man.rndc.html revision 15d29ab5fe89ad45b13ab8dcb74093f682a95986
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico - Copyright (C) 2000-2003 Internet Software Consortium.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico - Permission to use, copy, modify, and/or distribute this software for any
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico - purpose with or without fee is hereby granted, provided that the above
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico - copyright notice and this permission notice appear in all copies.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico - PERFORMANCE OF THIS SOFTWARE.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<!-- $Id$ -->
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<link rel="prev" href="man.nsupdate.html" title="nsupdate">
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<a name="man.rndc"></a><div class="titlepage"></div>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<p><span class="application">rndc</span> — name server control utility</p>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<p><span><strong class="command">rndc</strong></span>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico controls the operation of a name
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico server. It supersedes the <span><strong class="command">ndc</strong></span> utility
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico that was provided in old BIND releases. If
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico <span><strong class="command">rndc</strong></span> is invoked with no command line
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico options or arguments, it prints a short summary of the
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico supported commands and the available options and their
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<p><span><strong class="command">rndc</strong></span>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico communicates with the name server
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico over a TCP connection, sending commands authenticated with
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico digital signatures. In the current versions of
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico the only supported authentication algorithm is HMAC-MD5,
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico which uses a shared secret on each end of the connection.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico This provides TSIG-style authentication for the command
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico request and the name server's response. All commands sent
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico over the channel must be signed by a key_id known to the
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<p><span><strong class="command">rndc</strong></span>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico reads a configuration file to
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico determine how to contact the name server and decide what
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico algorithm and key it should use.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico Use <em class="replaceable"><code>source-address</code></em>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico as the source address for the connection to the server.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico Multiple instances are permitted to allow setting of both
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico the IPv4 and IPv6 source addresses.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico Use <em class="replaceable"><code>config-file</code></em>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico as the configuration file instead of the default,
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico Use <em class="replaceable"><code>key-file</code></em>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico as the key file instead of the default,
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico <code class="filename">/etc/rndc.key</code>. The key in
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico <code class="filename">/etc/rndc.key</code> will be used to
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico authenticate
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico does not exist.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<dd><p><em class="replaceable"><code>server</code></em> is
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico the name or address of the server which matches a
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico server statement in the configuration file for
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico <span><strong class="command">rndc</strong></span>. If no server is supplied on the
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico command line, the host named by the default-server clause
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico in the options statement of the <span><strong class="command">rndc</strong></span>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico configuration file will be used.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico Send commands to TCP port
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico of BIND 9's default control channel port, 953.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico Enable verbose logging.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico Use the key <em class="replaceable"><code>key_id</code></em>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico from the configuration file.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico known by named with the same algorithm and secret string
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico in order for control message validation to succeed.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico If no <em class="replaceable"><code>key_id</code></em>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico is specified, <span><strong class="command">rndc</strong></span> will first look
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico for a key clause in the server statement of the server
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico being used, or if no server statement is present for that
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico host, then the default-key clause of the options statement.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico Note that the configuration file contains shared secrets
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico which are used to send authenticated control commands
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico to name servers. It should therefore not have general read
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico or write access.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico see the BIND 9 Administrator Reference Manual or run
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico <span><strong class="command">rndc</strong></span> without arguments to see its help
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<p><span><strong class="command">rndc</strong></span>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico does not yet support all the commands of
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico the BIND 8 <span><strong class="command">ndc</strong></span> utility.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico There is currently no way to provide the shared secret for a
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico <code class="option">key_id</code> without using the configuration file.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico Several error messages could be clearer.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<p><span class="corpauthor">Internet Systems Consortium</span>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
1df8cf8012766394a0ec6b36010e236e9a9415b1JazzyNico<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>