Bv9ARM.ch03.html revision bea931e17b7567f09107f93ab7e25c7f00abeb9c
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann - Copyright (C) 2000-2003 Internet Software Consortium.
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann - Permission to use, copy, modify, and distribute this software for any
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann - purpose with or without fee is hereby granted, provided that the above
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann - copyright notice and this permission notice appear in all copies.
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann - PERFORMANCE OF THIS SOFTWARE.
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<!-- $Id: Bv9ARM.ch03.html,v 1.62 2007/05/08 02:30:41 marka Exp $ -->
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<title>Chapter�3.�Name Server Configuration</title>
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<link rel="next" href="Bv9ARM.ch04.html" title="Chapter�4.�Advanced DNS Features">
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<table width="100%" summary="Navigation header">
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<tr><th colspan="3" align="center">Chapter�3.�Name Server Configuration</th></tr>
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<div class="titlepage"><div><div><h2 class="title">
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<a name="Bv9ARM.ch03"></a>Chapter�3.�Name Server Configuration</h2></div></div></div>
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568003">A Caching-only Name Server</a></span></dt>
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568019">An Authoritative-only Name Server</a></span></dt>
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568041">Load Balancing</a></span></dt>
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568465">Name Server Operations</a></span></dt>
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568470">Tools for Use With the Name Server Daemon</a></span></dt>
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570104">Signals</a></span></dt>
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann In this section we provide some suggested configurations along
c9912c5eafa03fdf53e569eaf2e89d7e0932975bDavid Herrmann with guidelines for their use. We suggest reasonable values for
ec5249a27adb1ffbcd41f2c771e19c3353819456Daniel Mack certain option settings.
e1439a1472c5f691733b8ef10e702beac2496a63David Herrmann<div class="titlepage"><div><div><h2 class="title" style="clear: both">
e1439a1472c5f691733b8ef10e702beac2496a63David Herrmann<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
e1439a1472c5f691733b8ef10e702beac2496a63David Herrmann<div class="titlepage"><div><div><h3 class="title">
e1439a1472c5f691733b8ef10e702beac2496a63David Herrmann<a name="id2568003"></a>A Caching-only Name Server</h3></div></div></div>
ec5249a27adb1ffbcd41f2c771e19c3353819456Daniel Mack The following sample configuration is appropriate for a caching-only
ec5249a27adb1ffbcd41f2c771e19c3353819456Daniel Mack name server for use by clients internal to a corporation. All
e1439a1472c5f691733b8ef10e702beac2496a63David Herrmann from outside clients are refused using the <span><strong class="command">allow-query</strong></span>
e1439a1472c5f691733b8ef10e702beac2496a63David Herrmann option. Alternatively, the same effect could be achieved using
e1439a1472c5f691733b8ef10e702beac2496a63David Herrmann firewall rules.
e1439a1472c5f691733b8ef10e702beac2496a63David Herrmann// Two corporate subnets we wish to allow queries from.
e1439a1472c5f691733b8ef10e702beac2496a63David Herrmannacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
e1439a1472c5f691733b8ef10e702beac2496a63David Herrmann directory "/etc/namedb"; // Working directory
e1439a1472c5f691733b8ef10e702beac2496a63David Herrmann allow-query { corpnets; };
ec5249a27adb1ffbcd41f2c771e19c3353819456Daniel Mack// Provide a reverse mapping for the loopback address 127.0.0.1
10fa421cd2abdc2ae1a07f7c13bfaa4ee6d6de4fDavid Herrmann<div class="titlepage"><div><div><h3 class="title">
11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann<a name="id2568019"></a>An Authoritative-only Name Server</h3></div></div></div>
11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann This sample configuration is for an authoritative-only server
11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann that is the master server for "<code class="filename">example.com</code>"
11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann and a slave for the subdomain "<code class="filename">eng.example.com</code>".
