Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
RNDC(8)								       RNDC(8)

       rndc - name server control utility

       rndc [ -c config-file ]	[ -k key-file ]	 [ -s server ]	[ -p port ]  [
       -V ]  [ -y key_id ]  command

       rndc controls the operation of a	name server.  It  supersedes  the  ndc
       utility that was	provided in old	BIND releases. If rndc is invoked with
       no command line options or arguments, it	prints a short summary of  the
       supported commands and the available options and	their arguments.

       rndc  communicates  with	the name server	over a TCP connection, sending
       commands	authenticated with digital signatures. In the current versions
       of  rndc	and named named	the only supported authentication algorithm is
       HMAC-MD5, which uses a shared secret on each  end  of  the  connection.
       This provides TSIG-style	authentication for the command request and the
       name server's response. All commands sent  over	the  channel  must  be
       signed by a key_id known	to the server.

       rndc  reads  a  configuration file to determine how to contact the name
       server and decide what algorithm	and key	it should use.

       -c config-file
	      Use  config-file	as  the	 configuration	file  instead  of  the
	      default, /etc/namedb/rndc.conf.

       -k key-file
	      Use   key-file   as   the	 key  file  instead  of	 the  default,
	      /etc/namedb/rndc.key. The	key in	/etc/namedb/rndc.key  will  be
	      used  to authenticate commands sent to the server	if the config-
	      file does	not exist.

       -s server
	      server is	the name or address of	the  server  which  matches  a
	      server  statement	 in  the  configuration	 file  for rndc. If no
	      server is	supplied on the	command	line, the host	named  by  the
	      default-server  clause in	the option statement of	the configura-
	      tion file	will be	used.

       -p port
	      Send commands to TCP port	port instead of	BIND 9's default  con-
	      trol channel port, 953.

       -V     Enable verbose logging.

       -y keyid
	      Use  the	key  keyid from	the configuration file.	 keyid must be
	      known by named with the same  algorithm  and  secret  string  in
	      order for	control	message	validation to succeed.	If no keyid is
	      specified, rndc will first look for a key	clause in  the	server
	      statement	of the server being used, or if	no server statement is
	      present for that	host,  then  the  default-key  clause  of  the
	      options  statement.   Note  that the configuration file contains
	      shared secrets which are used to send authenticated control com-
	      mands to name servers. It	should therefore not have general read
	      or write access.

       For the complete	set of commands	supported by  rndc,  see  the  BIND  9
       Administrator Reference Manual or run rndc without arguments to see its
       help message.

       rndc does not yet support all the commands of the BIND 8	ndc utility.

       There is	currently no way to provide the	shared	secret	for  a	key_id
       without using the configuration file.

       Several error messages could be clearer.

       rndc.conf(5), named(8), named.conf(5) ndc(8), BIND 9 Administrator Ref-
       erence Manual.

       Internet	Systems	Consortium

BIND9				 June 30, 2000			       RNDC(8)


Want to link to this manual page? Use this URL:

home | help