man.rndc.html revision fde6bfde6ec1d7a5f9907aeea8618db9dbd02f4c
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync - Copyright (C) 2000-2003 Internet Software Consortium.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync - Permission to use, copy, modify, and/or distribute this software for any
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync - purpose with or without fee is hereby granted, provided that the above
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync - copyright notice and this permission notice appear in all copies.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync - PERFORMANCE OF THIS SOFTWARE.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<!-- $Id: man.rndc.html,v 1.177 2010/08/21 01:13:59 tbox Exp $ -->
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<link rel="prev" href="man.nsupdate.html" title="nsupdate">
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<a name="man.rndc"></a><div class="titlepage"></div>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<p><span class="application">rndc</span> — name server control utility</p>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<p><span><strong class="command">rndc</strong></span>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync controls the operation of a name
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync server. It supersedes the <span><strong class="command">ndc</strong></span> utility
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync that was provided in old BIND releases. If
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync <span><strong class="command">rndc</strong></span> is invoked with no command line
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync options or arguments, it prints a short summary of the
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync supported commands and the available options and their
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<p><span><strong class="command">rndc</strong></span>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync communicates with the name server
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync over a TCP connection, sending commands authenticated with
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync digital signatures. In the current versions of
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync the only supported authentication algorithm is HMAC-MD5,
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync which uses a shared secret on each end of the connection.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync This provides TSIG-style authentication for the command
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync request and the name server's response. All commands sent
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync over the channel must be signed by a key_id known to the
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<p><span><strong class="command">rndc</strong></span>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync reads a configuration file to
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync determine how to contact the name server and decide what
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync algorithm and key it should use.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync Use <em class="replaceable"><code>source-address</code></em>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync as the source address for the connection to the server.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync Multiple instances are permitted to allow setting of both
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync the IPv4 and IPv6 source addresses.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync Use <em class="replaceable"><code>config-file</code></em>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync as the configuration file instead of the default,
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync Use <em class="replaceable"><code>key-file</code></em>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync as the key file instead of the default,
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync <code class="filename">/etc/rndc.key</code>. The key in
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync <code class="filename">/etc/rndc.key</code> will be used to
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync authenticate
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync does not exist.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<dd><p><em class="replaceable"><code>server</code></em> is
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync the name or address of the server which matches a
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync server statement in the configuration file for
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync <span><strong class="command">rndc</strong></span>. If no server is supplied on the
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync command line, the host named by the default-server clause
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync in the options statement of the <span><strong class="command">rndc</strong></span>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync configuration file will be used.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync Send commands to TCP port
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync of BIND 9's default control channel port, 953.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync Enable verbose logging.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync Use the key <em class="replaceable"><code>key_id</code></em>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync from the configuration file.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync known by named with the same algorithm and secret string
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync in order for control message validation to succeed.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync If no <em class="replaceable"><code>key_id</code></em>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync is specified, <span><strong class="command">rndc</strong></span> will first look
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync for a key clause in the server statement of the server
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync being used, or if no server statement is present for that
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync host, then the default-key clause of the options statement.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync Note that the configuration file contains shared secrets
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync which are used to send authenticated control commands
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync to name servers. It should therefore not have general read
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync or write access.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync see the BIND 9 Administrator Reference Manual or run
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync <span><strong class="command">rndc</strong></span> without arguments to see its help
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<p><span><strong class="command">rndc</strong></span>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync does not yet support all the commands of
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync the BIND 8 <span><strong class="command">ndc</strong></span> utility.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync There is currently no way to provide the shared secret for a
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync <code class="option">key_id</code> without using the configuration file.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync Several error messages could be clearer.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<p><span class="corpauthor">Internet Systems Consortium</span>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
deb4998ba50060c48cce222fd18a8eed053918d7vboxsync<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code>