91934be261c16d036521379306a74b0991720e67joncruz<html>

91934be261c16d036521379306a74b0991720e67joncruz<head>

91934be261c16d036521379306a74b0991720e67joncruz<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

91934be261c16d036521379306a74b0991720e67joncruz<title>rndc</title>

f10eb2c8e53724d2e6055b539da14e65aaa843c3dvlierop<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

1dcc408c2579584fcea4bd1602f7c8d41c27dfb8dvlierop<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

91934be261c16d036521379306a74b0991720e67joncruz<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">

91934be261c16d036521379306a74b0991720e67joncruz<link rel="prev" href="man.nsupdate.html" title="nsupdate">

91934be261c16d036521379306a74b0991720e67joncruz<link rel="next" href="man.rndc.conf.html" title="rndc.conf">

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen</head>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<div class="navheader">

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<table width="100%" summary="Navigation header">

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<tr>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<td width="20%" align="left">

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<th width="60%" align="center">Manual pages</th>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen</td>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm</tr>

4852f347df5405e934e2ccd5b30597d196f3949ctweenk</table>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<hr>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen</div>

91934be261c16d036521379306a74b0991720e67joncruz<div class="refentry" lang="en">

91934be261c16d036521379306a74b0991720e67joncruz<a name="man.rndc"></a><div class="titlepage"></div>

91934be261c16d036521379306a74b0991720e67joncruz<div class="refnamediv">

91934be261c16d036521379306a74b0991720e67joncruz<h2>Name</h2>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm<p><span class="application">rndc</span> &#8212; name server control utility</p>

91934be261c16d036521379306a74b0991720e67joncruz</div>

91934be261c16d036521379306a74b0991720e67joncruz<div class="refsynopsisdiv">

91934be261c16d036521379306a74b0991720e67joncruz<h2>Synopsis</h2>

91934be261c16d036521379306a74b0991720e67joncruz<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>

91934be261c16d036521379306a74b0991720e67joncruz</div>

91934be261c16d036521379306a74b0991720e67joncruz<div class="refsect1" lang="en">

91934be261c16d036521379306a74b0991720e67joncruz<a name="id2654278"></a><h2>DESCRIPTION</h2>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p><span><strong class="command">rndc</strong></span>

91934be261c16d036521379306a74b0991720e67joncruz controls the operation of a name

91934be261c16d036521379306a74b0991720e67joncruz server. It supersedes the <span><strong class="command">ndc</strong></span> utility

91934be261c16d036521379306a74b0991720e67joncruz that was provided in old BIND releases. If

91934be261c16d036521379306a74b0991720e67joncruz <span><strong class="command">rndc</strong></span> is invoked with no command line

91934be261c16d036521379306a74b0991720e67joncruz options or arguments, it prints a short summary of the

91934be261c16d036521379306a74b0991720e67joncruz supported commands and the available options and their

91934be261c16d036521379306a74b0991720e67joncruz arguments.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm<p><span><strong class="command">rndc</strong></span>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm communicates with the name server over a TCP connection, sending

91934be261c16d036521379306a74b0991720e67joncruz commands authenticated with digital signatures. In the current

91934be261c16d036521379306a74b0991720e67joncruz versions of

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen the only supported authentication algorithms are HMAC-MD5

91934be261c16d036521379306a74b0991720e67joncruz (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256

91934be261c16d036521379306a74b0991720e67joncruz (default), HMAC-SHA384 and HMAC-SHA512.

91934be261c16d036521379306a74b0991720e67joncruz They use a shared secret on each end of the connection.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen This provides TSIG-style authentication for the command

2748588ecde62686a15c24a597507dbf8a13782bbuliabyak request and the name server's response. All commands sent

91934be261c16d036521379306a74b0991720e67joncruz over the channel must be signed by a key_id known to the

91934be261c16d036521379306a74b0991720e67joncruz server.

91934be261c16d036521379306a74b0991720e67joncruz </p>

91934be261c16d036521379306a74b0991720e67joncruz<p><span><strong class="command">rndc</strong></span>

91934be261c16d036521379306a74b0991720e67joncruz reads a configuration file to

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen determine how to contact the name server and decide what

91934be261c16d036521379306a74b0991720e67joncruz algorithm and key it should use.

