>
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater The following sample configuration is appropriate for a caching-only
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews name server for use by clients internal to a corporation. All
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews from outside clients are refused using the <span><strong class="command">allow-query</strong></span>
db5b7e2cdf150c46e8242d3e2e3ad3f5c7300258Automatic Updater option. Alternatively, the same effect could be achieved using
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews firewall rules.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater// Two corporate subnets we wish to allow queries from.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updateracl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater // Working directory
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater allow-query { corpnets; };
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater// Provide a reverse mapping for the loopback
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater// address 127.0.0.1
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<div class="titlepage"><div><div><h3 class="title">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<a name="id2567988"></a>An Authoritative-only Name Server</h3></div></div></div>
9174e44c14b1cb91a651fa1dc29470438c246ab9Automatic Updater This sample configuration is for an authoritative-only server
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews that is the master server for "<code class="filename">example.com</code>"
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater and a slave for the subdomain "<code class="filename">eng.example.com</code>".
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater // Working directory
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater // Do not allow access to cache
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater allow-query-cache { none; };
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews // This is the default
885f47576842cf3c569315b9a48bd9f0ca03f203Automatic Updater allow-query { any; };
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater // Do not provide recursive service
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews recursion no;
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater// Provide a reverse mapping for the loopback
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater// address 127.0.0.1
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater// We are the master server for example.com
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews // IP addresses of slave servers allowed to
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater allow-transfer {
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater// We are a slave server for eng.example.com
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater // IP address of eng.example.com master server
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater masters { 192.168.4.12; };
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater<a name="id2568010"></a>Load Balancing</h2></div></div></div>
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater A primitive form of load balancing can be achieved in
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater the <acronym class="acronym">DNS</acronym> by using multiple records
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (such as multiple A records) for one name.
c243d779731a410f8dc2d2feeed20c15f299b6e3Automatic Updater For example, if you have three WWW servers with network addresses
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater following means that clients will connect to each machine one third
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="informaltable"><table border="1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Resource Record (RR) Data
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews them and respond to the query with the records in a different
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater order. In the example above, clients will randomly receive
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews will use the first record returned and discard the rest.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews For more detail on ordering responses, check the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span><strong class="command">rrset-order</strong></span> sub-statement in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">options</strong></span> statement, see
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>.
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<a name="id2568364"></a>Name Server Operations</h2></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2568370"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater This section describes several indispensable diagnostic,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater administrative and monitoring tools available to the system
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater administrator for controlling and debugging the name server
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater<div class="titlepage"><div><div><h4 class="title">
bc0a4c01beede169df81a3ee5b614ed9e82339dbAutomatic Updater<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">nslookup</strong></span> programs are all command
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for manually querying name servers. They differ in style and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington output format.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The domain information groper (<span><strong class="command">dig</strong></span>)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington is the most versatile and complete of these lookup tools.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington It has two modes: simple interactive
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mode for a single query, and batch mode which executes a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington each in a list of several query lines. All query options are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington from the command line.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="cmdsynopsis"><p><code class="command">dig</code> [@<em class="replaceable"><code>server</code></em>] <em class="replaceable"><code>domain</code></em> [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The usual simple use of <span><strong class="command">dig</strong></span> will take the form
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">dig @server domain query-type query-class</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington For more information and a list of available commands and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington options, see the <span><strong class="command">dig</strong></span> man
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><span><strong class="command">host</strong></span></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The <span><strong class="command">host</strong></span> utility emphasizes
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and ease of use. By default, it converts
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington between host names and Internet addresses, but its
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington functionality
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington can be extended with the use of options.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlnrsTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] [-m <em class="replaceable"><code>flag</code></em>] [-4] [-6] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington For more information and a list of available commands and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington options, see the <span><strong class="command">host</strong></span> man
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt>
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater<p><span><strong class="command">nslookup</strong></span>
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater has two modes: interactive and
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater non-interactive. Interactive mode allows the user to
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater query name servers for information about various
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater hosts and domains or to print a list of hosts in a
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater domain. Non-interactive mode is used to print just
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater the name and requested information for a host or
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater<div class="cmdsynopsis"><p><code class="command">nslookup</code> [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] | [- [server]]]</p></div>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater Interactive mode is entered when no arguments are given (the
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater default name server will be used) or when the first argument
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater hyphen (`-') and the second argument is the host name or
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater Internet address
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater of a name server.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington Non-interactive mode is used when the name or Internet
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington of the host to be looked up is given as the first argument.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews optional second argument specifies the host name or address
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington of a name server.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Due to its arcane user interface and frequently inconsistent
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Use <span><strong class="command">dig</strong></span> instead.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h4 class="title">
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Administrative tools play an integral part in the management
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">named-checkconf</strong></span> program
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater checks the syntax of a <code class="filename">named.conf</code> file.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The <span><strong class="command">named-checkzone</strong></span> program
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington checks a master file for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington syntax and consistency.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Similar to <span><strong class="command">named-checkzone,</strong></span> but
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington it always dumps the zone content to a specified file
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (typically in a different format).
