man.rndc.html revision 4dea9e5971b40d3bf1d8f44704d825edd018f48e
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz - Copyright (C) 2000-2003 Internet Software Consortium.
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz - Permission to use, copy, modify, and/or distribute this software for any
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz - purpose with or without fee is hereby granted, provided that the above
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz - copyright notice and this permission notice appear in all copies.
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
4af7799ec93fe75c6db8217c54d3d0656d104534Ewaryst Schulz - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
df0d1a7e7dfff3be40c24b25318a6a07c748be20Ewaryst Schulz - PERFORMANCE OF THIS SOFTWARE.
32e0cbe45839af0ec675bcff62a34ca3709f5588Ewaryst Schulz<!-- $Id: man.rndc.html,v 1.163 2010/01/17 01:14:02 tbox Exp $ -->
97f3827decee427ef52fe8a382f159a81e2abdf1Ewaryst Schulz<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
97f3827decee427ef52fe8a382f159a81e2abdf1Ewaryst Schulz<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
df0d1a7e7dfff3be40c24b25318a6a07c748be20Ewaryst Schulz<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
1a5414972199f27756b513d5cf515e4c0d688c08Ewaryst Schulz<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
97f3827decee427ef52fe8a382f159a81e2abdf1Ewaryst Schulz<link rel="prev" href="man.nsupdate.html" title="nsupdate">
0850c3e5fb6285405ebaeb5aa433985203ac892dEwaryst Schulz<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz<table width="100%" summary="Navigation header">
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz<th width="60%" align="center">Manual pages</th>
0850c3e5fb6285405ebaeb5aa433985203ac892dEwaryst Schulz<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
4869d2d404a494368f782e3446222461be4aede2Ewaryst Schulz<a name="man.rndc"></a><div class="titlepage"></div>
8e2a5b3d7ccf6a7f03b54fbe6b410d49b9f1932cEwaryst Schulz<p><span class="application">rndc</span> — name server control utility</p>
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
a774ce07e9020c817d2f090014782429ff841870Ewaryst Schulz<p><span><strong class="command">rndc</strong></span>
a774ce07e9020c817d2f090014782429ff841870Ewaryst Schulz controls the operation of a name
6117fc946c8b1485fb143245adaf1a22686d096aEwaryst Schulz server. It supersedes the <span><strong class="command">ndc</strong></span> utility
d1fddc394ac2af87a6210e7a3504bb565d088e7aEwaryst Schulz that was provided in old BIND releases. If
a774ce07e9020c817d2f090014782429ff841870Ewaryst Schulz <span><strong class="command">rndc</strong></span> is invoked with no command line
a774ce07e9020c817d2f090014782429ff841870Ewaryst Schulz options or arguments, it prints a short summary of the
8e2a5b3d7ccf6a7f03b54fbe6b410d49b9f1932cEwaryst Schulz supported commands and the available options and their
cae4916b0844b837a4dd7e29730c56a3e26ef94dEwaryst Schulz<p><span><strong class="command">rndc</strong></span>
cae4916b0844b837a4dd7e29730c56a3e26ef94dEwaryst Schulz communicates with the name server
d1fddc394ac2af87a6210e7a3504bb565d088e7aEwaryst Schulz over a TCP connection, sending commands authenticated with
aae33d0d1a0f8174a7a704e2fdbb29482e0bf587Ewaryst Schulz digital signatures. In the current versions of
d1fddc394ac2af87a6210e7a3504bb565d088e7aEwaryst Schulz <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
aae33d0d1a0f8174a7a704e2fdbb29482e0bf587Ewaryst Schulz the only supported authentication algorithm is HMAC-MD5,
aae33d0d1a0f8174a7a704e2fdbb29482e0bf587Ewaryst Schulz which uses a shared secret on each end of the connection.
aae33d0d1a0f8174a7a704e2fdbb29482e0bf587Ewaryst Schulz This provides TSIG-style authentication for the command
a774ce07e9020c817d2f090014782429ff841870Ewaryst Schulz request and the name server's response. All commands sent
a774ce07e9020c817d2f090014782429ff841870Ewaryst Schulz over the channel must be signed by a key_id known to the
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz<p><span><strong class="command">rndc</strong></span>
a774ce07e9020c817d2f090014782429ff841870Ewaryst Schulz reads a configuration file to
a774ce07e9020c817d2f090014782429ff841870Ewaryst Schulz determine how to contact the name server and decide what
a774ce07e9020c817d2f090014782429ff841870Ewaryst Schulz algorithm and key it should use.
8e2a5b3d7ccf6a7f03b54fbe6b410d49b9f1932cEwaryst Schulz<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
6117fc946c8b1485fb143245adaf1a22686d096aEwaryst Schulz Use <em class="replaceable"><code>source-address</code></em>
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz as the source address for the connection to the server.
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz Multiple instances are permitted to allow setting of both
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz the IPv4 and IPv6 source addresses.
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz Use <em class="replaceable"><code>config-file</code></em>
6117fc946c8b1485fb143245adaf1a22686d096aEwaryst Schulz as the configuration file instead of the default,
6117fc946c8b1485fb143245adaf1a22686d096aEwaryst Schulz <code class="filename">/etc/rndc.conf</code>.
