MAN page from Trustix bind-utils-9.2.2-9tr.i586.rpm
Updated: June 30, 2000Index
rndc - name server control utility
rndc [ -c config-file ] [ -k key-file ] [ -s server ] [ -p port ] [ -V ] [ -y key_id ] command
rndc controls the operation of a nameserver. It supersedes the ndc utilitythat was provided in old BIND releases. Ifrndc is invoked with no command lineoptions or arguments, it prints a short summary of thesupported commands and the available options and theirarguments.
rndc communicates with the name serverover a TCP connection, sending commands authenticated withdigital signatures. In the current versions ofrndc and named namedthe only supported authentication algorithm is HMAC-MD5,which uses a shared secret on each end of the connection.This provides TSIG-style authentication for the commandrequest and the name server's response. All commands sentover the channel must be signed by a key_id known to theserver.
rndc reads a configuration file todetermine how to contact the name server and decide whatalgorithm and key it should use.
- -c config-file
- Use config-fileas the configuration file instead of the default,/etc/rndc.conf.
- -k key-file
- Use key-fileas the key file instead of the default,/etc/rndc.key. The key in/etc/rndc.key will be used to authenticatecommands sent to the server if the config-filedoes not exist.
- -s server
- server isthe name or address of the server which matches aserver statement in the configuration file forrndc. If no server is supplied on thecommand line, the host named by the default-server clausein the option statement of the configuration file will beused.
- -p port
- Send commands to TCP portport insteadof BIND 9's default control channel port, 953.
- Enable verbose logging.
- -y keyid
- Use the key keyidfrom the configuration file.keyid must beknown by named with the same algorithm and secret stringin order for control message validation to succeed.If no keyidis specified, rndc will first lookfor a key clause in the server statement of the serverbeing used, or if no server statement is present for thathost, then the default-key clause of the options statement.Note that the configuration file contains shared secretswhich are used to send authenticated control commandsto name servers. It should therefore not have general reador write access.
For the complete set of commands supported by rndc,see the BIND 9 Administrator Reference Manual or runrndc without arguments to see its help message.
rndc does not yet support all the commands ofthe BIND 8 ndc utility.
There is currently no way to provide the shared secret for akey_id without using the configuration file.
Several error messages could be clearer.
rndc.conf(5),named(8),named.conf(5)ndc(8),BIND 9 Administrator Reference Manual.
Internet Software Consortium
- SEE ALSO
This document was created byman2html,using the manual pages.