man.rndc.html revision 852ccdd42a71550c974111b49415204ffeca6573
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync - Copyright (C) 2000-2003 Internet Software Consortium.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync - Permission to use, copy, modify, and distribute this software for any
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync - purpose with or without fee is hereby granted, provided that the above
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync - copyright notice and this permission notice appear in all copies.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync - PERFORMANCE OF THIS SOFTWARE.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<!-- $Id: man.rndc.html,v 1.124 2009/06/10 01:12:51 tbox Exp $ -->
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<link rel="prev" href="man.nsupdate.html" title="nsupdate">
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<a name="man.rndc"></a><div class="titlepage"></div>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<p><span class="application">rndc</span> — name server control utility</p>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<p><span><strong class="command">rndc</strong></span>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync controls the operation of a name
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync server. It supersedes the <span><strong class="command">ndc</strong></span> utility
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync that was provided in old BIND releases. If
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <span><strong class="command">rndc</strong></span> is invoked with no command line
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync options or arguments, it prints a short summary of the
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync supported commands and the available options and their
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<p><span><strong class="command">rndc</strong></span>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync communicates with the name server
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync over a TCP connection, sending commands authenticated with
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync digital signatures. In the current versions of
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync the only supported authentication algorithm is HMAC-MD5,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync which uses a shared secret on each end of the connection.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync This provides TSIG-style authentication for the command
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync request and the name server's response. All commands sent
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync over the channel must be signed by a key_id known to the
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<p><span><strong class="command">rndc</strong></span>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync reads a configuration file to
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync determine how to contact the name server and decide what
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync algorithm and key it should use.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync Use <em class="replaceable"><code>source-address</code></em>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync as the source address for the connection to the server.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync Multiple instances are permitted to allow setting of both
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync the IPv4 and IPv6 source addresses.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync Use <em class="replaceable"><code>config-file</code></em>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync as the configuration file instead of the default,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync Use <em class="replaceable"><code>key-file</code></em>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync as the key file instead of the default,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <code class="filename">/etc/rndc.key</code>. The key in
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <code class="filename">/etc/rndc.key</code> will be used to
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync authenticate
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync does not exist.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<dd><p><em class="replaceable"><code>server</code></em> is
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync the name or address of the server which matches a
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync server statement in the configuration file for
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <span><strong class="command">rndc</strong></span>. If no server is supplied on the
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync command line, the host named by the default-server clause
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync in the options statement of the <span><strong class="command">rndc</strong></span>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync configuration file will be used.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync Send commands to TCP port
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync of BIND 9's default control channel port, 953.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync Enable verbose logging.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync Use the key <em class="replaceable"><code>key_id</code></em>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync from the configuration file.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync known by named with the same algorithm and secret string
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync in order for control message validation to succeed.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync If no <em class="replaceable"><code>key_id</code></em>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync is specified, <span><strong class="command">rndc</strong></span> will first look
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync for a key clause in the server statement of the server
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync being used, or if no server statement is present for that
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync host, then the default-key clause of the options statement.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync Note that the configuration file contains shared secrets
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync which are used to send authenticated control commands
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync to name servers. It should therefore not have general read
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync or write access.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync see the BIND 9 Administrator Reference Manual or run
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <span><strong class="command">rndc</strong></span> without arguments to see its help
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<p><span><strong class="command">rndc</strong></span>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync does not yet support all the commands of
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync the BIND 8 <span><strong class="command">ndc</strong></span> utility.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync There is currently no way to provide the shared secret for a
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <code class="option">key_id</code> without using the configuration file.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync Several error messages could be clearer.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<p><span class="corpauthor">Internet Systems Consortium</span>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>