man.rndc.html revision 4cfcf67f81b81fc499c95be1775f903d11c598e6
fefb8b844b6286bfc41bb2e0c4cc003b8e7d4ff2kess - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
fefb8b844b6286bfc41bb2e0c4cc003b8e7d4ff2kess - Copyright (C) 2000-2003 Internet Software Consortium.
fefb8b844b6286bfc41bb2e0c4cc003b8e7d4ff2kess - Permission to use, copy, modify, and/or distribute this software for any
fefb8b844b6286bfc41bb2e0c4cc003b8e7d4ff2kess - purpose with or without fee is hereby granted, provided that the above
5a58787efeb02a1c3f06569d019ad81fd2efa06end - copyright notice and this permission notice appear in all copies.
5a58787efeb02a1c3f06569d019ad81fd2efa06end - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
5a58787efeb02a1c3f06569d019ad81fd2efa06end - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
5a58787efeb02a1c3f06569d019ad81fd2efa06end - PERFORMANCE OF THIS SOFTWARE.
5a58787efeb02a1c3f06569d019ad81fd2efa06end<!-- $Id: man.rndc.html,v 1.181 2010/12/22 01:14:06 tbox Exp $ -->
5a58787efeb02a1c3f06569d019ad81fd2efa06end<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
3f08db06526d6901aa08c110b5bc7dde6bc39905nd<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
4be0f2d2988dc74815a5f9f4a308fbef2c29674ekess<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
4be0f2d2988dc74815a5f9f4a308fbef2c29674ekess<link rel="prev" href="man.nsupdate.html" title="nsupdate">
d05d0eb4ae6d2a5e513fc3bf2555ce33da416634nd<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
ecc5150d35c0dc5ee5119c2717e6660fa331abbftakashi<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
5a58787efeb02a1c3f06569d019ad81fd2efa06end<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf<p><span class="application">rndc</span> — name server control utility</p>
2d65870e5794cea54f4001239169a891789b7890nd<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic controls the operation of a name
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic server. It supersedes the <span><strong class="command">ndc</strong></span> utility
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic that was provided in old BIND releases. If
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic <span><strong class="command">rndc</strong></span> is invoked with no command line
fefb8b844b6286bfc41bb2e0c4cc003b8e7d4ff2kess options or arguments, it prints a short summary of the
6e14faf37935e36804b8bad802bc9dd58f3cf65dsf supported commands and the available options and their
4cb65c31bc681540ea623e1cb2bdd09749fb8d7esf arguments.
2b4e67038708a5b76abe74f381f0242421bc0012nd communicates with the name server
2b4e67038708a5b76abe74f381f0242421bc0012nd over a TCP connection, sending commands authenticated with
2b4e67038708a5b76abe74f381f0242421bc0012nd digital signatures. In the current versions of
2b4e67038708a5b76abe74f381f0242421bc0012nd <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
2b4e67038708a5b76abe74f381f0242421bc0012nd the only supported authentication algorithm is HMAC-MD5,
2b4e67038708a5b76abe74f381f0242421bc0012nd which uses a shared secret on each end of the connection.
2b4e67038708a5b76abe74f381f0242421bc0012nd This provides TSIG-style authentication for the command
2b4e67038708a5b76abe74f381f0242421bc0012nd request and the name server's response. All commands sent
6e14faf37935e36804b8bad802bc9dd58f3cf65dsf over the channel must be signed by a key_id known to the
6e14faf37935e36804b8bad802bc9dd58f3cf65dsf reads a configuration file to
6e14faf37935e36804b8bad802bc9dd58f3cf65dsf determine how to contact the name server and decide what
4cb65c31bc681540ea623e1cb2bdd09749fb8d7esf algorithm and key it should use.
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
4cb65c31bc681540ea623e1cb2bdd09749fb8d7esf Use <em class="replaceable"><code>source-address</code></em>
5a58787efeb02a1c3f06569d019ad81fd2efa06end as the source address for the connection to the server.
5a58787efeb02a1c3f06569d019ad81fd2efa06end Multiple instances are permitted to allow setting of both
5a58787efeb02a1c3f06569d019ad81fd2efa06end the IPv4 and IPv6 source addresses.
