47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering<html>

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering<head>

8c4a3079a7f358c179430d1aec59de8b670b5f6eLennart Poettering<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

d122948d6fbaac4505cf14a08f1237daa89efdd0Lennart Poettering<title>rndc</title>

d122948d6fbaac4505cf14a08f1237daa89efdd0Lennart Poettering<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

d122948d6fbaac4505cf14a08f1237daa89efdd0Lennart Poettering<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

d122948d6fbaac4505cf14a08f1237daa89efdd0Lennart Poettering<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering<link rel="prev" href="man.nsupdate.html" title="nsupdate">

8c6db8336536916d0476ff8233e0abf40a2f6aabLennart Poettering<link rel="next" href="man.rndc.conf.html" title="rndc.conf">

8c6db8336536916d0476ff8233e0abf40a2f6aabLennart Poettering</head>

490aed584944b684026a3fd01f8d81f2881e38d6Lennart Poettering<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

5a1e99375d03bc88795d68c66bf3933dd04c1015Lennart Poettering<div class="navheader">

036643a247c659db8e1b3df1778d51553a816ec9Lennart Poettering<table width="100%" summary="Navigation header">

8c4a3079a7f358c179430d1aec59de8b670b5f6eLennart Poettering<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering<tr>

32d0463d5c9982cc0c98a6e2867f94c764a496c2Lennart Poettering<td width="20%" align="left">

34c8deaae1fcfa9e7c9db49b5f3a33973e103218Lennart Poettering<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>

af2d49f70bcff20efaf2d69aecaf4b3e898ff1faLennart Poettering<th width="60%" align="center">Manual pages</th>

8c4a3079a7f358c179430d1aec59de8b670b5f6eLennart Poettering<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>

8c4a3079a7f358c179430d1aec59de8b670b5f6eLennart Poettering</td>

8c4a3079a7f358c179430d1aec59de8b670b5f6eLennart Poettering</tr>

8c4a3079a7f358c179430d1aec59de8b670b5f6eLennart Poettering</table>

8c4a3079a7f358c179430d1aec59de8b670b5f6eLennart Poettering<hr>

cb06add70d69eae1a990da283e1a582ee98a142dLennart Poettering</div>

cb06add70d69eae1a990da283e1a582ee98a142dLennart Poettering<div class="refentry" lang="en">

8c4a3079a7f358c179430d1aec59de8b670b5f6eLennart Poettering<a name="man.rndc"></a><div class="titlepage"></div>

70fcff314feff469a8e61dbe5017ed74f5e0a09dLennart Poettering<div class="refnamediv">

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering<h2>Name</h2>

d3f09cf39637de2441288b5e4c93eecbd1fb872dKay Sievers<p><span class="application">rndc</span> &#8212; name server control utility</p>

487393e9f11e4a06d91df03232914bd8c4b3368eLennart Poettering</div>

036643a247c659db8e1b3df1778d51553a816ec9Lennart Poettering<div class="refsynopsisdiv">

70fcff314feff469a8e61dbe5017ed74f5e0a09dLennart Poettering<h2>Synopsis</h2>

0571e0111d76cf96aa4069d9c7a6e24d97aa7e48Lennart Poettering<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>

061978fa4d10851d18786432688a32984732c376Lennart Poettering</div>

af2d49f70bcff20efaf2d69aecaf4b3e898ff1faLennart Poettering<div class="refsect1" lang="en">

af2d49f70bcff20efaf2d69aecaf4b3e898ff1faLennart Poettering<a name="id2645575"></a><h2>DESCRIPTION</h2>

af2d49f70bcff20efaf2d69aecaf4b3e898ff1faLennart Poettering<p><span><strong class="command">rndc</strong></span>

91901329245f070b621a24577393fb8f4ce9bffcLennart Poettering controls the operation of a name

f401faf540ee31740b4cd0a8b3d4038ea8c33092Lennart Poettering server. It supersedes the <span><strong class="command">ndc</strong></span> utility

b1b2a107d15a370d40b200172837bdd82ff3c3b2Fabiano Fidêncio that was provided in old BIND releases. If