6117fc946c8b1485fb143245adaf1a22686d096aEwaryst Schulz<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz Use <em class="replaceable"><code>key-file</code></em>
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz as the key file instead of the default,
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz <code class="filename">/etc/rndc.key</code>. The key in
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz <code class="filename">/etc/rndc.key</code> will be used to
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz does not exist.
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz<dd><p><em class="replaceable"><code>server</code></em> is
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz the name or address of the server which matches a
8e2a5b3d7ccf6a7f03b54fbe6b410d49b9f1932cEwaryst Schulz server statement in the configuration file for
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz <span><strong class="command">rndc</strong></span>. If no server is supplied on the
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz command line, the host named by the default-server clause
8e2a5b3d7ccf6a7f03b54fbe6b410d49b9f1932cEwaryst Schulz in the options statement of the <span><strong class="command">rndc</strong></span>
b524978df6a89e40139f2862ad9eb6f9f5c8a1b5Ewaryst Schulz configuration file will be used.
8e2a5b3d7ccf6a7f03b54fbe6b410d49b9f1932cEwaryst Schulz<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz Send commands to TCP port
521e19185a40fc9a9e38f4d34cfe451d3a5ab2c9Ewaryst Schulz <em class="replaceable"><code>port</code></em>
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz of BIND 9's default control channel port, 953.
8e2a5b3d7ccf6a7f03b54fbe6b410d49b9f1932cEwaryst Schulz Enable verbose logging.
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
8e2a5b3d7ccf6a7f03b54fbe6b410d49b9f1932cEwaryst Schulz Use the key <em class="replaceable"><code>key_id</code></em>
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz from the configuration file.
63da71bfb4226f504944b293fb77177ebcaea7d4Ewaryst Schulz <em class="replaceable"><code>key_id</code></em>
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz known by named with the same algorithm and secret string
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz in order for control message validation to succeed.
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz If no <em class="replaceable"><code>key_id</code></em>
63da71bfb4226f504944b293fb77177ebcaea7d4Ewaryst Schulz is specified, <span><strong class="command">rndc</strong></span> will first look
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz for a key clause in the server statement of the server
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz being used, or if no server statement is present for that
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz host, then the default-key clause of the options statement.
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz Note that the configuration file contains shared secrets
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz which are used to send authenticated control commands
4af7799ec93fe75c6db8217c54d3d0656d104534Ewaryst Schulz to name servers. It should therefore not have general read
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz or write access.
28f336e639eae9e0a940a673159198d9ef4e5613Ewaryst Schulz For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
f887ef77051188d95ceb8c37f39af91fc1195137Ewaryst Schulz see the BIND 9 Administrator Reference Manual or run
97f3827decee427ef52fe8a382f159a81e2abdf1Ewaryst Schulz <span><strong class="command">rndc</strong></span> without arguments to see its help
97f3827decee427ef52fe8a382f159a81e2abdf1Ewaryst Schulz<p><span><strong class="command">rndc</strong></span>
97f3827decee427ef52fe8a382f159a81e2abdf1Ewaryst Schulz does not yet support all the commands of
f887ef77051188d95ceb8c37f39af91fc1195137Ewaryst Schulz the BIND 8 <span><strong class="command">ndc</strong></span> utility.
0850c3e5fb6285405ebaeb5aa433985203ac892dEwaryst Schulz There is currently no way to provide the shared secret for a
0850c3e5fb6285405ebaeb5aa433985203ac892dEwaryst Schulz <code class="option">key_id</code> without using the configuration file.
cae4916b0844b837a4dd7e29730c56a3e26ef94dEwaryst Schulz Several error messages could be clearer.
059f97e23beac47820b2b9c9687b94f1481bcfd8Ewaryst Schulz<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
059f97e23beac47820b2b9c9687b94f1481bcfd8Ewaryst Schulz <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
059f97e23beac47820b2b9c9687b94f1481bcfd8Ewaryst Schulz <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
059f97e23beac47820b2b9c9687b94f1481bcfd8Ewaryst Schulz <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
63da71bfb4226f504944b293fb77177ebcaea7d4Ewaryst Schulz <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
63da71bfb4226f504944b293fb77177ebcaea7d4Ewaryst Schulz <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
2a30a68404a305addb439efb2a3345ed51e7f69aEwaryst Schulz<p><span class="corpauthor">Internet Systems Consortium</span>
cae4916b0844b837a4dd7e29730c56a3e26ef94dEwaryst Schulz<table width="100%" summary="Navigation footer">
cae4916b0844b837a4dd7e29730c56a3e26ef94dEwaryst Schulz<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
cae4916b0844b837a4dd7e29730c56a3e26ef94dEwaryst Schulz<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
cae4916b0844b837a4dd7e29730c56a3e26ef94dEwaryst Schulz<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
f887ef77051188d95ceb8c37f39af91fc1195137Ewaryst Schulz<span class="application">nsupdate</span>�</td>
63da71bfb4226f504944b293fb77177ebcaea7d4Ewaryst Schulz<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
63da71bfb4226f504944b293fb77177ebcaea7d4Ewaryst Schulz<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>