6e14faf37935e36804b8bad802bc9dd58f3cf65dsf<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
6e14faf37935e36804b8bad802bc9dd58f3cf65dsf Use <em class="replaceable"><code>config-file</code></em>
6e14faf37935e36804b8bad802bc9dd58f3cf65dsf as the configuration file instead of the default,
2d65870e5794cea54f4001239169a891789b7890nd<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
d13b6921a1ab0e823f5a028da1d5f9c83bfc75c2rbowen as the key file instead of the default,
2b4e67038708a5b76abe74f381f0242421bc0012nd <code class="filename">/etc/rndc.key</code> will be used to
2b4e67038708a5b76abe74f381f0242421bc0012nd authenticate
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf does not exist.
2b4e67038708a5b76abe74f381f0242421bc0012nd<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf<dd><p><em class="replaceable"><code>server</code></em> is
2b4e67038708a5b76abe74f381f0242421bc0012nd the name or address of the server which matches a
2b4e67038708a5b76abe74f381f0242421bc0012nd server statement in the configuration file for
2b4e67038708a5b76abe74f381f0242421bc0012nd <span><strong class="command">rndc</strong></span>. If no server is supplied on the
d13b6921a1ab0e823f5a028da1d5f9c83bfc75c2rbowen command line, the host named by the default-server clause
fefb8b844b6286bfc41bb2e0c4cc003b8e7d4ff2kess in the options statement of the <span><strong class="command">rndc</strong></span>
2d65870e5794cea54f4001239169a891789b7890nd configuration file will be used.
2b4e67038708a5b76abe74f381f0242421bc0012nd<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
2d65870e5794cea54f4001239169a891789b7890nd Send commands to TCP port
c3c006c28c5b03892ccaef6e4d2cbb15a13a2072rbowen of BIND 9's default control channel port, 953.
c3c006c28c5b03892ccaef6e4d2cbb15a13a2072rbowen Enable verbose logging.
c3c006c28c5b03892ccaef6e4d2cbb15a13a2072rbowen<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
c3c006c28c5b03892ccaef6e4d2cbb15a13a2072rbowen Use the key <em class="replaceable"><code>key_id</code></em>
c3c006c28c5b03892ccaef6e4d2cbb15a13a2072rbowen from the configuration file.
2d65870e5794cea54f4001239169a891789b7890nd known by named with the same algorithm and secret string
2d65870e5794cea54f4001239169a891789b7890nd in order for control message validation to succeed.
2d65870e5794cea54f4001239169a891789b7890nd is specified, <span><strong class="command">rndc</strong></span> will first look
2d65870e5794cea54f4001239169a891789b7890nd for a key clause in the server statement of the server
2d65870e5794cea54f4001239169a891789b7890nd being used, or if no server statement is present for that
2d65870e5794cea54f4001239169a891789b7890nd host, then the default-key clause of the options statement.
2d65870e5794cea54f4001239169a891789b7890nd Note that the configuration file contains shared secrets
2d65870e5794cea54f4001239169a891789b7890nd which are used to send authenticated control commands
2d65870e5794cea54f4001239169a891789b7890nd to name servers. It should therefore not have general read
2d65870e5794cea54f4001239169a891789b7890nd or write access.
2b4e67038708a5b76abe74f381f0242421bc0012nd For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
c3c006c28c5b03892ccaef6e4d2cbb15a13a2072rbowen see the BIND 9 Administrator Reference Manual or run
c3c006c28c5b03892ccaef6e4d2cbb15a13a2072rbowen <span><strong class="command">rndc</strong></span> without arguments to see its help
2d65870e5794cea54f4001239169a891789b7890nd does not yet support all the commands of
2d65870e5794cea54f4001239169a891789b7890nd the BIND 8 <span><strong class="command">ndc</strong></span> utility.
93ba02fbe3bb9ce8bb06af6b8ecdb88288e1c0c2covener There is currently no way to provide the shared secret for a
93ba02fbe3bb9ce8bb06af6b8ecdb88288e1c0c2covener <code class="option">key_id</code> without using the configuration file.
2d65870e5794cea54f4001239169a891789b7890nd Several error messages could be clearer.
2d65870e5794cea54f4001239169a891789b7890nd<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
2d65870e5794cea54f4001239169a891789b7890nd <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
2d65870e5794cea54f4001239169a891789b7890nd <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
5a58787efeb02a1c3f06569d019ad81fd2efa06end <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
4be0f2d2988dc74815a5f9f4a308fbef2c29674ekess <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung<p><span class="corpauthor">Internet Systems Consortium</span>