From f50ae72ec3417cae55dd4e085991c01af9fdc5f1 Mon Sep 17 00:00:00 2001 From: Martin Nagy Date: Wed, 11 Feb 2009 20:37:59 +0100 Subject: Initial commit --- bin/rndc/rndc.html | 165 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 165 insertions(+) create mode 100644 bin/rndc/rndc.html (limited to 'bin/rndc/rndc.html') diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html new file mode 100644 index 0000000..a8d11c4 --- /dev/null +++ b/bin/rndc/rndc.html @@ -0,0 +1,165 @@ + + + + + +rndc + + +
+
+
+

Name

+

rndc — name server control utility

+
+
+

Synopsis

+

rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

+
+
+

DESCRIPTION

+

rndc + controls the operation of a name + server. It supersedes the ndc utility + that was provided in old BIND releases. If + rndc is invoked with no command line + options or arguments, it prints a short summary of the + supported commands and the available options and their + arguments. +

+

rndc + communicates with the name server + over a TCP connection, sending commands authenticated with + digital signatures. In the current versions of + rndc and named, + the only supported authentication algorithm is HMAC-MD5, + which uses a shared secret on each end of the connection. + This provides TSIG-style authentication for the command + request and the name server's response. All commands sent + over the channel must be signed by a key_id known to the + server. +

+

rndc + reads a configuration file to + determine how to contact the name server and decide what + algorithm and key it should use. +

+
+
+

OPTIONS

+
+
-b source-address
+

+ Use source-address + as the source address for the connection to the server. + Multiple instances are permitted to allow setting of both + the IPv4 and IPv6 source addresses. +

+
-c config-file
+

+ Use config-file + as the configuration file instead of the default, + /etc/rndc.conf. +

+
-k key-file
+

+ Use key-file + as the key file instead of the default, + /etc/rndc.key. The key in + /etc/rndc.key will be used to + authenticate + commands sent to the server if the config-file + does not exist. +

+
-s server
+

server is + the name or address of the server which matches a + server statement in the configuration file for + rndc. If no server is supplied on the + command line, the host named by the default-server clause + in the options statement of the rndc + configuration file will be used. +

+
-p port
+

+ Send commands to TCP port + port + instead + of BIND 9's default control channel port, 953. +

+
-V
+

+ Enable verbose logging. +

+
-y key_id
+

+ Use the key key_id + from the configuration file. + key_id + must be + known by named with the same algorithm and secret string + in order for control message validation to succeed. + If no key_id + is specified, rndc will first look + for a key clause in the server statement of the server + being used, or if no server statement is present for that + host, then the default-key clause of the options statement. + Note that the configuration file contains shared secrets + which are used to send authenticated control commands + to name servers. It should therefore not have general read + or write access. +

+
+

+ For the complete set of commands supported by rndc, + see the BIND 9 Administrator Reference Manual or run + rndc without arguments to see its help + message. +

+
+
+

LIMITATIONS

+

rndc + does not yet support all the commands of + the BIND 8 ndc utility. +

+

+ There is currently no way to provide the shared secret for a + key_id without using the configuration file. +

+

+ Several error messages could be clearer. +

+
+
+

SEE ALSO

+

rndc.conf(5), + rndc-confgen(8), + named(8), + named.conf(5), + ndc(8), + BIND 9 Administrator Reference Manual. +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ -- cgit