doc/arm/man.rndc.html

	man.rndc.html revision 21e01d1a464c9b3c694534a5e283bcde361e72bd
1633838b8255282d10af15c5c84cee5a51466712Bob Halley<!--
49dbdb0186eb23d87d685b96eaefa9ec3c71d9b8David Lawrence - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence - Copyright (C) 2000-2003 Internet Software Consortium.
1633838b8255282d10af15c5c84cee5a51466712Bob Halley -
1633838b8255282d10af15c5c84cee5a51466712Bob Halley - Permission to use, copy, modify, and/or distribute this software for any
1633838b8255282d10af15c5c84cee5a51466712Bob Halley - purpose with or without fee is hereby granted, provided that the above
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence - copyright notice and this permission notice appear in all copies.
15a44745412679c30a6d022733925af70a38b715David Lawrence -
15a44745412679c30a6d022733925af70a38b715David Lawrence - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
15a44745412679c30a6d022733925af70a38b715David Lawrence - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
15a44745412679c30a6d022733925af70a38b715David Lawrence - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15a44745412679c30a6d022733925af70a38b715David Lawrence - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15a44745412679c30a6d022733925af70a38b715David Lawrence - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15a44745412679c30a6d022733925af70a38b715David Lawrence - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15a44745412679c30a6d022733925af70a38b715David Lawrence - PERFORMANCE OF THIS SOFTWARE.
1633838b8255282d10af15c5c84cee5a51466712Bob Halley-->
9a4ce0c25809073f31226faa6ed94c70474cf363Bob Halley<!-- $Id$ -->
01956482905dd861a9b07d417d469955466b728dDamien Neil<html>
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence<head>
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley<title>rndc</title>
9a4ce0c25809073f31226faa6ed94c70474cf363Bob Halley<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
9a4ce0c25809073f31226faa6ed94c70474cf363Bob Halley<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
9a4ce0c25809073f31226faa6ed94c70474cf363Bob Halley<link rel="prev" href="man.nsupdate.html" title="nsupdate">
9c4f33b6718407e94d50dbfb4977e16d3f83de9dDavid Lawrence<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
9c4f33b6718407e94d50dbfb4977e16d3f83de9dDavid Lawrence</head>
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley<div class="navheader">
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington<table width="100%" summary="Navigation header">
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington<tr>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington<td width="20%" align="left">
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington<th width="60%" align="center">Manual pages</th>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
01956482905dd861a9b07d417d469955466b728dDamien Neil</td>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil</tr>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil</table>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<hr>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil</div>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<div class="refentry" lang="en">
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<a name="man.rndc"></a><div class="titlepage"></div>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<div class="refnamediv">
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<h2>Name</h2>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<p><span class="application">rndc</span> &#8212; name server control utility</p>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil</div>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<div class="refsynopsisdiv">
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington<h2>Synopsis</h2>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington<div class="cmdsynopsis"><p><code class="command">rndc</code>  [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil</div>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<div class="refsect1" lang="en">
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<a name="id2643683"></a><h2>DESCRIPTION</h2>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<p><span><strong class="command">rndc</strong></span>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil      controls the operation of a name
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley      server.  It supersedes the <span><strong class="command">ndc</strong></span> utility
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley      that was provided in old BIND releases.  If
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley      <span><strong class="command">rndc</strong></span> is invoked with no command line
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil      options or arguments, it prints a short summary of the
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington      supported commands and the available options and their
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington      arguments.
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington    </p>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<p><span><strong class="command">rndc</strong></span>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington      communicates with the name server
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley      over a TCP connection, sending commands authenticated with
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley      digital signatures.  In the current versions of
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley      <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington      the only supported authentication algorithm is HMAC-MD5,
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington      which uses a shared secret on each end of the connection.
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil      This provides TSIG-style authentication for the command
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil      request and the name server's response.  All commands sent
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil      over the channel must be signed by a key_id known to the
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil      server.
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley    </p>
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley<p><span><strong class="command">rndc</strong></span>
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley      reads a configuration file to
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil      determine how to contact the name server and decide what
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil      algorithm and key it should use.
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil    </p>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil</div>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<div class="refsect1" lang="en">
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<a name="id2643733"></a><h2>OPTIONS</h2>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<div class="variablelist"><dl>
f671a5c51cc59e266620c0c4026b054908fdd80cBob Halley<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
e4b9761b0ef03597c35d1ef1d86e12514c621f90Michael Graff<dd><p>
f671a5c51cc59e266620c0c4026b054908fdd80cBob Halley            Use <em class="replaceable"><code>source-address</code></em>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil            as the source address for the connection to the server.
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil            Multiple instances are permitted to allow setting of both
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil            the IPv4 and IPv6 source addresses.
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil          </p></dd>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<dd><p>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil            Use <em class="replaceable"><code>config-file</code></em>
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley            as the configuration file instead of the default,
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley            <code class="filename">/etc/rndc.conf</code>.
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley          </p></dd>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley<dd><p>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington            Use <em class="replaceable"><code>key-file</code></em>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington            as the key file instead of the default,
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington            <code class="filename">/etc/rndc.key</code>.  The key in
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington            <code class="filename">/etc/rndc.key</code> will be used to
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington            authenticate
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington            commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington            does not exist.
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington          </p></dd>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil<dd><p><em class="replaceable"><code>server</code></em> is
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil            the name or address of the server which matches a
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil            server statement in the configuration file for
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil            <span><strong class="command">rndc</strong></span>.  If no server is supplied on the
e9453d609db9aed9efd2bb4fd287ff3ad11da0b2Damien Neil            command line, the host named by the default-server clause
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington            in the options statement of the <span><strong class="command">rndc</strong></span>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington        configuration file will be used.
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington          </p></dd>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington<dd><p>
26d20cd51c968e111b4122536825368a17b5ca82Brian Wellington            Send commands to TCP port
bf6d2e39124ab3d51c253f7acad9a4abef059be6Bob Halley            <em class="replaceable"><code>port</code></em>
            instead
            of BIND 9's default control channel port, 953.
          </p></dd>
<dt><span class="term">-V</span></dt>
<dd><p>
            Enable verbose logging.
          </p></dd>
<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
<dd><p>
            Use the key <em class="replaceable"><code>key_id</code></em>
            from the configuration file.
            <em class="replaceable"><code>key_id</code></em>
            must be
            known by named with the same algorithm and secret string
            in order for control message validation to succeed.
            If no <em class="replaceable"><code>key_id</code></em>
            is specified, <span><strong class="command">rndc</strong></span> will first look
            for a key clause in the server statement of the server
            being used, or if no server statement is present for that
            host, then the default-key clause of the options statement.
            Note that the configuration file contains shared secrets
            which are used to send authenticated control commands
            to name servers.  It should therefore not have general read
            or write access.
          </p></dd>
</dl></div>
<p>
      For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
      see the BIND 9 Administrator Reference Manual or run
      <span><strong class="command">rndc</strong></span> without arguments to see its help
      message.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2644641"></a><h2>LIMITATIONS</h2>
<p><span><strong class="command">rndc</strong></span>
      does not yet support all the commands of
      the BIND 8 <span><strong class="command">ndc</strong></span> utility.
    </p>
<p>
      There is currently no way to provide the shared secret for a
      <code class="option">key_id</code> without using the configuration file.
    </p>
<p>
      Several error messages could be clearer.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2644672"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
      <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
      <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2644727"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">nsupdate</span>�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>
</td>
</tr>
</table>
</div>
</body>
</html>