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann directory "/etc/namedb"; // Working directory
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann allow-query-cache { none; }; // Do not allow access to cache
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann allow-query { any; }; // This is the default
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann recursion no; // Do not provide recursive service
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann// Provide a reverse mapping for the loopback address 127.0.0.1
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack// We are the master server for example.com
37d54b938faeefd0a5a74f9197a33d78bbb8d6bfDaniel Mack type master;
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack // IP addresses of slave servers allowed to transfer example.com
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack allow-transfer {
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack 192.168.4.14;
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack 192.168.5.53;
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack// We are a slave server for eng.example.com
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack // IP address of eng.example.com master server
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack masters { 192.168.4.12; };
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack<div class="titlepage"><div><div><h2 class="title" style="clear: both">
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack<a name="id2568041"></a>Load Balancing</h2></div></div></div>
f5f113f66692abaf72e83698cb7b4f3690b90cf8David Herrmann A primitive form of load balancing can be achieved in
f5f113f66692abaf72e83698cb7b4f3690b90cf8David Herrmann the <acronym class="acronym">DNS</acronym> by using multiple A records for
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann For example, if you have three WWW servers with network addresses
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann following means that clients will connect to each machine one third
5541c88977e63215e74b7517fb33cb27e5a04f17David Herrmann Resource Record (RR) Data
0aee49d5fba2b2ec94e5c069d937004858a04b4fThomas Hindoe Paaboel Andersen <code class="literal">A</code>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering them and respond to the query with the records in a different
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering order. In the example above, clients will randomly receive
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering will use the first record returned and discard the rest.
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering For more detail on ordering responses, check the
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <span><strong class="command">rrset-order</strong></span> substatement in the
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <span><strong class="command">options</strong></span> statement, see
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>.
b912e251812bb65bed1d545d9748f5b0918f1559Lennart Poettering<div class="titlepage"><div><div><h2 class="title" style="clear: both">
b912e251812bb65bed1d545d9748f5b0918f1559Lennart Poettering<a name="id2568465"></a>Name Server Operations</h2></div></div></div>
b912e251812bb65bed1d545d9748f5b0918f1559Lennart Poettering<div class="titlepage"><div><div><h3 class="title">
0f0467e63b0e0688ae9edb1512c1a2637d62ddb4Martin Pitt<a name="id2568470"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering This section describes several indispensable diagnostic,
f7a73a2558bceffd983eb7642680e718cd981122David Herrmann administrative and monitoring tools available to the system
f7a73a2558bceffd983eb7642680e718cd981122David Herrmann administrator for controlling and debugging the name server
f7a73a2558bceffd983eb7642680e718cd981122David Herrmann<div class="titlepage"><div><div><h4 class="title">
f7a73a2558bceffd983eb7642680e718cd981122David Herrmann<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
f7a73a2558bceffd983eb7642680e718cd981122David Herrmann The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <span><strong class="command">nslookup</strong></span> programs are all command
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering for manually querying name servers. They differ in style and
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering output format.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt>
29d1fcb4a3c921a3d4490353474e9775f7b13b0eZbigniew Jędrzejewski-Szmek The domain information groper (<span><strong class="command">dig</strong></span>)
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering is the most versatile and complete of these lookup tools.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering It has two modes: simple interactive
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering mode for a single query, and batch mode which executes a
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering each in a list of several query lines. All query options are
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering from the command line.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<div class="cmdsynopsis"><p><code class="command">dig</code> [@<em class="replaceable"><code>server</code></em>] <em class="replaceable"><code>domain</code></em> [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering The usual simple use of dig will take the form
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <span><strong class="command">dig @server domain query-type query-class</strong></span>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering For more information and a list of available commands and
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering options, see the <span><strong class="command">dig</strong></span> man
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<dt><span class="term"><span><strong class="command">host</strong></span></span></dt>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering The <span><strong class="command">host</strong></span> utility emphasizes
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering and ease of use. By default, it converts
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering between host names and Internet addresses, but its
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering can be extended with the use of options.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlrTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering For more information and a list of available commands and
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering options, see the <span><strong class="command">host</strong></span> man
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<p><span><strong class="command">nslookup</strong></span>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering has two modes: interactive and
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering non-interactive. Interactive mode allows the user to
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering query name servers for information about various
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering hosts and domains or to print a list of hosts in a
1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering domain. Non-interactive mode is used to print just
1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering the name and requested information for a host or
1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering<div class="cmdsynopsis"><p><code class="command">nslookup</code> [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] | [- [server]]]</p></div>
1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering Interactive mode is entered when no arguments are given (the
1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering default name server will be used) or when the first argument
1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering hyphen (`-') and the second argument is the host name or
1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering Internet address
1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering of a name server.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Non-interactive mode is used when the name or Internet
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering of the host to be looked up is given as the first argument.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering optional second argument specifies the host name or address
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering of a name server.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Due to its arcane user interface and frequently inconsistent
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Use <span><strong class="command">dig</strong></span> instead.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<div class="titlepage"><div><div><h4 class="title">
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Administrative tools play an integral part in the management
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering The <span><strong class="command">named-checkconf</strong></span> program
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering checks the syntax of a <code class="filename">named.conf</code> file.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering The <span><strong class="command">named-checkzone</strong></span> program
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering checks a master file for
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering syntax and consistency.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Similar to <span><strong class="command">named-checkzone,</strong></span> but
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering it always dumps the zone content to a specified file
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering (typically in a different format).
