doc/arm/man.rndc.html

	man.rndc.html revision 15d29ab5fe89ad45b13ab8dcb74093f682a95986
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence<!--
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence - Copyright (C) 2000-2003 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews -
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Permission to use, copy, modify, and/or distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - purpose with or without fee is hereby granted, provided that the above
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence - copyright notice and this permission notice appear in all copies.
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence -
70e5a7403f0e0a3bd292b8287c5fed5772c15270Automatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
ac9e556e494750eb6e454c337d6632fa395f24d8David Lawrence - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
ac9e556e494750eb6e454c337d6632fa395f24d8David Lawrence - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ac9e556e494750eb6e454c337d6632fa395f24d8David Lawrence - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
29747dfe5e073a299b3681e01f5c55540f8bfed7Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein - PERFORMANCE OF THIS SOFTWARE.
2777329775a039bea0ec3142a3e3158d9441fc75Tinderbox User-->
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<!-- $Id$ -->
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<html>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<head>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<title>rndc</title>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence<link rel="prev" href="man.nsupdate.html" title="nsupdate">
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
ac9e556e494750eb6e454c337d6632fa395f24d8David Lawrence</head>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence<div class="navheader">
ac9e556e494750eb6e454c337d6632fa395f24d8David Lawrence<table width="100%" summary="Navigation header">
ac9e556e494750eb6e454c337d6632fa395f24d8David Lawrence<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<tr>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence<td width="20%" align="left">
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence<th width="60%" align="center">Manual pages</th>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence</td>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence</tr>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence</table>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<hr>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence</div>
31707708c585c53b61ca1edb2e224e6bb1b985a5Evan Hunt<div class="refentry" lang="en">
31707708c585c53b61ca1edb2e224e6bb1b985a5Evan Hunt<a name="man.rndc"></a><div class="titlepage"></div>
31707708c585c53b61ca1edb2e224e6bb1b985a5Evan Hunt<div class="refnamediv">
31707708c585c53b61ca1edb2e224e6bb1b985a5Evan Hunt<h2>Name</h2>
31707708c585c53b61ca1edb2e224e6bb1b985a5Evan Hunt<p><span class="application">rndc</span> &#8212; name server control utility</p>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence</div>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<div class="refsynopsisdiv">
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence<h2>Synopsis</h2>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence<div class="cmdsynopsis"><p><code class="command">rndc</code>  [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence</div>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence<div class="refsect1" lang="en">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<a name="id2641211"></a><h2>DESCRIPTION</h2>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence<p><span><strong class="command">rndc</strong></span>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence      controls the operation of a name
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence      server.  It supersedes the <span><strong class="command">ndc</strong></span> utility
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence      that was provided in old BIND releases.  If
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein      <span><strong class="command">rndc</strong></span> is invoked with no command line
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence      options or arguments, it prints a short summary of the
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence      supported commands and the available options and their
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence      arguments.
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence    </p>
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence<p><span><strong class="command">rndc</strong></span>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein      communicates with the name server
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence      over a TCP connection, sending commands authenticated with
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence      digital signatures.  In the current versions of
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence      <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
d8e34837cd6c88c42b3ecdb9107a43ecf8252e79David Lawrence      the only supported authentication algorithm is HMAC-MD5,
ac9e556e494750eb6e454c337d6632fa395f24d8David Lawrence      which uses a shared secret on each end of the connection.
ac9e556e494750eb6e454c337d6632fa395f24d8David Lawrence      This provides TSIG-style authentication for the command
ac9e556e494750eb6e454c337d6632fa395f24d8David Lawrence      request and the name server's response.  All commands sent
ac9e556e494750eb6e454c337d6632fa395f24d8David Lawrence      over the channel must be signed by a key_id known to the
      server.
    </p>
<p><span><strong class="command">rndc</strong></span>
      reads a configuration file to
      determine how to contact the name server and decide what
      algorithm and key it should use.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2641261"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
            Use <em class="replaceable"><code>source-address</code></em>
            as the source address for the connection to the server.
            Multiple instances are permitted to allow setting of both
            the IPv4 and IPv6 source addresses.
          </p></dd>
<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
<dd><p>
            Use <em class="replaceable"><code>config-file</code></em>
            as the configuration file instead of the default,
            <code class="filename">/etc/rndc.conf</code>.
          </p></dd>
<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
<dd><p>
            Use <em class="replaceable"><code>key-file</code></em>
            as the key file instead of the default,
            <code class="filename">/etc/rndc.key</code>.  The key in
            <code class="filename">/etc/rndc.key</code> will be used to
            authenticate
            commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
            does not exist.
          </p></dd>
<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
<dd><p><em class="replaceable"><code>server</code></em> is
            the name or address of the server which matches a
            server statement in the configuration file for
            <span><strong class="command">rndc</strong></span>.  If no server is supplied on the
            command line, the host named by the default-server clause
            in the options statement of the <span><strong class="command">rndc</strong></span>
        configuration file will be used.
          </p></dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
<dd><p>
            Send commands to TCP port
            <em class="replaceable"><code>port</code></em>
            instead
            of BIND 9's default control channel port, 953.
          </p></dd>
<dt><span class="term">-V</span></dt>
<dd><p>
            Enable verbose logging.
          </p></dd>
<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
<dd><p>
            Use the key <em class="replaceable"><code>key_id</code></em>
            from the configuration file.
            <em class="replaceable"><code>key_id</code></em>
            must be
            known by named with the same algorithm and secret string
            in order for control message validation to succeed.
            If no <em class="replaceable"><code>key_id</code></em>
            is specified, <span><strong class="command">rndc</strong></span> will first look
            for a key clause in the server statement of the server
            being used, or if no server statement is present for that
            host, then the default-key clause of the options statement.
            Note that the configuration file contains shared secrets
            which are used to send authenticated control commands
            to name servers.  It should therefore not have general read
            or write access.
          </p></dd>
</dl></div>
<p>
      For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
      see the BIND 9 Administrator Reference Manual or run
      <span><strong class="command">rndc</strong></span> without arguments to see its help
      message.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2641760"></a><h2>LIMITATIONS</h2>
<p><span><strong class="command">rndc</strong></span>
      does not yet support all the commands of
      the BIND 8 <span><strong class="command">ndc</strong></span> utility.
    </p>
<p>
      There is currently no way to provide the shared secret for a
      <code class="option">key_id</code> without using the configuration file.
    </p>
<p>
      Several error messages could be clearer.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2641790"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
      <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
      <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2641846"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">nsupdate</span>�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>
</td>
</tr>
</table>
</div>
</body>
</html>