man.rndc.html revision ebabe300b615154d08f5577822cfd8726d2643c8
0e0b744f611e1ffc2432ef0bf66bfc6ff90a556cMichael Graff<!--
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence - Copyright (C) 2000-2003 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews -
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Permission to use, copy, modify, and/or distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - purpose with or without fee is hereby granted, provided that the above
0e0b744f611e1ffc2432ef0bf66bfc6ff90a556cMichael Graff - copyright notice and this permission notice appear in all copies.
0e0b744f611e1ffc2432ef0bf66bfc6ff90a556cMichael Graff -
28a8f5b0de57d269cf2845c69cb6abe18cbd3b3aMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
0e0b744f611e1ffc2432ef0bf66bfc6ff90a556cMichael Graff - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
0e0b744f611e1ffc2432ef0bf66bfc6ff90a556cMichael Graff - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
0e0b744f611e1ffc2432ef0bf66bfc6ff90a556cMichael Graff - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
12178c86525332bb0ab66155feb61fbf32eca6acEvan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 - PERFORMANCE OF THIS SOFTWARE.
29747dfe5e073a299b3681e01f5c55540f8bfed7Mark Andrews-->
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<!-- $Id: man.rndc.html,v 1.184 2011/01/04 01:14:08 tbox Exp $ -->
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence<html>
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence<head>
0e0b744f611e1ffc2432ef0bf66bfc6ff90a556cMichael Graff<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence<title>rndc</title>
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence<link rel="prev" href="man.nsupdate.html" title="nsupdate">
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
5c02d3183f46ba8621a4bdecc71facda5f8e0717Michael Graff</head>
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence<div class="navheader">
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence<table width="100%" summary="Navigation header">
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
b9fcdde267398d4f94e5cc5fe280eba738191247Bob Halley<tr>
b9fcdde267398d4f94e5cc5fe280eba738191247Bob Halley<td width="20%" align="left">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
b9fcdde267398d4f94e5cc5fe280eba738191247Bob Halley<th width="60%" align="center">Manual pages</th>
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
a27fe4c990f96bd792f2a07ca4d38c78d5b9df2cTatuya JINMEI 神明達哉</td>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein</tr>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein</table>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<hr>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein</div>
05e448935cb2d6ab08c24257f6536362d3496512Evan Hunt<div class="refentry" lang="en">
67adc03ef81fb610f8df093b17f55275ee816754Evan Hunt<a name="man.rndc"></a><div class="titlepage"></div>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<div class="refnamediv">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<h2>Name</h2>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<p><span class="application">rndc</span> &#8212; name server control utility</p>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein</div>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<div class="refsynopsisdiv">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<h2>Synopsis</h2>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews</div>
bfcc5ae79a46c5c55e6cf1a9fe4d70a957712d2bTatuya JINMEI 神明達哉<div class="refsect1" lang="en">
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews<a name="id2639851"></a><h2>DESCRIPTION</h2>
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews<p><span><strong class="command">rndc</strong></span>
bfcc5ae79a46c5c55e6cf1a9fe4d70a957712d2bTatuya JINMEI 神明達哉 controls the operation of a name
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein server. It supersedes the <span><strong class="command">ndc</strong></span> utility
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein that was provided in old BIND releases. If
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein <span><strong class="command">rndc</strong></span> is invoked with no command line
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein options or arguments, it prints a short summary of the
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein supported commands and the available options and their
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein arguments.
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein </p>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<p><span><strong class="command">rndc</strong></span>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein communicates with the name server
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein over a TCP connection, sending commands authenticated with
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein digital signatures. In the current versions of
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein the only supported authentication algorithm is HMAC-MD5,
386d3a99c190bad55edf44d076e6bd087e230ab8Tatuya JINMEI 神明達哉 which uses a shared secret on each end of the connection.
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein This provides TSIG-style authentication for the command
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein request and the name server's response. All commands sent
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein over the channel must be signed by a key_id known to the
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein server.
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein </p>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<p><span><strong class="command">rndc</strong></span>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein reads a configuration file to
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein determine how to contact the name server and decide what
d389069a397c99347b5b281f90577e19e7662b03Mark Andrews algorithm and key it should use.
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein </p>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein</div>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<div class="refsect1" lang="en">
d9059b0c38bd630c367d81424d72b1308cd74b04Tatuya JINMEI 神明達哉<a name="id2639901"></a><h2>OPTIONS</h2>
d9059b0c38bd630c367d81424d72b1308cd74b04Tatuya JINMEI 神明達哉<div class="variablelist"><dl>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<dd><p>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein Use <em class="replaceable"><code>source-address</code></em>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein as the source address for the connection to the server.