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews<a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span>
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater The remote name daemon control
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (<span><strong class="command">rndc</strong></span>) program allows the
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater administrator to control the operation of a name server.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Since <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span>
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater utility except <span><strong class="command">ndc start</strong></span> and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">ndc restart</strong></span>, which were also
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater not supported in <span><strong class="command">ndc</strong></span>'s
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington channel mode.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews If you run <span><strong class="command">rndc</strong></span> without any
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington it will display a usage message as follows:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<p>The <span><strong class="command">command</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington is one of the following:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Reload configuration file and zones.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em>
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Reload the given zone.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"><em class="replaceable"><code>class</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Schedule zone maintenance for the given zone.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"><em class="replaceable"><code>class</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Retransfer the given zone from the master.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>sign <em class="replaceable"><code>zone</code></em>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"><em class="replaceable"><code>class</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Fetch all DNSSEC keys for the given zone
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater from the key directory (see
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">key-directory</strong></span> in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Usage”</a>). If they are within
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater their publication period, merge them into the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone's DNSKEY RRset. If the DNSKEY RRset
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington is changed, then the zone is automatically
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater re-signed with the new key set.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington This command requires that the
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews <span><strong class="command">auto-dnssec</strong></span> zone option be set
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews and also requires the zone to be configured to
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews allow dynamic DNS.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a> for
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews more details.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"><em class="replaceable"><code>class</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Fetch all DNSSEC keys for the given zone
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington from the key directory (see
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">key-directory</strong></span> in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater Usage”</a>). If they are within
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater their publication period, merge them into the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington zone's DNSKEY RRset. Unlike <span><strong class="command">rndc
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater sign</strong></span>, however, the zone is not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater immediately re-signed by the new keys, but is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater allowed to incrementally re-sign over time.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This command requires that the
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater <span><strong class="command">auto-dnssec</strong></span> zone option
b0d566a2ce0f5a67f537ee7f8233f82f2584cc61Automatic Updater be set to <code class="literal">maintain</code>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and also requires the zone to be configured to
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater allow dynamic DNS.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a> for
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dt><span class="term"><strong class="userinput"><code>freeze
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater [<span class="optional"><em class="replaceable"><code>zone</code></em>
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater [<span class="optional"><em class="replaceable"><code>class</code></em>
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater Suspend updates to a dynamic zone. If no zone is
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater specified, then all zones are suspended. This allows
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater manual edits to be made to a zone normally updated by
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater dynamic update. It also causes changes in the
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington journal file to be synced into the master file.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington All dynamic update attempts will be refused while
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington the zone is frozen.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>thaw
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington [<span class="optional"><em class="replaceable"><code>zone</code></em>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"><em class="replaceable"><code>class</code></em>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Enable updates to a frozen dynamic zone. If no
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone is specified, then all frozen zones are
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater enabled. This causes the server to reload the zone
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater from disk, and re-enables dynamic updates after the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater load has completed. After a zone is thawed,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater dynamic updates will no longer be refused.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>sync
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"><em class="replaceable"><code>zone</code></em>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"><em class="replaceable"><code>class</code></em>
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater Sync changes in the journal file for a dynamic zone
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to the master file. If the "-clean" option is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specified, the journal file is also removed. If
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater no zone is specified, then all zones are synced.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"><em class="replaceable"><code>class</code></em>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Resend NOTIFY messages for the zone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Reload the configuration file and load new zones,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater but do not reload existing zone files even if they
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington This is faster than a full <span><strong class="command">reload</strong></span> when there
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is a large number of zones because it avoids the need
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to examine the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater modification times of the zones files.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Write server statistics to the statistics file.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>querylog</code></strong></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Toggle query logging. Query logging can also be enabled
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater by explicitly directing the <span><strong class="command">queries</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">category</strong></span> to a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">channel</strong></span> in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">logging</strong></span> section of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="filename">named.conf</code> or by specifying
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">querylog yes;</strong></span> in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">options</strong></span> section of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>dumpdb
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater [<span class="optional">-all|-cache|-zone</span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Dump the server's caches (default) and/or zones to