91934be261c16d036521379306a74b0991720e67joncruz </p>

91934be261c16d036521379306a74b0991720e67joncruz</div>

91934be261c16d036521379306a74b0991720e67joncruz<div class="refsect1" lang="en">

91934be261c16d036521379306a74b0991720e67joncruz<a name="id2654328"></a><h2>OPTIONS</h2>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<div class="variablelist"><dl>

91934be261c16d036521379306a74b0991720e67joncruz<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>

91934be261c16d036521379306a74b0991720e67joncruz<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Use <em class="replaceable"><code>source-address</code></em>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm as the source address for the connection to the server.

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm Multiple instances are permitted to allow setting of both

91934be261c16d036521379306a74b0991720e67joncruz the IPv4 and IPv6 source addresses.

91934be261c16d036521379306a74b0991720e67joncruz </p></dd>

91934be261c16d036521379306a74b0991720e67joncruz<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>

91934be261c16d036521379306a74b0991720e67joncruz<dd><p>

91934be261c16d036521379306a74b0991720e67joncruz Use <em class="replaceable"><code>config-file</code></em>

91934be261c16d036521379306a74b0991720e67joncruz as the configuration file instead of the default,

91934be261c16d036521379306a74b0991720e67joncruz <code class="filename">/etc/rndc.conf</code>.

91934be261c16d036521379306a74b0991720e67joncruz </p></dd>

91934be261c16d036521379306a74b0991720e67joncruz<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>

91934be261c16d036521379306a74b0991720e67joncruz<dd><p>

91934be261c16d036521379306a74b0991720e67joncruz Use <em class="replaceable"><code>key-file</code></em>

91934be261c16d036521379306a74b0991720e67joncruz as the key file instead of the default,

91934be261c16d036521379306a74b0991720e67joncruz <code class="filename">/etc/rndc.key</code>. The key in

91934be261c16d036521379306a74b0991720e67joncruz <code class="filename">/etc/rndc.key</code> will be used to

91934be261c16d036521379306a74b0991720e67joncruz authenticate

91934be261c16d036521379306a74b0991720e67joncruz commands sent to the server if the <em class="replaceable"><code>config-file</code></em>

91934be261c16d036521379306a74b0991720e67joncruz does not exist.

91934be261c16d036521379306a74b0991720e67joncruz </p></dd>

91934be261c16d036521379306a74b0991720e67joncruz<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>

91934be261c16d036521379306a74b0991720e67joncruz<dd><p><em class="replaceable"><code>server</code></em> is

91934be261c16d036521379306a74b0991720e67joncruz the name or address of the server which matches a

91934be261c16d036521379306a74b0991720e67joncruz server statement in the configuration file for

91934be261c16d036521379306a74b0991720e67joncruz <span><strong class="command">rndc</strong></span>. If no server is supplied on the

91934be261c16d036521379306a74b0991720e67joncruz command line, the host named by the default-server clause

91934be261c16d036521379306a74b0991720e67joncruz in the options statement of the <span><strong class="command">rndc</strong></span>

91934be261c16d036521379306a74b0991720e67joncruz configuration file will be used.

91934be261c16d036521379306a74b0991720e67joncruz </p></dd>

91934be261c16d036521379306a74b0991720e67joncruz<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>

91934be261c16d036521379306a74b0991720e67joncruz<dd><p>

91934be261c16d036521379306a74b0991720e67joncruz Send commands to TCP port

91934be261c16d036521379306a74b0991720e67joncruz <em class="replaceable"><code>port</code></em>

91934be261c16d036521379306a74b0991720e67joncruz instead

91934be261c16d036521379306a74b0991720e67joncruz of BIND 9's default control channel port, 953.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

91934be261c16d036521379306a74b0991720e67joncruz<dt><span class="term">-V</span></dt>

91934be261c16d036521379306a74b0991720e67joncruz<dd><p>

91934be261c16d036521379306a74b0991720e67joncruz Enable verbose logging.

91934be261c16d036521379306a74b0991720e67joncruz </p></dd>

91934be261c16d036521379306a74b0991720e67joncruz<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>

91934be261c16d036521379306a74b0991720e67joncruz<dd><p>

91934be261c16d036521379306a74b0991720e67joncruz Use the key <em class="replaceable"><code>key_id</code></em>

91934be261c16d036521379306a74b0991720e67joncruz from the configuration file.

