man.rndc.html revision 4abdfc917e6635a7c81d1f931a0c79227e72d025
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson - Copyright (C) 2000-2003 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Permission to use, copy, modify, and distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - purpose with or without fee is hereby granted, provided that the above
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson - copyright notice and this permission notice appear in all copies.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
83a28ca274521e15086fc39febde507bcc4e145eMark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - PERFORMANCE OF THIS SOFTWARE.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<!-- $Id: man.rndc.html,v 1.40 2007/01/26 23:29:04 marka Exp $ -->
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<link rel="prev" href="man.named.html" title="named">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
194e2dfffa6a167b8eef0ad11864026b423a1c30Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85Mark Andrews<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<a accesskey="p" href="man.named.html">Prev</a>�</td>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson<a name="man.rndc"></a><div class="titlepage"></div>
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson<p><span class="application">rndc</span> — name server control utility</p>
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson<a name="id2603850"></a><h2>DESCRIPTION</h2>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p><span><strong class="command">rndc</strong></span>
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson controls the operation of a name
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt server. It supersedes the <span><strong class="command">ndc</strong></span> utility
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews that was provided in old BIND releases. If
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson <span><strong class="command">rndc</strong></span> is invoked with no command line
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein options or arguments, it prints a short summary of the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein supported commands and the available options and their
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p><span><strong class="command">rndc</strong></span>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein communicates with the name server
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein over a TCP connection, sending commands authenticated with
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein digital signatures. In the current versions of
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span> named
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein the only supported authentication algorithm is HMAC-MD5,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein which uses a shared secret on each end of the connection.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein This provides TSIG-style authentication for the command
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein request and the name server's response. All commands sent
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein over the channel must be signed by a key_id known to the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p><span><strong class="command">rndc</strong></span>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein reads a configuration file to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein determine how to contact the name server and decide what
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein algorithm and key it should use.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Use <em class="replaceable"><code>source-address</code></em>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein as the source address for the connection to the server.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Multiple instances are permitted to allow setting of both
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein the IPv4 and IPv6 source addresses.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Use <em class="replaceable"><code>config-file</code></em>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein as the configuration file instead of the default,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Use <em class="replaceable"><code>key-file</code></em>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein as the key file instead of the default,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <code class="filename">/etc/rndc.key</code>. The key in
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <code class="filename">/etc/rndc.key</code> will be used to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein authenticate
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein does not exist.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dd><p><em class="replaceable"><code>server</code></em> is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein the name or address of the server which matches a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein server statement in the configuration file for
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <span><strong class="command">rndc</strong></span>. If no server is supplied on
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein command line, the host named by the default-server clause
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein in the option statement of the configuration file will be
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Send commands to TCP port
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein of BIND 9's default control channel port, 953.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Enable verbose logging.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-y <em class="replaceable"><code>keyid</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Use the key <em class="replaceable"><code>keyid</code></em>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein from the configuration file.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein known by named with the same algorithm and secret string
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein in order for control message validation to succeed.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein If no <em class="replaceable"><code>keyid</code></em>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein is specified, <span><strong class="command">rndc</strong></span> will first look
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein for a key clause in the server statement of the server
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein being used, or if no server statement is present for that
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein host, then the default-key clause of the options statement.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Note that the configuration file contains shared secrets
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein which are used to send authenticated control commands
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein to name servers. It should therefore not have general read
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein or write access.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein see the BIND 9 Administrator Reference Manual or run
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <span><strong class="command">rndc</strong></span> without arguments to see its help
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p><span><strong class="command">rndc</strong></span>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein does not yet support all the commands of
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein the BIND 8 <span><strong class="command">ndc</strong></span> utility.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein There is currently no way to provide the shared secret for a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <code class="option">key_id</code> without using the configuration file.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Several error messages could be clearer.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p><span class="corpauthor">Internet Systems Consortium</span>