man.rndc.html revision 2cc6eb92f9443695bc32fa6eed372d983d261a35
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<!--
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence - Copyright (C) 2000-2003 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews -
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Permission to use, copy, modify, and distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - purpose with or without fee is hereby granted, provided that the above
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley - copyright notice and this permission notice appear in all copies.
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley -
70e5a7403f0e0a3bd292b8287c5fed5772c15270Automatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence - PERFORMANCE OF THIS SOFTWARE.
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence-->
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence<!-- $Id: man.rndc.html,v 1.105 2009/01/09 01:11:52 tbox Exp $ -->
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence<html>
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence<head>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<title>rndc</title>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<link rel="prev" href="man.nsupdate.html" title="nsupdate">
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein</head>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<div class="navheader">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<table width="100%" summary="Navigation header">
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<tr>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<td width="20%" align="left">
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<th width="60%" align="center">Manual pages</th>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley</td>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley</tr>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein</table>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<hr>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley</div>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<div class="refentry" lang="en">
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<a name="man.rndc"></a><div class="titlepage"></div>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<div class="refnamediv">
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<h2>Name</h2>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<p><span class="application">rndc</span> &#8212; name server control utility</p>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley</div>
738922ba7bb10b206f6f54931aed068e3dcb950dDavid Lawrence<div class="refsynopsisdiv">
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<h2>Synopsis</h2>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley</div>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<div class="refsect1" lang="en">
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<a name="id2611150"></a><h2>DESCRIPTION</h2>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<p><span><strong class="command">rndc</strong></span>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews controls the operation of a name
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley server. It supersedes the <span><strong class="command">ndc</strong></span> utility
f6f4ceece41f040cc43722afa9a5cd1f54a576b6Michael Graff that was provided in old BIND releases. If
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley <span><strong class="command">rndc</strong></span> is invoked with no command line
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews options or arguments, it prints a short summary of the
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley supported commands and the available options and their
f6f4ceece41f040cc43722afa9a5cd1f54a576b6Michael Graff arguments.
f6f4ceece41f040cc43722afa9a5cd1f54a576b6Michael Graff </p>
f6f4ceece41f040cc43722afa9a5cd1f54a576b6Michael Graff<p><span><strong class="command">rndc</strong></span>
f6f4ceece41f040cc43722afa9a5cd1f54a576b6Michael Graff communicates with the name server
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley over a TCP connection, sending commands authenticated with
705a1d752e32d89efc787e1f25d51777565afbc4Bob Halley digital signatures. In the current versions of
705a1d752e32d89efc787e1f25d51777565afbc4Bob Halley <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
705a1d752e32d89efc787e1f25d51777565afbc4Bob Halley the only supported authentication algorithm is HMAC-MD5,
e61793f0865117ad87a19d6e245bea8f3b712d1bDanny Mayer which uses a shared secret on each end of the connection.
e61793f0865117ad87a19d6e245bea8f3b712d1bDanny Mayer This provides TSIG-style authentication for the command
705a1d752e32d89efc787e1f25d51777565afbc4Bob Halley request and the name server's response. All commands sent
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley over the channel must be signed by a key_id known to the
5f42ef032d72001370d8bd5cd9ea3a5d032a67c8James Brister server.
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley </p>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<p><span><strong class="command">rndc</strong></span>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley reads a configuration file to
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley determine how to contact the name server and decide what
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley algorithm and key it should use.
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley </p>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley</div>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<div class="refsect1" lang="en">
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<a name="id2611201"></a><h2>OPTIONS</h2>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<div class="variablelist"><dl>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
5f42ef032d72001370d8bd5cd9ea3a5d032a67c8James Brister<dd><p>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley Use <em class="replaceable"><code>source-address</code></em>
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley as the source address for the connection to the server.
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley Multiple instances are permitted to allow setting of both
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein the IPv4 and IPv6 source addresses.