91934be261c16d036521379306a74b0991720e67joncruz <em class="replaceable"><code>key_id</code></em>

91934be261c16d036521379306a74b0991720e67joncruz must be

91934be261c16d036521379306a74b0991720e67joncruz known by named with the same algorithm and secret string

91934be261c16d036521379306a74b0991720e67joncruz in order for control message validation to succeed.

91934be261c16d036521379306a74b0991720e67joncruz If no <em class="replaceable"><code>key_id</code></em>

91934be261c16d036521379306a74b0991720e67joncruz is specified, <span><strong class="command">rndc</strong></span> will first look

91934be261c16d036521379306a74b0991720e67joncruz for a key clause in the server statement of the server

2748588ecde62686a15c24a597507dbf8a13782bbuliabyak being used, or if no server statement is present for that

91934be261c16d036521379306a74b0991720e67joncruz host, then the default-key clause of the options statement.

91934be261c16d036521379306a74b0991720e67joncruz Note that the configuration file contains shared secrets

91934be261c16d036521379306a74b0991720e67joncruz which are used to send authenticated control commands

91934be261c16d036521379306a74b0991720e67joncruz to name servers. It should therefore not have general read

91934be261c16d036521379306a74b0991720e67joncruz or write access.

91934be261c16d036521379306a74b0991720e67joncruz </p></dd>

91934be261c16d036521379306a74b0991720e67joncruz</dl></div>

91934be261c16d036521379306a74b0991720e67joncruz</div>

91934be261c16d036521379306a74b0991720e67joncruz<div class="refsect1" lang="en">

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<a name="id2654537"></a><h2>COMMANDS</h2>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen A list of commands supported by <span><strong class="command">rndc</strong></span> can

91934be261c16d036521379306a74b0991720e67joncruz be seen by running <span><strong class="command">rndc</strong></span> without arguments.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Currently supported commands are:

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<div class="variablelist"><dl>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Reload configuration file and zones.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

e750fb8e7d6b8896903a14f2f45c54177f02bd2epjrm Reload the given zone.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Schedule zone maintenance for the given zone.

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm<dd>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm<p>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm Retransfer the given slave zone from the master server.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm<p>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm If the zone is configured to use

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">inline-signing</strong></span>, the signed

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen version of the zone is discarded; after the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen retransfer of the unsigned version is complete, the

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm signed version will be regenerated with all new

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm signatures.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen</dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>sign <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm<dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Fetch all DNSSEC keys for the given zone

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen from the key directory (see the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">key-directory</strong></span> option in

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen the BIND 9 Administrator Reference Manual). If they are within

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen their publication period, merge them into the

c099a73a820051490fe3afe6cd0b5731b8057e92johanengelen zone's DNSKEY RRset. If the DNSKEY RRset

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen is changed, then the zone is automatically

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen re-signed with the new key set.

4852f347df5405e934e2ccd5b30597d196f3949ctweenk </p>

4852f347df5405e934e2ccd5b30597d196f3949ctweenk<p>

e334a9248cda8b3a5480a5c2079959a7aa6caf2ejohanengelen This command requires that the

e334a9248cda8b3a5480a5c2079959a7aa6caf2ejohanengelen <span><strong class="command">auto-dnssec</strong></span> zone option be set

4852f347df5405e934e2ccd5b30597d196f3949ctweenk to <code class="literal">allow</code> or

4852f347df5405e934e2ccd5b30597d196f3949ctweenk <code class="literal">maintain</code>,

4852f347df5405e934e2ccd5b30597d196f3949ctweenk and also requires the zone to be configured to

4852f347df5405e934e2ccd5b30597d196f3949ctweenk allow dynamic DNS.

4852f347df5405e934e2ccd5b30597d196f3949ctweenk (See "Dynamic Update Policies" in the Administrator

4852f347df5405e934e2ccd5b30597d196f3949ctweenk Reference Manual for more details.)

4852f347df5405e934e2ccd5b30597d196f3949ctweenk </p>

4852f347df5405e934e2ccd5b30597d196f3949ctweenk</dd>

e334a9248cda8b3a5480a5c2079959a7aa6caf2ejohanengelen<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Fetch all DNSSEC keys for the given zone

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen from the key directory. If they are within

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen their publication period, merge them into the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen zone's DNSKEY RRset. Unlike <span><strong class="command">rndc

f38d1b851669bf0fa14a2ca67d9bde7d3fb2dc9bdvlierop sign</strong></span>, however, the zone is not

ab231f6c4e3a9e2fefe075c6e32f6773af9f2440johanengelen immediately re-signed by the new keys, but is

ab231f6c4e3a9e2fefe075c6e32f6773af9f2440johanengelen allowed to incrementally re-sign over time.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen This command requires that the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">auto-dnssec</strong></span> zone option

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm be set to <code class="literal">maintain</code>,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen and also requires the zone to be configured to

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen allow dynamic DNS.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen (See "Dynamic Update Policies" in the Administrator

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Reference Manual for more details.)

