doc/arm/man.rndc.html

	man.rndc.html revision 9fbbfb5757a1e3e86d7dea62c4e63ffc2303ca2b
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<!--
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz - Copyright (C) 2000-2003 Internet Software Consortium.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz -
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz - Permission to use, copy, modify, and distribute this software for any
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz - purpose with or without fee is hereby granted, provided that the above
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz - copyright notice and this permission notice appear in all copies.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz -
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz - PERFORMANCE OF THIS SOFTWARE.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz-->
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<!-- $Id: man.rndc.html,v 1.107 2009/01/21 01:12:08 tbox Exp $ -->
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<html>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<head>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe<title>rndc</title>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<link rel="prev" href="man.nsupdate.html" title="nsupdate">
7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz</head>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<div class="navheader">
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<table width="100%" summary="Navigation header">
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<tr>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<td width="20%" align="left">
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<th width="60%" align="center">Manual pages</th>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz</td>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz</tr>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz</table>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<hr>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz</div>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<div class="refentry" lang="en">
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<a name="man.rndc"></a><div class="titlepage"></div>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<div class="refnamediv">
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<h2>Name</h2>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<p><span class="application">rndc</span> &#8212; name server control utility</p>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz</div>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<div class="refsynopsisdiv">
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<h2>Synopsis</h2>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<div class="cmdsynopsis"><p><code class="command">rndc</code>  [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz</div>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<div class="refsect1" lang="en">
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<a name="id2611817"></a><h2>DESCRIPTION</h2>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<p><span><strong class="command">rndc</strong></span>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      controls the operation of a name
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      server.  It supersedes the <span><strong class="command">ndc</strong></span> utility
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      that was provided in old BIND releases.  If
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      <span><strong class="command">rndc</strong></span> is invoked with no command line
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      options or arguments, it prints a short summary of the
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      supported commands and the available options and their
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      arguments.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz    </p>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<p><span><strong class="command">rndc</strong></span>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      communicates with the name server
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      over a TCP connection, sending commands authenticated with
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      digital signatures.  In the current versions of
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      the only supported authentication algorithm is HMAC-MD5,
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      which uses a shared secret on each end of the connection.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      This provides TSIG-style authentication for the command
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      request and the name server's response.  All commands sent
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      over the channel must be signed by a key_id known to the
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      server.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz    </p>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<p><span><strong class="command">rndc</strong></span>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      reads a configuration file to
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      determine how to contact the name server and decide what
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      algorithm and key it should use.
7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe    </p>
7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe</div>
7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe<div class="refsect1" lang="en">
7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe<a name="id2611867"></a><h2>OPTIONS</h2>
7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe<div class="variablelist"><dl>
7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe<dd><p>
7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe            Use <em class="replaceable"><code>source-address</code></em>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            as the source address for the connection to the server.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            Multiple instances are permitted to allow setting of both
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            the IPv4 and IPv6 source addresses.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz          </p></dd>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<dd><p>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            Use <em class="replaceable"><code>config-file</code></em>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            as the configuration file instead of the default,
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            <code class="filename">/etc/rndc.conf</code>.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz          </p></dd>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<dd><p>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            Use <em class="replaceable"><code>key-file</code></em>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            as the key file instead of the default,
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            <code class="filename">/etc/rndc.key</code>.  The key in
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            <code class="filename">/etc/rndc.key</code> will be used to
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            authenticate
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            does not exist.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz          </p></dd>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<dd><p><em class="replaceable"><code>server</code></em> is
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            the name or address of the server which matches a
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            server statement in the configuration file for
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            <span><strong class="command">rndc</strong></span>.  If no server is supplied on the
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            command line, the host named by the default-server clause
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            in the options statement of the <span><strong class="command">rndc</strong></span>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz        configuration file will be used.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz          </p></dd>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<dd><p>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            Send commands to TCP port
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            <em class="replaceable"><code>port</code></em>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            instead
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            of BIND 9's default control channel port, 953.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz          </p></dd>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<dt><span class="term">-V</span></dt>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<dd><p>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            Enable verbose logging.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz          </p></dd>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<dd><p>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            Use the key <em class="replaceable"><code>key_id</code></em>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            from the configuration file.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            <em class="replaceable"><code>key_id</code></em>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            must be
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            known by named with the same algorithm and secret string
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            in order for control message validation to succeed.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            If no <em class="replaceable"><code>key_id</code></em>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            is specified, <span><strong class="command">rndc</strong></span> will first look
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            for a key clause in the server statement of the server
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            being used, or if no server statement is present for that
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            host, then the default-key clause of the options statement.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            Note that the configuration file contains shared secrets
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            which are used to send authenticated control commands
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            to name servers.  It should therefore not have general read
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz            or write access.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz          </p></dd>
bf56214c0556fa6864189c826d39dbe156bb22a0stevel</dl></div>
bf56214c0556fa6864189c826d39dbe156bb22a0stevel<p>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      see the BIND 9 Administrator Reference Manual or run
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      <span><strong class="command">rndc</strong></span> without arguments to see its help
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      message.
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz    </p>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz</div>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<div class="refsect1" lang="en">
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<a name="id2616257"></a><h2>LIMITATIONS</h2>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz<p><span><strong class="command">rndc</strong></span>
a4aa671e336d5c717aff15808ab91a6bee5e6e41arutz      does not yet support all the commands of
      the BIND 8 <span><strong class="command">ndc</strong></span> utility.
    </p>
<p>
      There is currently no way to provide the shared secret for a
      <code class="option">key_id</code> without using the configuration file.
    </p>
<p>
      Several error messages could be clearer.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2616288"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
      <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
      <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2616343"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">nsupdate</span>�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>
</td>
</tr>
</table>
</div>
</body>
</html>