2cb1a60d14f869023652482a380ca7b659dcf78fLennart Poettering <span><strong class="command">rndc</strong></span> is invoked with no command line

501fc174c22aebd3181af08a4cfa65cc92bbe233Lennart Poettering options or arguments, it prints a short summary of the

5b754353282e3ba3cf9c4ffc50579aff4b7d72dbKay Sievers supported commands and the available options and their

bb29785e0df6a7cf07db0259a60bc1f3b4814cb4Lennart Poettering arguments.

ca2cab5dcd3d29f45992a439f54e48faad764c6eLennart Poettering </p>

e23a0ce8badd09aefa961a3a576bfe85f6ebbad7Lennart Poettering<p><span><strong class="command">rndc</strong></span>

5a1e99375d03bc88795d68c66bf3933dd04c1015Lennart Poettering communicates with the name server over a TCP connection, sending

af2d49f70bcff20efaf2d69aecaf4b3e898ff1faLennart Poettering commands authenticated with digital signatures. In the current

83cc030fadf71d63d488cf9015275f9e5a02e2ccLennart Poettering versions of

e99e38bbdcca3fe5956823bdb3d38544ccf93221Lennart Poettering <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering the only supported authentication algorithms are HMAC-MD5

9841e8e3d305e6f4173c9aedbe8d57adfe10d145Gustavo Sverzut Barbieri (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256

9841e8e3d305e6f4173c9aedbe8d57adfe10d145Gustavo Sverzut Barbieri (default), HMAC-SHA384 and HMAC-SHA512.

9841e8e3d305e6f4173c9aedbe8d57adfe10d145Gustavo Sverzut Barbieri They use a shared secret on each end of the connection.

9841e8e3d305e6f4173c9aedbe8d57adfe10d145Gustavo Sverzut Barbieri This provides TSIG-style authentication for the command

9841e8e3d305e6f4173c9aedbe8d57adfe10d145Gustavo Sverzut Barbieri request and the name server's response. All commands sent

9841e8e3d305e6f4173c9aedbe8d57adfe10d145Gustavo Sverzut Barbieri over the channel must be signed by a key_id known to the

c226fa4196aacf44a2aa9ebbd222161f79c2f070Lucas De Marchi server.

c226fa4196aacf44a2aa9ebbd222161f79c2f070Lucas De Marchi </p>

c226fa4196aacf44a2aa9ebbd222161f79c2f070Lucas De Marchi<p><span><strong class="command">rndc</strong></span>

c226fa4196aacf44a2aa9ebbd222161f79c2f070Lucas De Marchi reads a configuration file to

c226fa4196aacf44a2aa9ebbd222161f79c2f070Lucas De Marchi determine how to contact the name server and decide what

c226fa4196aacf44a2aa9ebbd222161f79c2f070Lucas De Marchi algorithm and key it should use.

f5c88ec1330b61787441156de7d764a140774bd2Miklos Vajna </p>

f5c88ec1330b61787441156de7d764a140774bd2Miklos Vajna</div>

f5c88ec1330b61787441156de7d764a140774bd2Miklos Vajna<div class="refsect1" lang="en">

f5c88ec1330b61787441156de7d764a140774bd2Miklos Vajna<a name="id2645625"></a><h2>OPTIONS</h2>

f5c88ec1330b61787441156de7d764a140774bd2Miklos Vajna<div class="variablelist"><dl>

f5c88ec1330b61787441156de7d764a140774bd2Miklos Vajna<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>

1de4d79bf554946f486adf56ed765c5335816f15Andrey Borzenkov<dd><p>

1de4d79bf554946f486adf56ed765c5335816f15Andrey Borzenkov Use <em class="replaceable"><code>source-address</code></em>

1de4d79bf554946f486adf56ed765c5335816f15Andrey Borzenkov as the source address for the connection to the server.

1de4d79bf554946f486adf56ed765c5335816f15Andrey Borzenkov Multiple instances are permitted to allow setting of both

1de4d79bf554946f486adf56ed765c5335816f15Andrey Borzenkov the IPv4 and IPv6 source addresses.