443ad8c09c31634a21ef73794aca32594543829dMichael Graff </p></dd>
443ad8c09c31634a21ef73794aca32594543829dMichael Graff<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
443ad8c09c31634a21ef73794aca32594543829dMichael Graff<dd><p>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews Use <em class="replaceable"><code>config-file</code></em>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews as the configuration file instead of the default,
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews <code class="filename">/etc/rndc.conf</code>.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></dd>
443ad8c09c31634a21ef73794aca32594543829dMichael Graff<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<dd><p>
443ad8c09c31634a21ef73794aca32594543829dMichael Graff Use <em class="replaceable"><code>key-file</code></em>
443ad8c09c31634a21ef73794aca32594543829dMichael Graff as the key file instead of the default,
443ad8c09c31634a21ef73794aca32594543829dMichael Graff <code class="filename">/etc/rndc.key</code>. The key in
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews <code class="filename">/etc/rndc.key</code> will be used to
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews authenticate
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews does not exist.
443ad8c09c31634a21ef73794aca32594543829dMichael Graff </p></dd>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
443ad8c09c31634a21ef73794aca32594543829dMichael Graff<dd><p><em class="replaceable"><code>server</code></em> is
443ad8c09c31634a21ef73794aca32594543829dMichael Graff the name or address of the server which matches a
443ad8c09c31634a21ef73794aca32594543829dMichael Graff server statement in the configuration file for
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews <span><strong class="command">rndc</strong></span>. If no server is supplied on the
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews command line, the host named by the default-server clause
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews in the options statement of the <span><strong class="command">rndc</strong></span>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews configuration file will be used.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></dd>
443ad8c09c31634a21ef73794aca32594543829dMichael Graff<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<dd><p>
443ad8c09c31634a21ef73794aca32594543829dMichael Graff Send commands to TCP port
443ad8c09c31634a21ef73794aca32594543829dMichael Graff <em class="replaceable"><code>port</code></em>
443ad8c09c31634a21ef73794aca32594543829dMichael Graff instead
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews of BIND 9's default control channel port, 953.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews </p></dd>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<dt><span class="term">-V</span></dt>
443ad8c09c31634a21ef73794aca32594543829dMichael Graff<dd><p>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein Enable verbose logging.
d80da258e377f02f0dcd703b89a1044cc58e949fMichael Graff </p></dd>
d80da258e377f02f0dcd703b89a1044cc58e949fMichael Graff<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
d80da258e377f02f0dcd703b89a1044cc58e949fMichael Graff<dd><p>
d80da258e377f02f0dcd703b89a1044cc58e949fMichael Graff Use the key <em class="replaceable"><code>key_id</code></em>
d80da258e377f02f0dcd703b89a1044cc58e949fMichael Graff from the configuration file.
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein <em class="replaceable"><code>key_id</code></em>
79a6a33184abff1999ba13b10922ccb34a2758a5Mark Andrews must be
79a6a33184abff1999ba13b10922ccb34a2758a5Mark Andrews known by named with the same algorithm and secret string
79a6a33184abff1999ba13b10922ccb34a2758a5Mark Andrews in order for control message validation to succeed.
79a6a33184abff1999ba13b10922ccb34a2758a5Mark Andrews If no <em class="replaceable"><code>key_id</code></em>
79a6a33184abff1999ba13b10922ccb34a2758a5Mark Andrews is specified, <span><strong class="command">rndc</strong></span> will first look
79a6a33184abff1999ba13b10922ccb34a2758a5Mark Andrews for a key clause in the server statement of the server
79a6a33184abff1999ba13b10922ccb34a2758a5Mark Andrews being used, or if no server statement is present for that
9679032ec8ea97edcc993deb3d3dfcf54655cb52Bob Halley host, then the default-key clause of the options statement.
Note that the configuration file contains shared secrets
which are used to send authenticated control commands
to name servers. It should therefore not have general read
or write access.
</p></dd>
</dl></div>
<p>
For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
see the BIND 9 Administrator Reference Manual or run
<span><strong class="command">rndc</strong></span> without arguments to see its help
message.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2611972"></a><h2>LIMITATIONS</h2>
<p><span><strong class="command">rndc</strong></span>
does not yet support all the commands of
the BIND 8 <span><strong class="command">ndc</strong></span> utility.
</p>
<p>
There is currently no way to provide the shared secret for a
<code class="option">key_id</code> without using the configuration file.
</p>
<p>
Several error messages could be clearer.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2612003"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2631378"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">nsupdate</span>�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>
</td>
</tr>
</table>
</div>
</body>
</html>