/contrib/bind9/bin/rndc/rndc.docbook
https://bitbucket.org/freebsd/freebsd-head/ · Unknown · 253 lines · 232 code · 21 blank · 0 comment · 0 complexity · 778db76ff70cf682b4185a13769ec6f9 MD5 · raw file
- <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "—">]>
- <!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000, 2001 Internet Software Consortium.
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
- -->
- <!-- $Id: rndc.docbook,v 1.21 2007/12/14 20:39:14 marka Exp $ -->
- <refentry id="man.rndc">
- <refentryinfo>
- <date>June 30, 2000</date>
- </refentryinfo>
- <refmeta>
- <refentrytitle><application>rndc</application></refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo>BIND9</refmiscinfo>
- </refmeta>
- <refnamediv>
- <refname><application>rndc</application></refname>
- <refpurpose>name server control utility</refpurpose>
- </refnamediv>
- <docinfo>
- <copyright>
- <year>2004</year>
- <year>2005</year>
- <year>2007</year>
- <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
- </copyright>
- <copyright>
- <year>2000</year>
- <year>2001</year>
- <holder>Internet Software Consortium.</holder>
- </copyright>
- </docinfo>
- <refsynopsisdiv>
- <cmdsynopsis>
- <command>rndc</command>
- <arg><option>-b <replaceable class="parameter">source-address</replaceable></option></arg>
- <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
- <arg><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
- <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
- <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
- <arg><option>-V</option></arg>
- <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
- <arg choice="req">command</arg>
- </cmdsynopsis>
- </refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
- <para><command>rndc</command>
- controls the operation of a name
- server. It supersedes the <command>ndc</command> utility
- that was provided in old BIND releases. If
- <command>rndc</command> is invoked with no command line
- options or arguments, it prints a short summary of the
- supported commands and the available options and their
- arguments.
- </para>
- <para><command>rndc</command>
- communicates with the name server
- over a TCP connection, sending commands authenticated with
- digital signatures. In the current versions of
- <command>rndc</command> and <command>named</command>,
- the only supported authentication algorithm is HMAC-MD5,
- which uses a shared secret on each end of the connection.
- This provides TSIG-style authentication for the command
- request and the name server's response. All commands sent
- over the channel must be signed by a key_id known to the
- server.
- </para>
- <para><command>rndc</command>
- reads a configuration file to
- determine how to contact the name server and decide what
- algorithm and key it should use.
- </para>
- </refsect1>
- <refsect1>
- <title>OPTIONS</title>
- <variablelist>
- <varlistentry>
- <term>-b <replaceable class="parameter">source-address</replaceable></term>
- <listitem>
- <para>
- Use <replaceable class="parameter">source-address</replaceable>
- as the source address for the connection to the server.
- Multiple instances are permitted to allow setting of both
- the IPv4 and IPv6 source addresses.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>-c <replaceable class="parameter">config-file</replaceable></term>
- <listitem>
- <para>
- Use <replaceable class="parameter">config-file</replaceable>
- as the configuration file instead of the default,
- <filename>/etc/rndc.conf</filename>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>-k <replaceable class="parameter">key-file</replaceable></term>
- <listitem>
- <para>
- Use <replaceable class="parameter">key-file</replaceable>
- as the key file instead of the default,
- <filename>/etc/rndc.key</filename>. The key in
- <filename>/etc/rndc.key</filename> will be used to
- authenticate
- commands sent to the server if the <replaceable class="parameter">config-file</replaceable>
- does not exist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>-s <replaceable class="parameter">server</replaceable></term>
- <listitem>
- <para><replaceable class="parameter">server</replaceable> is
- the name or address of the server which matches a
- server statement in the configuration file for
- <command>rndc</command>. If no server is supplied on the
- command line, the host named by the default-server clause
- in the options statement of the <command>rndc</command>
- configuration file will be used.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>-p <replaceable class="parameter">port</replaceable></term>
- <listitem>
- <para>
- Send commands to TCP port
- <replaceable class="parameter">port</replaceable>
- instead
- of BIND 9's default control channel port, 953.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>-V</term>
- <listitem>
- <para>
- Enable verbose logging.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>-y <replaceable class="parameter">key_id</replaceable></term>
- <listitem>
- <para>
- Use the key <replaceable class="parameter">key_id</replaceable>
- from the configuration file.
- <replaceable class="parameter">key_id</replaceable>
- must be
- known by named with the same algorithm and secret string
- in order for control message validation to succeed.
- If no <replaceable class="parameter">key_id</replaceable>
- is specified, <command>rndc</command> will first look
- for a key clause in the server statement of the server
- being used, or if no server statement is present for that
- host, then the default-key clause of the options statement.
- Note that the configuration file contains shared secrets
- which are used to send authenticated control commands
- to name servers. It should therefore not have general read
- or write access.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- <para>
- For the complete set of commands supported by <command>rndc</command>,
- see the BIND 9 Administrator Reference Manual or run
- <command>rndc</command> without arguments to see its help
- message.
- </para>
- </refsect1>
- <refsect1>
- <title>LIMITATIONS</title>
- <para><command>rndc</command>
- does not yet support all the commands of
- the BIND 8 <command>ndc</command> utility.
- </para>
- <para>
- There is currently no way to provide the shared secret for a
- <option>key_id</option> without using the configuration file.
- </para>
- <para>
- Several error messages could be clearer.
- </para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
- <para><citerefentry>
- <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>ndc</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>,
- <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
- </para>
- </refsect1>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
- </refentry><!--
- - Local variables:
- - mode: sgml
- - End:
- -->