rndc(1) rndc(1)
NAME [Toc] [Back]
rndc - name server control utility
SYNOPSIS [Toc] [Back]
rndc [-c config-file] [-k keyname] [-m] [-p port#] [-s server] [-V]
[-y key_id] command [command...]
DESCRIPTION [Toc] [Back]
This command allows the system administrator to control the operation
of a name server. If rndc is invoked without any command line options
or arguments, it prints a short summary of the supported commands and
the available options and their arguments.
rndc communicates with the name server over a TCP connection, sending
commands authenticated with digital signatures. In the current
versions of rndc, the only supported encryption algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection. This
provides TSIG-style authentication for the command request and the
name server's response. All commands sent over the channel must be
signed by a key_id known to the server.
rndc reads its default configuration file, /etc/rndc.conf to determine
how to contact the name server and decide what algorithm and keys it
should use.
Options [Toc] [Back]
-c config-file This option can be used to specify an alternate
configuration file. The default configuration
file is /etc/rndc.conf.
-k keyname This option can be used to specify the keyname of
the rndc authentication key. This must be a valid
domain name. Default is rndc-key.
-m Provides debugging information to the developers.
-p port# This option specifies that rndc should send
commands to TCP port number port# on the system
running the name server instead of BIND 9.1.3's
default control channel port, 953.
-s server This option is used to specify the server on which
this command is run. server is the name or
address of the server which matches a server
statement in the configuration file for rndc. If
no server is supplied on the command line, the
host named by the default-server clause in the
options statement of the configuration file,
rndc.conf will be used.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
rndc(1) rndc(1)
-V Provides debugging information and is primarily of
interest only to the BIND 9 developers.
-y key_id This option identifies the key_id to use from the
configuration file. key_id must be known to named
with the same algorithm and secret string for
control message validation to succeed. If the -y
option is not specified, rndc will first look for
a key clause in the server statement of rndc.conf
file. If no server statement is present for that
host, then the default-key clause of the options
statement of the configuration file, rndc.conf
will be used.
command command is one of the following:
reload Reload configuration file and
zones.
reload zone Reload the given zone.
refresh zone Schedule zone maintenance for the
given zone.
stats Write server statistics to the
statistics file as specified by the
statistics-file directive of the
options statement in the named.conf
configuration file. If the
statistics-file directive is not
specified, the statistics is dumped
to the named.stats file in the
directory specified by the
directory directive of the options
statement in the named.conf
configuration file.
querylog Toggle query logging.
dumpdb Dump the current contents of the
cache into the file specified by
the dump-file directive of the
options statement in the
configuration file, named.conf. If
the dump-file directive is not
specified, the cache data is dumped
to the named_dump.db file in the
directory specified by the
directory directive of the options
statement in the named.conf
configuration file.
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003
rndc(1) rndc(1)
stop Stop the server. Before stopping
the server, any recent changes made
through dynamic update or IXFR will
be saved to the master files of the
updated zones.
halt Halt the server immediately. Any
recent changes made through dynamic
update or IXFR will not be saved to
the master files. They are rolled
forward from the journal files when
the server is restarted.
reconfig Reload configuration file and new
zones only.
trace Increment debugging level by 1.
trace level Change the debugging level.
notrace Set debugging level to 1.
flush Flush all the server's caches.
flush [view] Flush the server's cache for a
view.
status Display the status of the server.
LIMITATIONS [Toc] [Back]
Note that the configuration file for rndc contains shared secrets
which are used to send authenticated control commands to name servers.
It should therefore not have general read or write access.
There is currently no way to provide the shared secret for a key_id
without using the configuration file.
AUTHOR [Toc] [Back]
rndc was developed by ISC (Internet Software Consortium).
SEE ALSO [Toc] [Back]
dnssec-keygen(1) named(1M), rndc.conf(4), RFC2845.
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: August 2003 [ Back ] |
