man.rndc.html revision d060d8669f5558690e7faf4a1c12fe5c02a7c60d
5fbced719b71e659322b4ce3e4a39c9b039674c7Bob Halley - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
499b34cea04a46823d003d4c0520c8b03e8513cbBrian Wellington - Copyright (C) 2000-2003 Internet Software Consortium.
5fbced719b71e659322b4ce3e4a39c9b039674c7Bob Halley - Permission to use, copy, modify, and/or distribute this software for any
5fbced719b71e659322b4ce3e4a39c9b039674c7Bob Halley - purpose with or without fee is hereby granted, provided that the above
5fbced719b71e659322b4ce3e4a39c9b039674c7Bob Halley - copyright notice and this permission notice appear in all copies.
15a44745412679c30a6d022733925af70a38b715David Lawrence - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
15a44745412679c30a6d022733925af70a38b715David Lawrence - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
15a44745412679c30a6d022733925af70a38b715David Lawrence - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15a44745412679c30a6d022733925af70a38b715David Lawrence - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15a44745412679c30a6d022733925af70a38b715David Lawrence - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15a44745412679c30a6d022733925af70a38b715David Lawrence - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15a44745412679c30a6d022733925af70a38b715David Lawrence - PERFORMANCE OF THIS SOFTWARE.
15a44745412679c30a6d022733925af70a38b715David Lawrence<!-- $Id: man.rndc.html,v 1.148 2009/10/16 04:20:32 tbox Exp $ -->
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson<link rel="prev" href="man.nsupdate.html" title="nsupdate">
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<table width="100%" summary="Navigation header">
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson<th width="60%" align="center">Manual pages</th>
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<a name="man.rndc"></a><div class="titlepage"></div>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<p><span class="application">rndc</span> — name server control utility</p>
b897c52f865b2fc4e220e2110b874e59c716456bBob Halley<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<p><span><strong class="command">rndc</strong></span>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence controls the operation of a name
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence server. It supersedes the <span><strong class="command">ndc</strong></span> utility
4b598d8ae578861d5f3fc1333c9f84c9c9c8be7cDavid Lawrence that was provided in old BIND releases. If
4b598d8ae578861d5f3fc1333c9f84c9c9c8be7cDavid Lawrence <span><strong class="command">rndc</strong></span> is invoked with no command line
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence options or arguments, it prints a short summary of the
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence supported commands and the available options and their
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<p><span><strong class="command">rndc</strong></span>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence communicates with the name server
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence over a TCP connection, sending commands authenticated with
4b598d8ae578861d5f3fc1333c9f84c9c9c8be7cDavid Lawrence digital signatures. In the current versions of
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence the only supported authentication algorithm is HMAC-MD5,
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence which uses a shared secret on each end of the connection.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence This provides TSIG-style authentication for the command
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence request and the name server's response. All commands sent
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence over the channel must be signed by a key_id known to the
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<p><span><strong class="command">rndc</strong></span>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence reads a configuration file to
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence determine how to contact the name server and decide what
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence algorithm and key it should use.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Use <em class="replaceable"><code>source-address</code></em>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence as the source address for the connection to the server.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Multiple instances are permitted to allow setting of both
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence the IPv4 and IPv6 source addresses.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Use <em class="replaceable"><code>config-file</code></em>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence as the configuration file instead of the default,
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence <code class="filename">/etc/rndc.conf</code>.
5a48c9f76003a649e16de34fe6206e3b67b97afbBob Halley<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Use <em class="replaceable"><code>key-file</code></em>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence as the key file instead of the default,
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence <code class="filename">/etc/rndc.key</code>. The key in
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence <code class="filename">/etc/rndc.key</code> will be used to
4b598d8ae578861d5f3fc1333c9f84c9c9c8be7cDavid Lawrence commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence does not exist.
4b598d8ae578861d5f3fc1333c9f84c9c9c8be7cDavid Lawrence<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<dd><p><em class="replaceable"><code>server</code></em> is
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence the name or address of the server which matches a
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence server statement in the configuration file for
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence <span><strong class="command">rndc</strong></span>. If no server is supplied on the
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence command line, the host named by the default-server clause
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence in the options statement of the <span><strong class="command">rndc</strong></span>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence configuration file will be used.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Send commands to TCP port
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence <em class="replaceable"><code>port</code></em>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence of BIND 9's default control channel port, 953.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Enable verbose logging.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Use the key <em class="replaceable"><code>key_id</code></em>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence from the configuration file.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence <em class="replaceable"><code>key_id</code></em>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence known by named with the same algorithm and secret string
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence in order for control message validation to succeed.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence If no <em class="replaceable"><code>key_id</code></em>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence is specified, <span><strong class="command">rndc</strong></span> will first look
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence for a key clause in the server statement of the server
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence being used, or if no server statement is present for that
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence host, then the default-key clause of the options statement.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Note that the configuration file contains shared secrets
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence which are used to send authenticated control commands
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence to name servers. It should therefore not have general read
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence or write access.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence see the BIND 9 Administrator Reference Manual or run
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence <span><strong class="command">rndc</strong></span> without arguments to see its help
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<p><span><strong class="command">rndc</strong></span>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence does not yet support all the commands of
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence the BIND 8 <span><strong class="command">ndc</strong></span> utility.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence There is currently no way to provide the shared secret for a
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence <code class="option">key_id</code> without using the configuration file.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Several error messages could be clearer.
c968a9ca37964ae0bdc5d452ad784ec93bd04c57David Lawrence<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
c968a9ca37964ae0bdc5d452ad784ec93bd04c57David Lawrence <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<p><span class="corpauthor">Internet Systems Consortium</span>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<table width="100%" summary="Navigation footer">
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<span class="application">nsupdate</span>�</td>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>