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

e750fb8e7d6b8896903a14f2f45c54177f02bd2epjrm</dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>freeze [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Suspend updates to a dynamic zone. If no zone is

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen specified, then all zones are suspended. This allows

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen manual edits to be made to a zone normally updated by

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen dynamic update. It also causes changes in the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen journal file to be synced into the master file.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen All dynamic update attempts will be refused while

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen the zone is frozen.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>thaw [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Enable updates to a frozen dynamic zone. If no

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen zone is specified, then all frozen zones are

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen enabled. This causes the server to reload the zone

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen from disk, and re-enables dynamic updates after the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen load has completed. After a zone is thawed,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen dynamic updates will no longer be refused. If

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen the zone has changed and the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">ixfr-from-differences</strong></span> option is

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen in use, then the journal file will be updated to

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen reflect changes in the zone. Otherwise, if the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen zone has changed, any existing journal file will be

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen removed.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>scan</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Scan the list of available network interfaces

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen for changes, without performing a full

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">reconfig</strong></span> or waiting for the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">interface-interval</strong></span> timer.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>sync [<span class="optional">-clean</span>] [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Sync changes in the journal file for a dynamic zone

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen to the master file. If the "-clean" option is

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen specified, the journal file is also removed. If

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen no zone is specified, then all zones are synced.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Resend NOTIFY messages for the zone.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Reload the configuration file and load new zones,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen but do not reload existing zone files even if they

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen have changed.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen This is faster than a full <span><strong class="command">reload</strong></span> when there

e750fb8e7d6b8896903a14f2f45c54177f02bd2epjrm is a large number of zones because it avoids the need

91934be261c16d036521379306a74b0991720e67joncruz to examine the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen modification times of the zones files.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>zonestatus [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Displays the current status of the given zone,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen including the master file name and any include

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen files from which it was loaded, when it was most

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen recently loaded, the current serial number, the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen number of nodes, whether the zone supports

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen dynamic updates, whether the zone is DNSSEC

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen signed, whether it uses automatic DNSSEC key

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen management or inline signing, and the scheduled

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen refresh or expiry times for the zone.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Write server statistics to the statistics file.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional">on|off</span>] </span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

e750fb8e7d6b8896903a14f2f45c54177f02bd2epjrm Enable or disable query logging. (For backward

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen compatibility, this command can also be used without

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen an argument to toggle query logging on and off.)

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Query logging can also be enabled

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen by explicitly directing the <span><strong class="command">queries</strong></span>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">category</strong></span> to a

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">channel</strong></span> in the

91934be261c16d036521379306a74b0991720e67joncruz <span><strong class="command">logging</strong></span> section of

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <code class="filename">named.conf</code> or by specifying

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">querylog yes;</strong></span> in the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">options</strong></span> section of

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <code class="filename">named.conf</code>.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen</dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zone</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Dump the server's caches (default) and/or zones to

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen dump file for the specified views. If no view is

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen specified, all

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen views are dumped.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>secroots [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Dump the server's security roots to the secroots

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen file for the specified views. If no view is

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen specified, security roots for all

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen views are dumped.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Stop the server, making sure any recent changes

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen made through dynamic update or IXFR are first saved to

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen the master files of the updated zones.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen This allows an external process to determine when <span><strong class="command">named</strong></span>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen had completed stopping.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Stop the server immediately. Recent changes

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen made through dynamic update or IXFR are not saved to

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen the master files, but will be rolled forward from the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen journal files when the server is restarted.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen This allows an external process to determine when <span><strong class="command">named</strong></span>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen had completed halting.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>

1ed822fb016bc35dbe5bd8601ed2bca74ff8cf60johanengelen<dd><p>

1ed822fb016bc35dbe5bd8601ed2bca74ff8cf60johanengelen Increment the servers debugging level by one.