1de4d79bf554946f486adf56ed765c5335816f15Andrey Borzenkov </p></dd>

9841e8e3d305e6f4173c9aedbe8d57adfe10d145Gustavo Sverzut Barbieri<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>

9841e8e3d305e6f4173c9aedbe8d57adfe10d145Gustavo Sverzut Barbieri<dd><p>

9841e8e3d305e6f4173c9aedbe8d57adfe10d145Gustavo Sverzut Barbieri Use <em class="replaceable"><code>config-file</code></em>

9841e8e3d305e6f4173c9aedbe8d57adfe10d145Gustavo Sverzut Barbieri as the configuration file instead of the default,

9841e8e3d305e6f4173c9aedbe8d57adfe10d145Gustavo Sverzut Barbieri <code class="filename">/etc/rndc.conf</code>.

c226fa4196aacf44a2aa9ebbd222161f79c2f070Lucas De Marchi </p></dd>

f5c88ec1330b61787441156de7d764a140774bd2Miklos Vajna<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>

1de4d79bf554946f486adf56ed765c5335816f15Andrey Borzenkov<dd><p>

9841e8e3d305e6f4173c9aedbe8d57adfe10d145Gustavo Sverzut Barbieri Use <em class="replaceable"><code>key-file</code></em>

8c4a3079a7f358c179430d1aec59de8b670b5f6eLennart Poettering as the key file instead of the default,

134dc482d24c90ec050a953197391254f28c761cLennart Poettering <code class="filename">/etc/rndc.key</code>. The key in

4a2a8b5a82325494f5daf4c66c23fdb4f906c9e6Lennart Poettering <code class="filename">/etc/rndc.key</code> will be used to

490aed584944b684026a3fd01f8d81f2881e38d6Lennart Poettering authenticate

ec863ba65a41e58680a3ab15841243088284e808Lennart Poettering commands sent to the server if the <em class="replaceable"><code>config-file</code></em>

74ce487dafff196f657835672aae5ad1eb3a6dafLennart Poettering does not exist.

a5f9be457957731f6bd21bf60dd182fb2a6278cfLennart Poettering </p></dd>

d7ccca2e3f86feb81a48e243d8bad78814659a74Lennart Poettering<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>

a9b5b03212f9c854938483b8901e433c2ba6619bMichael Tremer<dd><p><em class="replaceable"><code>server</code></em> is

8c4a3079a7f358c179430d1aec59de8b670b5f6eLennart Poettering the name or address of the server which matches a

a8f11321c209830a35edd0357e8def5d4437d854Lennart Poettering server statement in the configuration file for

a5f9be457957731f6bd21bf60dd182fb2a6278cfLennart Poettering <span><strong class="command">rndc</strong></span>. If no server is supplied on the

5b754353282e3ba3cf9c4ffc50579aff4b7d72dbKay Sievers command line, the host named by the default-server clause

88213476187cafc86bea2276199891873000588dLennart Poettering in the options statement of the <span><strong class="command">rndc</strong></span>

f695b3b09b672c327c5b525ed7a2390c4b99a67eLennart Poettering configuration file will be used.

5b754353282e3ba3cf9c4ffc50579aff4b7d72dbKay Sievers </p></dd>

f695b3b09b672c327c5b525ed7a2390c4b99a67eLennart Poettering<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>

10e87ee7f66b59a504c0ed2025463ba5faa69923Lennart Poettering<dd><p>

10e87ee7f66b59a504c0ed2025463ba5faa69923Lennart Poettering Send commands to TCP port

490aed584944b684026a3fd01f8d81f2881e38d6Lennart Poettering <em class="replaceable"><code>port</code></em>

d674a4ab52b08dfa8d2221d903011ebf8ae2d11fLennart Poettering instead

a9b5b03212f9c854938483b8901e433c2ba6619bMichael Tremer of BIND 9's default control channel port, 953.

8e27452380193a5f81bfd08a59aab8b07008ba0bLennart Poettering </p></dd>

8c4a3079a7f358c179430d1aec59de8b670b5f6eLennart Poettering<dt><span class="term">-V</span></dt>

8e27452380193a5f81bfd08a59aab8b07008ba0bLennart Poettering<dd><p>

0b7964b804e093d31c9adc34ba1917017c7f4d60Lennart Poettering Enable verbose logging.

