FreeBSD Manual Pages
RNDC(8) RNDC(8) NAME rndc - name server control utility SYNOPSIS rndc [ -c config-file ] [ -k key-file ] [ -s server ] [ -p port ] [ -V ] [ -y key_id ] command DESCRIPTION rndc controls the operation of a name server. It supersedes the ndc utility that was provided in old BIND releases. If rndc is invoked with no command line options or arguments, it prints a short summary of the supported commands and the available options and their arguments. rndc communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of rndc and named named the only supported authentication algorithm is HMAC-MD5, which uses a shared secret on each end of the connection. This provides TSIG-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server. rndc reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use. OPTIONS -c config-file Use config-file as the configuration file instead of the de- fault, /etc/namedb/rndc.conf. -k key-file Use key-file as the key file instead of the default, /etc/namedb/rndc.key. The key in /etc/namedb/rndc.key will be used to authenticate commands sent to the server if the config- file does not exist. -s server server is the name or address of the server which matches a server statement in the configuration file for rndc. If no server is supplied on the command line, the host named by the default-server clause in the option statement of the configura- tion file will be used. -p port Send commands to TCP port port instead of BIND 9's default con- trol channel port, 953. -V Enable verbose logging. -y keyid Use the key keyid from the configuration file. keyid must be known by named with the same algorithm and secret string in or- der for control message validation to succeed. If no keyid is specified, rndc will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default-key clause of the op- tions statement. Note that the configuration file contains shared secrets which are used to send authenticated control com- mands to name servers. It should therefore not have general read or write access. For the complete set of commands supported by rndc, see the BIND 9 Ad- ministrator Reference Manual or run rndc without arguments to see its help message. LIMITATIONS rndc does not yet support all the commands of the BIND 8 ndc utility. There is currently no way to provide the shared secret for a key_id without using the configuration file. Several error messages could be clearer. SEE ALSO rndc.conf(5), named(8), named.conf(5) ndc(8), BIND 9 Administrator Ref- erence Manual. AUTHOR Internet Systems Consortium BIND9 June 30, 2000 RNDC(8)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | LIMITATIONS | SEE ALSO | AUTHOR
Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=rndc&sektion=8&manpath=FreeBSD+5.4-RELEASE>