1ed822fb016bc35dbe5bd8601ed2bca74ff8cf60johanengelen </p></dd>

1ed822fb016bc35dbe5bd8601ed2bca74ff8cf60johanengelen<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>

84e5676034b77e63dbc43746cec0a8b48fd06f7cjohanengelen<dd><p>

00583082bf04dd7fd1729bee6489a97b2b56e4bcdvlierop Sets the server's debugging level to an explicit

00583082bf04dd7fd1729bee6489a97b2b56e4bcdvlierop value.

1ed822fb016bc35dbe5bd8601ed2bca74ff8cf60johanengelen </p></dd>

1ed822fb016bc35dbe5bd8601ed2bca74ff8cf60johanengelen<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>

02c3f3ebde37bbc650b2e8eb951e7037ed714360johanengelen<dd><p>

02c3f3ebde37bbc650b2e8eb951e7037ed714360johanengelen Sets the server's debugging level to 0.

02c3f3ebde37bbc650b2e8eb951e7037ed714360johanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Flushes the server's cache.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>] </span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Flushes the given name from the server's DNS cache

d4d3b624d2d4a01877a37cbb3ec36279d6396e91joncruz and, if applicable, from the server's nameserver address

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen database or bad-server cache.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>flushtree</code></strong> [<span class="optional">-all</span>] <em class="replaceable"><code>name</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>] </span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Flushes the given name, and all of its subdomains,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen from the server's DNS cache, the address database,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen and the bad server cache.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p></dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd><p>

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen Display status of the server.

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen and the default <span><strong class="command">/IN</strong></span>

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen hint zone if there is not an

c2057a738f9ea8cb7acdeb1feb69cef5b0d4bc56johanengelen explicit root zone configured.

c2057a738f9ea8cb7acdeb1feb69cef5b0d4bc56johanengelen </p></dd>

c2057a738f9ea8cb7acdeb1feb69cef5b0d4bc56johanengelen<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen<dd><p>

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen Dump the list of queries <span><strong class="command">named</strong></span> is currently recursing

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen on.

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen </p></dd>

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen<dt><span class="term"><strong class="userinput"><code>validation ( on | off | check ) [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>] </code></strong></span></dt>

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen<dd><p>

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen Enable, disable, or check the current status of

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen DNSSEC validation.

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen Note <span><strong class="command">dnssec-enable</strong></span> also needs to be

c2057a738f9ea8cb7acdeb1feb69cef5b0d4bc56johanengelen set to <strong class="userinput"><code>yes</code></strong> or

c2057a738f9ea8cb7acdeb1feb69cef5b0d4bc56johanengelen <strong class="userinput"><code>auto</code></strong> to be effective.

c2057a738f9ea8cb7acdeb1feb69cef5b0d4bc56johanengelen It defaults to enabled.

c2057a738f9ea8cb7acdeb1feb69cef5b0d4bc56johanengelen </p></dd>

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b<dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt>

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b<dd><p>

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b List the names of all TSIG keys currently configured

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b for use by <span><strong class="command">named</strong></span> in each view. The

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b list both statically configured keys and dynamic

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b TKEY-negotiated keys.

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b </p></dd>

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b<dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong> <em class="replaceable"><code>keyname</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt>

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b<dd><p>

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b Delete a given TKEY-negotiated key from the server.

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b (This does not apply to statically configured TSIG

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b keys.)

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen </p></dd>

07916b4c23e70df45383ea8348cf817c1d029083mental<dt><span class="term"><strong class="userinput"><code>addzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] <em class="replaceable"><code>configuration</code></em> </code></strong></span></dt>

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen<dd>

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen<p>

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen Add a zone while the server is running. This

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen command requires the

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen <span><strong class="command">allow-new-zones</strong></span> option to be set

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen to <strong class="userinput"><code>yes</code></strong>. The

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen <em class="replaceable"><code>configuration</code></em> string

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen specified on the command line is the zone

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen configuration text that would ordinarily be

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen placed in <code class="filename">named.conf</code>.

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen </p>

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen<p>

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen The configuration is saved in a file called

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen <code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>,

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen where <em class="replaceable"><code>hash</code></em> is a

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen cryptographic hash generated from the name of

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen the view. When <span><strong class="command">named</strong></span> is

c2057a738f9ea8cb7acdeb1feb69cef5b0d4bc56johanengelen restarted, the file will be loaded into the view

c2057a738f9ea8cb7acdeb1feb69cef5b0d4bc56johanengelen configuration, so that zones that were added

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b can persist after a restart.