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering The remote name daemon control
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering (<span><strong class="command">rndc</strong></span>) program allows the
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering administrator to control the operation of a name server.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Since <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span>
1579dd2c9b8f97e5ec4016d3928d73fea160e55aLennart Poettering supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering utility except <span><strong class="command">ndc start</strong></span> and
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <span><strong class="command">ndc restart</strong></span>, which were also
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering not supported in <span><strong class="command">ndc</strong></span>'s
1a2d5fbe7efa04181a2d5518bc510b84b280baf9David Herrmann If you run <span><strong class="command">rndc</strong></span> without any
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering it will display a usage message as follows:
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<p>The <span><strong class="command">command</strong></span>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering is one of the following:
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Reload configuration file and zones.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>class</code></em>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Reload the given zone.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>class</code></em>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Schedule zone maintenance for the given zone.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>class</code></em>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Retransfer the given zone from the master.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<dt><span class="term"><strong class="userinput"><code>freeze
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>zone</code></em>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>class</code></em>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Suspend updates to a dynamic zone. If no zone is
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering then all zones are suspended. This allows manual
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering edits to be made to a zone normally updated by dynamic
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering also causes changes in the journal file to be synced
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering into the master
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering and the journal file to be removed. All dynamic
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering update attempts will
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering be refused while the zone is frozen.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<dt><span class="term"><strong class="userinput"><code>thaw
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>zone</code></em>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>class</code></em>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Enable updates to a frozen dynamic zone. If no zone
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering specified, then all frozen zones are enabled. This
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering the server to reload the zone from disk, and
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering re-enables dynamic updates
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering after the load has completed. After a zone is thawed,
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering dynamic updates
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering will no longer be refused.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>class</code></em>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Resend NOTIFY messages for the zone.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Reload the configuration file and load new zones,
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering but do not reload existing zone files even if they
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering This is faster than a full <span><strong class="command">reload</strong></span> when there
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering is a large number of zones because it avoids the need
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering to examine the
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering modification times of the zones files.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Write server statistics to the statistics file.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<dt><span class="term"><strong class="userinput"><code>querylog</code></strong></span></dt>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Toggle query logging. Query logging can also be enabled
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering by explicitly directing the <span><strong class="command">queries</strong></span>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">category</strong></span> to a
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">channel</strong></span> in the
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">logging</strong></span> section of
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <code class="filename">named.conf</code> or by specifying
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">querylog yes;</strong></span> in the
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">options</strong></span> section of
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <code class="filename">named.conf</code>.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<dt><span class="term"><strong class="userinput"><code>dumpdb
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering [<span class="optional">-all|-cache|-zone</span>]
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Dump the server's caches (default) and/or zones to
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering dump file for the specified views. If no view is
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering specified, all
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering views are dumped.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
7edecf218e5884ec8d1549707b4c7a0572c2d93bThomas Hindoe Paaboel Andersen Stop the server, making sure any recent changes
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering made through dynamic update or IXFR are first saved to
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering the master files of the updated zones.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering If -p is specified named's process id is returned.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering This allows an external process to determine when named
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering had completed stopping.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Stop the server immediately. Recent changes
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering made through dynamic update or IXFR are not saved to
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering the master files, but will be rolled forward from the
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering journal files when the server is restarted.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering If -p is specified named's process id is returned.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering This allows an external process to determine when named
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering had completed halting.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Increment the servers debugging level by one.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Sets the server's debugging level to an explicit
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Sets the server's debugging level to 0.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Flushes the server's cache.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em></span></dt>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Flushes the given name from the server's cache.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Display status of the server.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering and the default <span><strong class="command">/IN</strong></span>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering hint zone if there is not an
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering explicit root zone configured.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Dump the list of queries named is currently recursing
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering A configuration file is required, since all
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering communication with the server is authenticated with
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering digital signatures that rely on a shared secret, and
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering there is no way to provide that secret other than with a
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering configuration file. The default location for the
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">rndc</strong></span> configuration file is
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <code class="filename">/etc/rndc.conf</code>, but an
