man.rndc.html revision 9b469e3c59015b1a4899c9d8395168126fe094fd
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<!--
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews -
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Permission to use, copy, modify, and distribute this software for any
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews - purpose with or without fee is hereby granted, provided that the above
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews - copyright notice and this permission notice appear in all copies.
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews -
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews - PERFORMANCE OF THIS SOFTWARE.
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver-->
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<!-- $Id: man.rndc.html,v 1.125 2009/06/12 02:48:00 tbox Exp $ -->
475b1ed9cced1f92ce34bc2e59b3065dae48f366Mark Andrews<html>
94315060c2b0d9deafabe72d6a0482405fd9d377Evan Hunt<head>
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
475b1ed9cced1f92ce34bc2e59b3065dae48f366Mark Andrews<title>rndc</title>
94315060c2b0d9deafabe72d6a0482405fd9d377Evan Hunt<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
94315060c2b0d9deafabe72d6a0482405fd9d377Evan Hunt<link rel="prev" href="man.nsupdate.html" title="nsupdate">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver</head>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<div class="navheader">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<table width="100%" summary="Navigation header">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<tr>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<td width="20%" align="left">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<th width="60%" align="center">Manual pages</th>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver</td>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver</tr>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver</table>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<hr>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver</div>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<div class="refentry" lang="en">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<a name="man.rndc"></a><div class="titlepage"></div>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<div class="refnamediv">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<h2>Name</h2>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<p><span class="application">rndc</span> &#8212; name server control utility</p>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver</div>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<div class="refsynopsisdiv">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<h2>Synopsis</h2>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver</div>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<div class="refsect1" lang="en">
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<a name="id2612589"></a><h2>DESCRIPTION</h2>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<p><span><strong class="command">rndc</strong></span>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver controls the operation of a name
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver server. It supersedes the <span><strong class="command">ndc</strong></span> utility
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver that was provided in old BIND releases. If
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver <span><strong class="command">rndc</strong></span> is invoked with no command line
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver options or arguments, it prints a short summary of the
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver supported commands and the available options and their
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver arguments.
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver </p>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<p><span><strong class="command">rndc</strong></span>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver communicates with the name server
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver over a TCP connection, sending commands authenticated with
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver digital signatures. In the current versions of
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver the only supported authentication algorithm is HMAC-MD5,
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver which uses a shared secret on each end of the connection.
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver This provides TSIG-style authentication for the command
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver request and the name server's response. All commands sent
94315060c2b0d9deafabe72d6a0482405fd9d377Evan Hunt over the channel must be signed by a key_id known to the
94315060c2b0d9deafabe72d6a0482405fd9d377Evan Hunt server.
94315060c2b0d9deafabe72d6a0482405fd9d377Evan Hunt </p>
94315060c2b0d9deafabe72d6a0482405fd9d377Evan Hunt<p><span><strong class="command">rndc</strong></span>
94315060c2b0d9deafabe72d6a0482405fd9d377Evan Hunt reads a configuration file to
94315060c2b0d9deafabe72d6a0482405fd9d377Evan Hunt determine how to contact the name server and decide what
94315060c2b0d9deafabe72d6a0482405fd9d377Evan Hunt algorithm and key it should use.
94315060c2b0d9deafabe72d6a0482405fd9d377Evan Hunt </p>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver</div>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<div class="refsect1" lang="en">
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<a name="id2612640"></a><h2>OPTIONS</h2>
7b4b6f361b2fb2291c2019b377a9c0c8e80cfd6bMark Andrews<div class="variablelist"><dl>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<dd><p>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver Use <em class="replaceable"><code>source-address</code></em>
421d4a06479e61fbdc35087f3c4abc9fe65ad72aEvan Hunt as the source address for the connection to the server.
421d4a06479e61fbdc35087f3c4abc9fe65ad72aEvan Hunt Multiple instances are permitted to allow setting of both
421d4a06479e61fbdc35087f3c4abc9fe65ad72aEvan Hunt the IPv4 and IPv6 source addresses.
421d4a06479e61fbdc35087f3c4abc9fe65ad72aEvan Hunt </p></dd>
421d4a06479e61fbdc35087f3c4abc9fe65ad72aEvan Hunt<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
421d4a06479e61fbdc35087f3c4abc9fe65ad72aEvan Hunt<dd><p>
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews Use <em class="replaceable"><code>config-file</code></em>
as the configuration file instead of the default,
<code class="filename">/etc/rndc.conf</code>.
</p></dd>
<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
<dd><p>
Use <em class="replaceable"><code>key-file</code></em>
as the key file instead of the default,
<code class="filename">/etc/rndc.key</code>. The key in
<code class="filename">/etc/rndc.key</code> will be used to
authenticate
commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
does not exist.
</p></dd>
<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
<dd><p><em class="replaceable"><code>server</code></em> is
the name or address of the server which matches a
server statement in the configuration file for
<span><strong class="command">rndc</strong></span>. If no server is supplied on the
command line, the host named by the default-server clause
in the options statement of the <span><strong class="command">rndc</strong></span>
configuration file will be used.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
<dd><p>
Send commands to TCP port
<em class="replaceable"><code>port</code></em>
instead
of BIND 9's default control channel port, 953.
</p></dd>
<dt><span class="term">-V</span></dt>
<dd><p>
Enable verbose logging.
</p></dd>
<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
<dd><p>
Use the key <em class="replaceable"><code>key_id</code></em>
from the configuration file.
<em class="replaceable"><code>key_id</code></em>
must be
known by named with the same algorithm and secret string
in order for control message validation to succeed.
If no <em class="replaceable"><code>key_id</code></em>
is specified, <span><strong class="command">rndc</strong></span> will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
host, then the default-key clause of the options statement.
Note that the configuration file contains shared secrets
which are used to send authenticated control commands
to name servers. It should therefore not have general read
or write access.
</p></dd>
</dl></div>
<p>
For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
see the BIND 9 Administrator Reference Manual or run
<span><strong class="command">rndc</strong></span> without arguments to see its help
message.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2613479"></a><h2>LIMITATIONS</h2>
<p><span><strong class="command">rndc</strong></span>
does not yet support all the commands of
the BIND 8 <span><strong class="command">ndc</strong></span> utility.
</p>
<p>
There is currently no way to provide the shared secret for a
<code class="option">key_id</code> without using the configuration file.
</p>
<p>
Several error messages could be clearer.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2613510"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2613565"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">nsupdate</span>�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>
</td>
</tr>
</table>
</div>
</body>
</html>