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen </p>

ea8910e53270b7bd85bd9234186bcf7c4fdd4739gustav_b<p>

a00d0714a57eef2a5d1c5dcc7d4c57885b393180johanengelen This sample <span><strong class="command">addzone</strong></span> command

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen would add the zone <code class="literal">example.com</code>

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen to the default view:

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen </p>

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen<p>

f4ab745a2deea8393eea28220acc073a973f225djohanengelen<code class="prompt">$ </code><strong class="userinput"><code>rndc addzone example.com '{ type master; file "example.com.db"; };'</code></strong>

f4ab745a2deea8393eea28220acc073a973f225djohanengelen </p>

f4ab745a2deea8393eea28220acc073a973f225djohanengelen<p>

f4ab745a2deea8393eea28220acc073a973f225djohanengelen (Note the brackets and semi-colon around the zone

f4ab745a2deea8393eea28220acc073a973f225djohanengelen configuration text.)

f4ab745a2deea8393eea28220acc073a973f225djohanengelen </p>

f4ab745a2deea8393eea28220acc073a973f225djohanengelen</dd>

f4ab745a2deea8393eea28220acc073a973f225djohanengelen<dt><span class="term"><strong class="userinput"><code>delzone [<span class="optional">-clean</span>] <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt>

f4ab745a2deea8393eea28220acc073a973f225djohanengelen<dd>

f4ab745a2deea8393eea28220acc073a973f225djohanengelen<p>

f4ab745a2deea8393eea28220acc073a973f225djohanengelen Delete a zone while the server is running.

f4ab745a2deea8393eea28220acc073a973f225djohanengelen Only zones that were originally added via

f4ab745a2deea8393eea28220acc073a973f225djohanengelen <span><strong class="command">rndc addzone</strong></span> can be deleted

f4ab745a2deea8393eea28220acc073a973f225djohanengelen in this manner.

f4ab745a2deea8393eea28220acc073a973f225djohanengelen </p>

f4ab745a2deea8393eea28220acc073a973f225djohanengelen<p>

f4ab745a2deea8393eea28220acc073a973f225djohanengelen If the <code class="option">-clean</code> is specified,

f4ab745a2deea8393eea28220acc073a973f225djohanengelen the zone's master file (and journal file, if any)

f4ab745a2deea8393eea28220acc073a973f225djohanengelen will be deleted along with the zone. Without the

f4ab745a2deea8393eea28220acc073a973f225djohanengelen <code class="option">-clean</code> option, zone files must

f4ab745a2deea8393eea28220acc073a973f225djohanengelen be cleaned up by hand. (If the zone is of

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen type "slave" or "stub", the files needing to

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen be cleaned up will be reported in the output

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen of the <span><strong class="command">rndc delzone</strong></span> command.)

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen</dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dt><span class="term"><strong class="userinput"><code>signing [<span class="optional">( -list | -clear <em class="replaceable"><code>keyid/algorithm</code></em> | -clear <code class="literal">all</code> | -nsec3param ( <em class="replaceable"><code>parameters</code></em> | <code class="literal">none</code> ) ) </span>] <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen List, edit, or remove the DNSSEC signing state records

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen for the specified zone. The status of ongoing DNSSEC

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen operations (such as signing or generating

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen NSEC3 chains) is stored in the zone in the form

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen of DNS resource records of type

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">sig-signing-type</strong></span>.

1ed822fb016bc35dbe5bd8601ed2bca74ff8cf60johanengelen <span><strong class="command">rndc signing -list</strong></span> converts

00583082bf04dd7fd1729bee6489a97b2b56e4bcdvlierop these records into a human-readable form,

84e5676034b77e63dbc43746cec0a8b48fd06f7cjohanengelen indicating which keys are currently signing

00583082bf04dd7fd1729bee6489a97b2b56e4bcdvlierop or have finished signing the zone, and which NSEC3

1ed822fb016bc35dbe5bd8601ed2bca74ff8cf60johanengelen chains are being created or removed.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">rndc signing -clear</strong></span> can remove

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen a single key (specified in the same format that

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">rndc signing -list</strong></span> uses to

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen display it), or all keys. In either case, only

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen completed keys are removed; any record indicating

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen that a key has not yet finished signing the zone

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen will be retained.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">rndc signing -nsec3param</strong></span> sets