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater dump file for the specified views. If no view is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specified, all
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington views are dumped.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>secroots
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater Dump the server's security roots to the secroots
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater file for the specified views. If no view is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specified, security roots for all
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater views are dumped.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Stop the server, making sure any recent changes
2da2220fe7af2c45724b50b0187523b1fab0cf08Rob Austein made through dynamic update or IXFR are first saved to
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater the master files of the updated zones.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This allows an external process to determine when <span><strong class="command">named</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater had completed stopping.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Stop the server immediately. Recent changes
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater made through dynamic update or IXFR are not saved to
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater the master files, but will be rolled forward from the
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater journal files when the server is restarted.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater This allows an external process to determine when <span><strong class="command">named</strong></span>
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater had completed halting.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater Increment the servers debugging level by one.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater Sets the server's debugging level to an explicit
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Sets the server's debugging level to 0.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater Flushes the server's cache.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Flushes the given name from the server's cache.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Display status of the server.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and the default <span><strong class="command">/IN</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington hint zone if there is not an
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater explicit root zone configured.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Dump the list of queries <span><strong class="command">named</strong></span> is currently recursing
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>validation
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Enable or disable DNSSEC validation.
bbf7c3fd96ae5e02cb84743c581862e35327032aAutomatic Updater Note <span><strong class="command">dnssec-enable</strong></span> also needs to be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater set to <strong class="userinput"><code>yes</code></strong> to be effective.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater It defaults to enabled.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><strong class="userinput"><code>addzone
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <em class="replaceable"><code>zone</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"><em class="replaceable"><code>class</code></em>
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]
6d3ca68adcd2e825d7de011d78f14002c8b7e55eAutomatic Updater <em class="replaceable"><code>configuration</code></em>
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington Add a zone while the server is running. This
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater command requires the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-new-zones</strong></span> option to be set
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to <strong class="userinput"><code>yes</code></strong>. The
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <em class="replaceable"><code>configuration</code></em> string
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington specified on the command line is the zone
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington configuration text that would ordinarily be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington placed in <code class="filename">named.conf</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The configuration is saved in a file called
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater where <em class="replaceable"><code>hash</code></em> is a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater cryptographic hash generated from the name of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the view. When <span><strong class="command">named</strong></span> is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington restarted, the file will be loaded into the view
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater configuration, so that zones that were added
f65d2e1c04c806a185bf9f3120e80692f5ccd5e6Automatic Updater can persist after a restart.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This sample <span><strong class="command">addzone</strong></span> command
bbb069be941f649228760edcc241122933c066d2Automatic Updater would add the zone <code class="literal">example.com</code>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to the default view:
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater<code class="prompt">$ </code><strong class="userinput"><code>rndc addzone example.com '{ type master; file "example.com.db"; };'</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (Note the brackets and semi-colon around the zone
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater configuration text.)
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater<dt><span class="term"><strong class="userinput"><code>delzone
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson <em class="replaceable"><code>zone</code></em>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"><em class="replaceable"><code>class</code></em>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Delete a zone while the server is running.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Only zones that were originally added via
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">rndc addzone</strong></span> can be deleted
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in this matter.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A configuration file is required, since all
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater communication with the server is authenticated with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater digital signatures that rely on a shared secret, and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater there is no way to provide that secret other than with a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configuration file. The default location for the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">rndc</strong></span> configuration file is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="filename">/etc/rndc.conf</code>, but an
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater location can be specified with the <code class="option">-c</code>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington option. If the configuration file is not found,
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater <span><strong class="command">rndc</strong></span> will also look in
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater <code class="filename">/etc/rndc.key</code> (or whatever
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater <code class="varname">sysconfdir</code> was defined when
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater the <acronym class="acronym">BIND</acronym> build was
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The <code class="filename">rndc.key</code> file is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater running <span><strong class="command">rndc-confgen -a</strong></span> as
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
47ce374fcf4bac7a56bb69f5dae1d30be5b4376dAutomatic Updater Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater Usage”</a>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The format of the configuration file is similar to
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater that of <code class="filename">named.conf</code>, but
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington only four statements, the <span><strong class="command">options</strong></span>,
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater <span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and
47ce374fcf4bac7a56bb69f5dae1d30be5b4376dAutomatic Updater <span><strong class="command">include</strong></span>
47ce374fcf4bac7a56bb69f5dae1d30be5b4376dAutomatic Updater statements. These statements are what associate the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater secret keys to the servers with which they are meant to
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews be shared. The order of statements is not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">options</strong></span> statement has
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington three clauses:
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater <span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>,
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater and <span><strong class="command">default-port</strong></span>.
