man.rndc.html revision dc91524e4b73ee70908a295e3f2f62305680c5c2
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - Copyright (C) 2000-2003 Internet Software Consortium.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - Permission to use, copy, modify, and distribute this software for any
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - purpose with or without fee is hereby granted, provided that the above
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - copyright notice and this permission notice appear in all copies.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - PERFORMANCE OF THIS SOFTWARE.
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater<!-- $Id: man.rndc.html,v 1.95 2008/10/16 01:11:18 tbox Exp $ -->
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<link rel="prev" href="man.nsupdate.html" title="nsupdate">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<table width="100%" summary="Navigation header">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<th width="60%" align="center">Manual pages</th>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<a name="man.rndc"></a><div class="titlepage"></div>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<p><span class="application">rndc</span> — name server control utility</p>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater<a name="id2609714"></a><h2>DESCRIPTION</h2>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<p><span><strong class="command">rndc</strong></span>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont controls the operation of a name
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont server. It supersedes the <span><strong class="command">ndc</strong></span> utility
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater that was provided in old BIND releases. If
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <span><strong class="command">rndc</strong></span> is invoked with no command line
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont options or arguments, it prints a short summary of the
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont supported commands and the available options and their
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<p><span><strong class="command">rndc</strong></span>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont communicates with the name server
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont over a TCP connection, sending commands authenticated with
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater digital signatures. In the current versions of
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater the only supported authentication algorithm is HMAC-MD5,
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater which uses a shared secret on each end of the connection.
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater This provides TSIG-style authentication for the command
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont request and the name server's response. All commands sent
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont over the channel must be signed by a key_id known to the
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<p><span><strong class="command">rndc</strong></span>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont reads a configuration file to
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont determine how to contact the name server and decide what
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont algorithm and key it should use.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont Use <em class="replaceable"><code>source-address</code></em>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont as the source address for the connection to the server.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont Multiple instances are permitted to allow setting of both
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont the IPv4 and IPv6 source addresses.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont Use <em class="replaceable"><code>config-file</code></em>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont as the configuration file instead of the default,
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <code class="filename">/etc/rndc.conf</code>.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont Use <em class="replaceable"><code>key-file</code></em>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont as the key file instead of the default,
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <code class="filename">/etc/rndc.key</code>. The key in
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater <code class="filename">/etc/rndc.key</code> will be used to
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont does not exist.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dd><p><em class="replaceable"><code>server</code></em> is
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont the name or address of the server which matches a
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont server statement in the configuration file for
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <span><strong class="command">rndc</strong></span>. If no server is supplied on the
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont command line, the host named by the default-server clause
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont in the options statement of the <span><strong class="command">rndc</strong></span>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont configuration file will be used.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont Send commands to TCP port
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <em class="replaceable"><code>port</code></em>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont of BIND 9's default control channel port, 953.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont Enable verbose logging.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont Use the key <em class="replaceable"><code>key_id</code></em>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont from the configuration file.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <em class="replaceable"><code>key_id</code></em>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont known by named with the same algorithm and secret string
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater in order for control message validation to succeed.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont If no <em class="replaceable"><code>key_id</code></em>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont is specified, <span><strong class="command">rndc</strong></span> will first look
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont for a key clause in the server statement of the server
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont being used, or if no server statement is present for that
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont host, then the default-key clause of the options statement.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont Note that the configuration file contains shared secrets
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont which are used to send authenticated control commands
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont to name servers. It should therefore not have general read
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont or write access.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont see the BIND 9 Administrator Reference Manual or run
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <span><strong class="command">rndc</strong></span> without arguments to see its help
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<p><span><strong class="command">rndc</strong></span>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont does not yet support all the commands of
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont the BIND 8 <span><strong class="command">ndc</strong></span> utility.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont There is currently no way to provide the shared secret for a
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <code class="option">key_id</code> without using the configuration file.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont Several error messages could be clearer.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<p><span class="corpauthor">Internet Systems Consortium</span>
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater<table width="100%" summary="Navigation footer">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<span class="application">nsupdate</span>�</td>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>