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen the NSEC3 parameters for a zone. This is the

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen only supported mechanism for using NSEC3 with

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">inline-signing</strong></span> zones.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Parameters are specified in the same format as

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen an NSEC3PARAM resource record: hash algorithm,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen flags, iterations, and salt, in that order.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Currently, the only defined value for hash algorithm

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen is <code class="literal">1</code>, representing SHA-1.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen The <code class="option">flags</code> may be set to

7073d105e612f7dc898c292742bee9655d2a51b2johanengelen <code class="literal">0</code> or <code class="literal">1</code>,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen depending on whether you wish to set the opt-out

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen bit in the NSEC3 chain. <code class="option">iterations</code>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen defines the number of additional times to apply

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen the algorithm when generating an NSEC3 hash. The

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <code class="option">salt</code> is a string of data expressed

d4d3b624d2d4a01877a37cbb3ec36279d6396e91joncruz in hexadecimal, or a hyphen (`-') if no salt is

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen to be used.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm So, for example, to create an NSEC3 chain using

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen the SHA-1 hash algorithm, no opt-out flag,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen 10 iterations, and a salt value of "FFFF", use:

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">rndc signing -nsec3param 1 0 10 FFFF <em class="replaceable"><code>zone</code></em></strong></span>.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen To set the opt-out flag, 15 iterations, and no

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen salt, use:

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">rndc signing -nsec3param 1 1 15 - <em class="replaceable"><code>zone</code></em></strong></span>.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span><strong class="command">rndc signing -nsec3param none</strong></span>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen removes an existing NSEC3 chain and replaces it

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen with NSEC.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen</dd>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen</dl></div>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen</div>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<div class="refsect1" lang="en">

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<a name="id2691146"></a><h2>LIMITATIONS</h2>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen There is currently no way to provide the shared secret for a

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <code class="option">key_id</code> without using the configuration file.

3f7b86f89de6d88cb67407ca642e30658d5c0adejohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen Several error messages could be clearer.

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen </p>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen</div>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<div class="refsect1" lang="en">

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<a name="id2691164"></a><h2>SEE ALSO</h2>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen <em class="citetitle">BIND 9 Administrator Reference Manual</em>.

1b9ffafb34ae318f35758f017fa89e913ecb29d2johanengelen </p>

4852f347df5405e934e2ccd5b30597d196f3949ctweenk</div>

1b9ffafb34ae318f35758f017fa89e913ecb29d2johanengelen<div class="refsect1" lang="en">

4852f347df5405e934e2ccd5b30597d196f3949ctweenk<a name="id2691220"></a><h2>AUTHOR</h2>

1b9ffafb34ae318f35758f017fa89e913ecb29d2johanengelen<p><span class="corpauthor">Internet Systems Consortium</span>

1b9ffafb34ae318f35758f017fa89e913ecb29d2johanengelen </p>

1b9ffafb34ae318f35758f017fa89e913ecb29d2johanengelen</div>

1b9ffafb34ae318f35758f017fa89e913ecb29d2johanengelen</div>

1b9ffafb34ae318f35758f017fa89e913ecb29d2johanengelen<div class="navfooter">

1b9ffafb34ae318f35758f017fa89e913ecb29d2johanengelen<hr>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm<table width="100%" summary="Navigation footer">

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm<tr>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm<td width="40%" align="left">

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>

208e5a33acc4a8ad9d8c0488f047c260346f1258pjrm<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>

91934be261c16d036521379306a74b0991720e67joncruz<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>

91934be261c16d036521379306a74b0991720e67joncruz</td>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen</tr>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<tr>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<td width="40%" align="left" valign="top">

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen<span class="application">nsupdate</span>�</td>

91934be261c16d036521379306a74b0991720e67joncruz<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

91934be261c16d036521379306a74b0991720e67joncruz<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>

91934be261c16d036521379306a74b0991720e67joncruz</td>

91934be261c16d036521379306a74b0991720e67joncruz</tr>

3f7b86f89de6d88cb67407ca642e30658d5c0adejohanengelen</table>

3f7b86f89de6d88cb67407ca642e30658d5c0adejohanengelen</div>

978376cf825b672e4eb6e7bbb8c8265dc19c5a2cjohanengelen</body>

e750fb8e7d6b8896903a14f2f45c54177f02bd2epjrm</html>

e750fb8e7d6b8896903a14f2f45c54177f02bd2epjrm