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein Multiple instances are permitted to allow setting of both
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein the IPv4 and IPv6 source addresses.
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein </p></dd>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
b9fcdde267398d4f94e5cc5fe280eba738191247Bob Halley<dd><p>
b9fcdde267398d4f94e5cc5fe280eba738191247Bob Halley Use <em class="replaceable"><code>config-file</code></em>
bafa76b324e2336d707a158cccdb309df30bca65Shawn Routhier as the configuration file instead of the default,
bfcc5ae79a46c5c55e6cf1a9fe4d70a957712d2bTatuya JINMEI 神明達哉 <code class="filename">/etc/rndc.conf</code>.
bfcc5ae79a46c5c55e6cf1a9fe4d70a957712d2bTatuya JINMEI 神明達哉 </p></dd>
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
789252d55f025db52ee02aa933c9f09a4aadfa97Evan Hunt<dd><p>
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews Use <em class="replaceable"><code>key-file</code></em>
789252d55f025db52ee02aa933c9f09a4aadfa97Evan Hunt as the key file instead of the default,
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews <code class="filename">/etc/rndc.key</code>. The key in
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews <code class="filename">/etc/rndc.key</code> will be used to
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews authenticate
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews does not exist.
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews </p></dd>
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
bfcc5ae79a46c5c55e6cf1a9fe4d70a957712d2bTatuya JINMEI 神明達哉<dd><p><em class="replaceable"><code>server</code></em> is
0e0b744f611e1ffc2432ef0bf66bfc6ff90a556cMichael Graff the name or address of the server which matches a
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein server statement in the configuration file for
d653744935f98ace7e5a6423c93ed77bcea34b4aDavid Lawrence <span><strong class="command">rndc</strong></span>. If no server is supplied on the
d653744935f98ace7e5a6423c93ed77bcea34b4aDavid Lawrence command line, the host named by the default-server clause
d653744935f98ace7e5a6423c93ed77bcea34b4aDavid Lawrence in the options statement of the <span><strong class="command">rndc</strong></span>
d653744935f98ace7e5a6423c93ed77bcea34b4aDavid Lawrence configuration file will be used.
d653744935f98ace7e5a6423c93ed77bcea34b4aDavid Lawrence </p></dd>
d653744935f98ace7e5a6423c93ed77bcea34b4aDavid Lawrence<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
d653744935f98ace7e5a6423c93ed77bcea34b4aDavid Lawrence<dd><p>
d653744935f98ace7e5a6423c93ed77bcea34b4aDavid Lawrence Send commands to TCP port
d653744935f98ace7e5a6423c93ed77bcea34b4aDavid Lawrence <em class="replaceable"><code>port</code></em>
d653744935f98ace7e5a6423c93ed77bcea34b4aDavid Lawrence instead
d653744935f98ace7e5a6423c93ed77bcea34b4aDavid Lawrence of BIND 9's default control channel port, 953.
d653744935f98ace7e5a6423c93ed77bcea34b4aDavid Lawrence </p></dd>
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt<dt><span class="term">-V</span></dt>
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt<dd><p>
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt Enable verbose logging.
feb067b25a8e33db62e2a7bf2e83bbb7f6eee845Evan Hunt </p></dd>
feb067b25a8e33db62e2a7bf2e83bbb7f6eee845Evan Hunt<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt<dd><p>
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt Use the key <em class="replaceable"><code>key_id</code></em>
0e0b744f611e1ffc2432ef0bf66bfc6ff90a556cMichael Graff from the configuration file.
<em class="replaceable"><code>key_id</code></em>
must be
known by named with the same algorithm and secret string
in order for control message validation to succeed.
If no <em class="replaceable"><code>key_id</code></em>
is specified, <span><strong class="command">rndc</strong></span> will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
host, then the default-key clause of the options statement.
Note that the configuration file contains shared secrets
which are used to send authenticated control commands
to name servers. It should therefore not have general read
or write access.
</p></dd>
</dl></div>
<p>
For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
see the BIND 9 Administrator Reference Manual or run
<span><strong class="command">rndc</strong></span> without arguments to see its help
message.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2640126"></a><h2>LIMITATIONS</h2>
<p><span><strong class="command">rndc</strong></span>
does not yet support all the commands of
the BIND 8 <span><strong class="command">ndc</strong></span> utility.
</p>
<p>
There is currently no way to provide the shared secret for a
<code class="option">key_id</code> without using the configuration file.
</p>
<p>
Several error messages could be clearer.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2640157"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2640213"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">nsupdate</span>�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>
</td>
</tr>
</table>
</div>
</body>
</html>