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater <span><strong class="command">default-server</strong></span> takes a
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater host name or address argument and represents the server
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington be contacted if no <code class="option">-s</code>
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater option is provided on the command line.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">default-key</strong></span> takes
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">default-port</strong></span> specifies the
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington <span><strong class="command">rndc</strong></span> should connect if no
6de27e27ad6056d7c049feb912df5a6b9a56d1b8Automatic Updater port is given on the command line or in a
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington <span><strong class="command">server</strong></span> statement.
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington The <span><strong class="command">key</strong></span> statement defines a
6de27e27ad6056d7c049feb912df5a6b9a56d1b8Automatic Updater key to be used
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater by <span><strong class="command">rndc</strong></span> when authenticating
6de27e27ad6056d7c049feb912df5a6b9a56d1b8Automatic Updater <span><strong class="command">named</strong></span>. Its syntax is
af3e516f771c8ba376a8cd954a7233badfce8cdcAutomatic Updater identical to the
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <span><strong class="command">key</strong></span> statement in <code class="filename">named.conf</code>.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews The keyword <strong class="userinput"><code>key</code></strong> is
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews followed by a key name, which must be a valid
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews domain name, though it need not actually be hierarchical;
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews The <span><strong class="command">key</strong></span> statement has two
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews While the configuration parser will accept any string as the
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>"
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews has any meaning. The secret is a base-64 encoded string
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews as specified in RFC 3548.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews The <span><strong class="command">server</strong></span> statement
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews associates a key
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews defined using the <span><strong class="command">key</strong></span>
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews statement with a server.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews The keyword <strong class="userinput"><code>server</code></strong> is followed by a
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews host name or address. The <span><strong class="command">server</strong></span> statement
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews The <span><strong class="command">key</strong></span> clause specifies the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater name of the key
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to be used when communicating with this server, and the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">port</strong></span> clause can be used to
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater specify the port <span><strong class="command">rndc</strong></span> should
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to on the server.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A sample minimal configuration file is as follows:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater algorithm "hmac-md5";
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater default-server 127.0.0.1;
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews default-key rndc_key;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington This file, if installed as <code class="filename">/etc/rndc.conf</code>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater would allow the command:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to connect to 127.0.0.1 port 953 and cause the name server
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to reload, if a name server on the local machine were
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater following controls statements:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater inet 127.0.0.1
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater allow { localhost; } keys { rndc_key; };
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and it had an identical key statement for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Running the <span><strong class="command">rndc-confgen</strong></span>
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater conveniently create a <code class="filename">rndc.conf</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file for you, and also display the
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater corresponding <span><strong class="command">controls</strong></span>
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater statement that you need to
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington add to <code class="filename">named.conf</code>.
bbf7c3fd96ae5e02cb84743c581862e35327032aAutomatic Updater Alternatively,
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater you can run <span><strong class="command">rndc-confgen -a</strong></span>
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater a <code class="filename">rndc.key</code> file and not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="filename">named.conf</code> at all.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2570339"></a>Signals</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Certain UNIX signals cause the name server to take specific
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater actions, as described in the following table. These signals can
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater be sent using the <span><strong class="command">kill</strong></span> command.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="informaltable"><table border="1">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">SIGHUP</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Causes the server to read <code class="filename">named.conf</code> and
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater reload the database.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">SIGTERM</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Causes the server to clean up and exit.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">SIGINT</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Causes the server to clean up and exit.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<table width="100%" summary="Navigation footer">
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<td width="40%" align="left" valign="top">Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements�</td>
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<td width="40%" align="right" valign="top">�Chapter�4.�Advanced DNS Features</td>