4927fcae48de061393b3ce9c12d49f80d73fbf1dLennart Poettering </p></dd>

ca2cab5dcd3d29f45992a439f54e48faad764c6eLennart Poettering<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>

f61448083198dc0e4e0d19a916bcd478336cc85dLennart Poettering<dd><p>

5192bd1945f59254b3d260ded15dd9f2b8cc2de7Lennart Poettering Use the key <em class="replaceable"><code>key_id</code></em>

b1b2a107d15a370d40b200172837bdd82ff3c3b2Fabiano Fidêncio from the configuration file.

449ddb2d23a63ca4c8cd70d13a070fba87c1fb30Lennart Poettering <em class="replaceable"><code>key_id</code></em>

addab137cd8d318e4f543ca56018ee23d51aaca9Lennart Poettering must be

97c4a07df982ee967705022feaba9be33947abf0Lennart Poettering known by named with the same algorithm and secret string

490aed584944b684026a3fd01f8d81f2881e38d6Lennart Poettering in order for control message validation to succeed.

22be093ffb403a1c474037939ca9b88b1ee39f77Lennart Poettering If no <em class="replaceable"><code>key_id</code></em>

22be093ffb403a1c474037939ca9b88b1ee39f77Lennart Poettering is specified, <span><strong class="command">rndc</strong></span> will first look

5008d5815a6223f01c9fc4c803ec6ec18c8f4e54Lennart Poettering for a key clause in the server statement of the server

3d20ed6d51e38968cd646e2b3b24f36673408024Lennart Poettering being used, or if no server statement is present for that

3d20ed6d51e38968cd646e2b3b24f36673408024Lennart Poettering host, then the default-key clause of the options statement.

e23a0ce8badd09aefa961a3a576bfe85f6ebbad7Lennart Poettering Note that the configuration file contains shared secrets

06cdd2484c5d0b7792168a7c2d99311e35b0fb8eLennart Poettering which are used to send authenticated control commands

8e1bd70d4ce6d3881c1df6a6482643a2b3a69bb1Lennart Poettering to name servers. It should therefore not have general read

07faed4f99d0c798f92de3032b9c20ca31388494Lennart Poettering or write access.

151b190e79e64824552e01849352ca8f6ac7dedbLennart Poettering </p></dd>

61fbbab8697ec62cdedc08efdbb8da1c875ce2a1Kay Sievers</dl></div>

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering<p>

2a796654b9a1f84962e5dafbcf171dcc22742c99Lennart Poettering For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,

5b754353282e3ba3cf9c4ffc50579aff4b7d72dbKay Sievers see the BIND 9 Administrator Reference Manual or run

2a796654b9a1f84962e5dafbcf171dcc22742c99Lennart Poettering <span><strong class="command">rndc</strong></span> without arguments to see its help

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering message.

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering </p>

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering</div>

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering<div class="refsect1" lang="en">

2a796654b9a1f84962e5dafbcf171dcc22742c99Lennart Poettering<a name="id2646260"></a><h2>LIMITATIONS</h2>

5a1e99375d03bc88795d68c66bf3933dd04c1015Lennart Poettering<p><span><strong class="command">rndc</strong></span>

7f4e08056de0184b205a20632e62db73d299937eLennart Poettering does not yet support all the commands of

5a1e99375d03bc88795d68c66bf3933dd04c1015Lennart Poettering the BIND 8 <span><strong class="command">ndc</strong></span> utility.

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering </p>

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering<p>

15ae422b7471cf6f41ccf450243d8afd8ea0a054Lennart Poettering There is currently no way to provide the shared secret for a

af5bc85dc1297079edc9890861aaa38de0ec30dfLennart Poettering <code class="option">key_id</code> without using the configuration file.

