Seth Woolley's Man Viewer

Manual for rndc - man 8 rndc

([section] manual, -k keyword, -K [section] search, -f whatis)
man plain no title

RNDC(8)                                                                RNDC(8)



NAME
       rndc(5,8) - name server control utility

SYNOPSIS
       rndc(5,8) [ -c config-file ]  [ -k key-file ]  [ -s server ]  [ -p port ]  [
       -V ]  [ -y key_id ]  command

DESCRIPTION
       rndc(5,8) controls the operation of a name server.  It  supersedes  the  ndc
       utility that was provided in(1,8) old BIND releases. If rndc(5,8) is invoked with
       no command line options or arguments, it prints a short summary of  the
       supported commands and the available options and their arguments.

       rndc(5,8)  communicates  with the name server over a TCP connection, sending
       commands authenticated with digital signatures. In the current versions
       of  rndc(5,8) and named(5,8) named(5,8) the only supported authentication algorithm is
       HMAC-MD5, which uses a shared secret on each  end  of  the  connection.
       This provides TSIG-style authentication for the command request and the
       name server's response. All commands sent  over  the  channel  must  be
       signed by a key_id known to the server.

       rndc(5,8)  reads  a  configuration file(1,n) to determine how to contact the name
       server and decide what algorithm and key it should use.

OPTIONS
       -c config-file
              Use  config-file  as  the  configuration  file(1,n)  instead  of  the
              default, /etc/rndc.conf.

       -k key-file
              Use   key-file   as   the  key  file(1,n)  instead  of  the  default,
              /etc/rndc.key. The key in(1,8) /etc/rndc.key will be used to  authen-
              ticate  commands  sent to the server if(3,n) the config-file does not
              exist.

       -s server
              server is the name or address of  the  server  which  matches  a
              server  statement  in(1,8)  the  configuration  file(1,n)  for rndc(5,8). If no
              server is supplied on the command line, the host(1,5)  named(5,8)  by  the
              default-server  clause in(1,8) the option statement of the configura-
              tion file(1,n) will be used.

       -p port
              Send commands to TCP port port instead of BIND 9's default  con-
              trol channel port, 953.

       -V     Enable verbose logging.

       -y keyid
              Use  the  key  keyid from the configuration file.  keyid must be
              known by named(5,8) with the same  algorithm  and  secret  string(3,n)  in(1,8)
              order for control message validation to succeed.  If no keyid is
              specified, rndc(5,8) will first look(1,8,3 Search::Dict) for a key clause in(1,8)  the  server
              statement of the server being used, or if(3,n) no server statement is
              present for that  host(1,5),  then  the  default-key  clause  of  the
              options  statement.   Note  that the configuration file(1,n) contains
              shared secrets which are used to send(2,n) authenticated control com-
              mands to name servers. It should therefore not have general read(2,n,1 builtins)
              or write(1,2) access.

       For the complete set(7,n,1 builtins) of commands supported by  rndc(5,8),  see  the  BIND  9
       Administrator Reference Manual or run rndc(5,8) without arguments to see its
       help message.


LIMITATIONS
       rndc(5,8) does not yet support all the commands of the BIND 8 ndc utility.

       There is currently no way to provide the shared  secret  for  a  key_id
       without using the configuration file.

       Several error(8,n) messages could be clearer.

SEE ALSO
       rndc.conf(5), named(5,8)(8), named.conf(5) ndc(8), BIND 9 Administrator Ref-
       erence Manual.

AUTHOR
       Internet Systems Consortium



BIND9                            June 30, 2000                         RNDC(8)

References for this manual (incoming links)