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering location can be specified with the <code class="option">-c</code>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering option. If the configuration file is not found,
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">rndc</strong></span> will also look in
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <code class="filename">/etc/rndc.key</code> (or whatever
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <code class="varname">sysconfdir</code> was defined when
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering the <acronym class="acronym">BIND</acronym> build was
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering The <code class="filename">rndc.key</code> file is
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering running <span><strong class="command">rndc-confgen -a</strong></span> as
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Usage”</a>.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering The format of the configuration file is similar to
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering that of <code class="filename">named.conf</code>, but
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering only four statements, the <span><strong class="command">options</strong></span>,
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">include</strong></span>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering statements. These statements are what associate the
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering secret keys to the servers with which they are meant to
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering be shared. The order of statements is not
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering The <span><strong class="command">options</strong></span> statement has
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering three clauses:
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>,
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering and <span><strong class="command">default-port</strong></span>.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">default-server</strong></span> takes a
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering host name or address argument and represents the server
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering be contacted if no <code class="option">-s</code>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering option is provided on the command line.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">default-key</strong></span> takes
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">default-port</strong></span> specifies the
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">rndc</strong></span> should connect if no
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering port is given on the command line or in a
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">server</strong></span> statement.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering The <span><strong class="command">key</strong></span> statement defines a
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering key to be used
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering by <span><strong class="command">rndc</strong></span> when authenticating
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">named</strong></span>. Its syntax is
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering identical to the
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">key</strong></span> statement in named.conf.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering The keyword <strong class="userinput"><code>key</code></strong> is
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering followed by a key name, which must be a valid
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering domain name, though it need not actually be hierarchical;
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering The <span><strong class="command">key</strong></span> statement has two
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering While the configuration parser will accept any string as the
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>"
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering has any meaning. The secret is a base-64 encoded string
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering as specified in RFC 3548.
94e5ba370aa12b47571f08112986d0b91935dee9Torstein Husebø The <span><strong class="command">server</strong></span> statement
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering associates a key
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering defined using the <span><strong class="command">key</strong></span>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering statement with a server.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering The keyword <strong class="userinput"><code>server</code></strong> is followed by a
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering host name or address. The <span><strong class="command">server</strong></span> statement
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering The <span><strong class="command">key</strong></span> clause specifies the
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering name of the key
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering to be used when communicating with this server, and the
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <span><strong class="command">port</strong></span> clause can be used to
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering specify the port <span><strong class="command">rndc</strong></span> should
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering to on the server.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering A sample minimal configuration file is as follows:
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering algorithm "hmac-md5";
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering default-server 127.0.0.1;
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering default-key rndc_key;
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering This file, if installed as <code class="filename">/etc/rndc.conf</code>,
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering would allow the command:
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering to connect to 127.0.0.1 port 953 and cause the name server
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering to reload, if a name server on the local machine were
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering following controls statements:
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering and it had an identical key statement for
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Running the <span><strong class="command">rndc-confgen</strong></span>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering conveniently create a <code class="filename">rndc.conf</code>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering file for you, and also display the
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering corresponding <span><strong class="command">controls</strong></span>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering statement that you need to
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering add to <code class="filename">named.conf</code>.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Alternatively,
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering you can run <span><strong class="command">rndc-confgen -a</strong></span>
dd2fd155901a965ec0efa3adc460b33d2048d4c2Lennart Poettering a <code class="filename">rndc.key</code> file and not
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <code class="filename">named.conf</code> at all.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<div class="titlepage"><div><div><h3 class="title">
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<a name="id2570104"></a>Signals</h3></div></div></div>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Certain UNIX signals cause the name server to take specific
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering actions, as described in the following table. These signals can
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering be sent using the <span><strong class="command">kill</strong></span> command.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<div class="informaltable"><table border="1">
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <p><span><strong class="command">SIGHUP</strong></span></p>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Causes the server to read <code class="filename">named.conf</code> and
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering reload the database.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <p><span><strong class="command">SIGTERM</strong></span></p>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Causes the server to clean up and exit.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering <p><span><strong class="command">SIGINT</strong></span></p>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering Causes the server to clean up and exit.
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<table width="100%" summary="Navigation footer">
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<td width="40%" align="left" valign="top">Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements�</td>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
615aaf412c441e67c7cad2e5ae966b03fca1fae7Lennart Poettering<td width="40%" align="right" valign="top">�Chapter�4.�Advanced DNS Features</td>