man.rndc.html revision 71c66a876ecca77923638d3f94cc0783152b2f03
1633838b8255282d10af15c5c84cee5a51466712Bob Halley<!--
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
499b34cea04a46823d003d4c0520c8b03e8513cbBrian Wellington - Copyright (C) 2000-2003 Internet Software Consortium.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence -
1633838b8255282d10af15c5c84cee5a51466712Bob Halley - Permission to use, copy, modify, and distribute this software for any
1633838b8255282d10af15c5c84cee5a51466712Bob Halley - purpose with or without fee is hereby granted, provided that the above
1633838b8255282d10af15c5c84cee5a51466712Bob Halley - copyright notice and this permission notice appear in all copies.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence -
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
1633838b8255282d10af15c5c84cee5a51466712Bob Halley-->
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<!-- $Id: man.rndc.html,v 1.33 2006/06/29 13:03:32 marka Exp $ -->
16a68807e13caea3183a41a5292f1b3f48b81a26Mark Andrews<html>
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence<head>
d25afd60ee2286cb171c4960a790f3d7041b6f85Bob Halley<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
d25afd60ee2286cb171c4960a790f3d7041b6f85Bob Halley<title>rndc</title>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<link rel="prev" href="man.named.html" title="named">
16a68807e13caea3183a41a5292f1b3f48b81a26Mark Andrews<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley</head>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence<div class="navheader">
7df0472d8a76c83d2137bd9549414a30787d58cfBrian Wellington<table width="100%" summary="Navigation header">
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson<tr>
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson<td width="20%" align="left">
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<a accesskey="p" href="man.named.html">Prev</a>�</td>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<th width="60%" align="center">Manual pages</th>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley</td>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley</tr>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley</table>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley<hr>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley</div>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<div class="refentry" lang="en">
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<a name="man.rndc"></a><div class="titlepage"></div>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<div class="refnamediv">
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley<h2>Name</h2>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<p><span class="application">rndc</span> &#8212; name server control utility</p>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley</div>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley<div class="refsynopsisdiv">
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<h2>Synopsis</h2>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley</div>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley<div class="refsect1" lang="en">
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<a name="id2608525"></a><h2>DESCRIPTION</h2>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley<p><span><strong class="command">rndc</strong></span>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley controls the operation of a name
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley server. It supersedes the <span><strong class="command">ndc</strong></span> utility
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley that was provided in old BIND releases. If
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley <span><strong class="command">rndc</strong></span> is invoked with no command line
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley options or arguments, it prints a short summary of the
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley supported commands and the available options and their
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley arguments.
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley </p>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<p><span><strong class="command">rndc</strong></span>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley communicates with the name server
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley over a TCP connection, sending commands authenticated with
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley digital signatures. In the current versions of
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span> named
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley the only supported authentication algorithm is HMAC-MD5,
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley which uses a shared secret on each end of the connection.
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley This provides TSIG-style authentication for the command
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley request and the name server's response. All commands sent
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley over the channel must be signed by a key_id known to the
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley server.
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley </p>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley<p><span><strong class="command">rndc</strong></span>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley reads a configuration file to
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley determine how to contact the name server and decide what
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley algorithm and key it should use.
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley </p>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley</div>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<div class="refsect1" lang="en">
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley<a name="id2608576"></a><h2>OPTIONS</h2>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley<div class="variablelist"><dl>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<dd><p>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley Use <em class="replaceable"><code>source-address</code></em>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley as the source address for the connection to the server.
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley Multiple instances are permitted to allow setting of both
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley the IPv4 and IPv6 source addresses.
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley </p></dd>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
f74b7e5aae8b915055868c93a73cbf3ed7b9975fBob Halley<dd><p>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley Use <em class="replaceable"><code>config-file</code></em>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley as the configuration file instead of the default,
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley <code class="filename">/etc/rndc.conf</code>.
d2cb9efe818c389c6ef7131ae2e8bfa8998292d5Bob Halley </p></dd>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<dd><p>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley Use <em class="replaceable"><code>key-file</code></em>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley as the key file instead of the default,
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley <code class="filename">/etc/rndc.key</code>. The key in
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley <code class="filename">/etc/rndc.key</code> will be used to
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley authenticate
d2cb9efe818c389c6ef7131ae2e8bfa8998292d5Bob Halley commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
d2cb9efe818c389c6ef7131ae2e8bfa8998292d5Bob Halley does not exist.
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley </p></dd>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley<dd><p><em class="replaceable"><code>server</code></em> is
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley the name or address of the server which matches a
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley server statement in the configuration file for
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley <span><strong class="command">rndc</strong></span>. If no server is supplied on
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley the
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley command line, the host named by the default-server clause
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley in the option statement of the configuration file will be
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley used.
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley </p></dd>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<dd><p>
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley Send commands to TCP port
1d9b3491ab3216c8f278dd821455a7a3b08ddfeeBob Halley <em class="replaceable"><code>port</code></em>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley instead
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley of BIND 9's default control channel port, 953.
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley </p></dd>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<dt><span class="term">-V</span></dt>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley<dd><p>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley Enable verbose logging.
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley </p></dd>
f74b7e5aae8b915055868c93a73cbf3ed7b9975fBob Halley<dt><span class="term">-y <em class="replaceable"><code>keyid</code></em></span></dt>
f74b7e5aae8b915055868c93a73cbf3ed7b9975fBob Halley<dd><p>
c8e746024262935879c7156b2e7bde3df2f69ff5Bob Halley Use the key <em class="replaceable"><code>keyid</code></em>
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson from the configuration file.
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson <em class="replaceable"><code>keyid</code></em>
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson must be
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson known by named with the same algorithm and secret string
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson in order for control message validation to succeed.
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson If no <em class="replaceable"><code>keyid</code></em>
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson is specified, <span><strong class="command">rndc</strong></span> will first look
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson for a key clause in the server statement of the server
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson being used, or if no server statement is present for that
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson host, then the default-key clause of the options statement.
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson Note that the configuration file contains shared secrets
38db29905134d812882c1fe41ce36a697c603ffaAndreas Gustafsson which are used to send authenticated control commands
to name servers. It should therefore not have general read
or write access.
</p></dd>
</dl></div>
<p>
For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
see the BIND 9 Administrator Reference Manual or run
<span><strong class="command">rndc</strong></span> without arguments to see its help
message.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2608999"></a><h2>LIMITATIONS</h2>
<p><span><strong class="command">rndc</strong></span>
does not yet support all the commands of
the BIND 8 <span><strong class="command">ndc</strong></span> utility.
</p>
<p>
There is currently no way to provide the shared secret for a
<code class="option">key_id</code> without using the configuration file.
</p>
<p>
Several error messages could be clearer.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2609030"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>
<span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2609077"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.named.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top"><span class="application">named</span>�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code></td>
</tr>
</table>
</div>
</body>
</html>