8c47c7325fa1ab72febf807f8831ff24c75fbf45Lennart Poettering </p>

e59077036bcf5a041e336f04cb0d2f7d18d489a1Lennart Poettering<p>

8c6db8336536916d0476ff8233e0abf40a2f6aabLennart Poettering Several error messages could be clearer.

c24eb49e6aecd6de2ad450083e826d4c9d9c75b6Lennart Poettering </p>

f90cf44c02ac09469279126e2863a1e71358ee11Lennart Poettering</div>

f90cf44c02ac09469279126e2863a1e71358ee11Lennart Poettering<div class="refsect1" lang="en">

8c6db8336536916d0476ff8233e0abf40a2f6aabLennart Poettering<a name="id2646291"></a><h2>SEE ALSO</h2>

8c6db8336536916d0476ff8233e0abf40a2f6aabLennart Poettering<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,

8c6db8336536916d0476ff8233e0abf40a2f6aabLennart Poettering <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,

8c6db8336536916d0476ff8233e0abf40a2f6aabLennart Poettering <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,

8c6db8336536916d0476ff8233e0abf40a2f6aabLennart Poettering <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,

47be870bd83fb3719dffc3ee9348a409ab762a14Lennart Poettering <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,

487393e9f11e4a06d91df03232914bd8c4b3368eLennart Poettering <em class="citetitle">BIND 9 Administrator Reference Manual</em>.

487393e9f11e4a06d91df03232914bd8c4b3368eLennart Poettering </p>

487393e9f11e4a06d91df03232914bd8c4b3368eLennart Poettering</div>

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering<div class="refsect1" lang="en">

dfac97b21e00cd3617ba817227db7b621841b5ccLennart Poettering<a name="id2646346"></a><h2>AUTHOR</h2>

e24067c3ec0e16e94e9620d4f7a06ccc4b637eb4Lennart Poettering<p><span class="corpauthor">Internet Systems Consortium</span>

d122948d6fbaac4505cf14a08f1237daa89efdd0Lennart Poettering </p>

d122948d6fbaac4505cf14a08f1237daa89efdd0Lennart Poettering</div>

d122948d6fbaac4505cf14a08f1237daa89efdd0Lennart Poettering</div>

d1ab0ca07372649dad70a0348d75e394f254e1b6Lennart Poettering<div class="navfooter">

dfac97b21e00cd3617ba817227db7b621841b5ccLennart Poettering<hr>

5cc5d790f4593bbf7829faba502e4c00b3718a08Lennart Poettering<table width="100%" summary="Navigation footer">

d122948d6fbaac4505cf14a08f1237daa89efdd0Lennart Poettering<tr>

4288f619215e3dda0b75113d78e4fb7ba219ed58Lennart Poettering<td width="40%" align="left">

4288f619215e3dda0b75113d78e4fb7ba219ed58Lennart Poettering<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>

4288f619215e3dda0b75113d78e4fb7ba219ed58Lennart Poettering<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>

4288f619215e3dda0b75113d78e4fb7ba219ed58Lennart Poettering<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>

4288f619215e3dda0b75113d78e4fb7ba219ed58Lennart Poettering</td>

871d7de47c13ee6cd78b8eefdf9128be3c740ac0Lennart Poettering</tr>

4288f619215e3dda0b75113d78e4fb7ba219ed58Lennart Poettering<tr>

4288f619215e3dda0b75113d78e4fb7ba219ed58Lennart Poettering<td width="40%" align="left" valign="top">

4288f619215e3dda0b75113d78e4fb7ba219ed58Lennart Poettering<span class="application">nsupdate</span>�</td>

4288f619215e3dda0b75113d78e4fb7ba219ed58Lennart Poettering<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

4288f619215e3dda0b75113d78e4fb7ba219ed58Lennart Poettering<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>

01f78473b104d28db0fa813414092bc6358ae521Lennart Poettering</td>

01f78473b104d28db0fa813414092bc6358ae521Lennart Poettering</tr>

4288f619215e3dda0b75113d78e4fb7ba219ed58Lennart Poettering</table>

42bb3074fe9632d7aa0fee825ad30d2083c3c629Ran Benita</div>

5b754353282e3ba3cf9c4ffc50579aff4b7d72dbKay Sievers</body>

42bb3074fe9632d7aa0fee825ad30d2083c3c629Ran Benita</html>

34c8deaae1fcfa9e7c9db49b5f3a33973e103218Lennart Poettering