Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
RNDC(8)				     BIND9			       RNDC(8)

       rndc - name server control utility

       rndc [-c	config-file] [-k key-file] [-s server] [-p port] [-V]
	    [-y	key_id]	{command}

       rndc controls the operation of a	name server. It	supersedes the ndc
       utility that was	provided in old	BIND releases. If rndc is invoked with
       no command line options or arguments, it	prints a short summary of the
       supported commands and the available options and	their arguments.

       rndc communicates with the name server over a TCP connection, sending
       commands	authenticated with digital signatures. In the current versions
       of rndc and named named the only	supported authentication algorithm is
       HMAC-MD5, which uses a shared secret on each end	of the connection.
       This provides TSIG-style	authentication for the command request and the
       name server's response. All commands sent over the channel must be
       signed by a key_id known	to the server.

       rndc reads a configuration file to determine how	to contact the name
       server and decide what algorithm	and key	it should use.

       -c config-file
	      Use config-file as the configuration file	instead	of the
	      default, /etc/namedb/rndc.conf.

       -k key-file
	      Use key-file as the key file instead of the default,
	      /etc/namedb/rndc.key. The	key in /etc/namedb/rndc.key will be
	      used to authenticate commands sent to the	server if the
	      config-file does not exist.

       -s server
	      server is	the name or address of the server which	matches	a
	      server statement in the configuration file for rndc. If no
	      server is	supplied on the	command	line, the host named by	the
	      default-server clause in the option statement of the
	      configuration file will be used.

       -p port
	      Send commands to TCP port	port instead of	BIND 9's default
	      control channel port, 953.

       -V     Enable verbose logging.

       -y keyid
	      Use the key keyid	from the configuration file.  keyid must be
	      known by named with the same algorithm and secret	string in
	      order for	control	message	validation to succeed. If no keyid is
	      specified, rndc will first look for a key	clause in the server
	      statement	of the server being used, or if	no server statement is
	      present for that host, then the default-key clause of the
	      options statement. Note that the configuration file contains
	      shared secrets which are used to send authenticated control
	      commands to name servers.	It should therefore not	have general
	      read or write access.

       For the complete	set of commands	supported by rndc, see the BIND	9
       Administrator Reference Manual or run rndc without arguments to see its
       help message.

       rndc does not yet support all the commands of the BIND 8	ndc utility.

       There is	currently no way to provide the	shared secret for a key_id
       without using the configuration file.

       Several error messages could be clearer.

       rndc.conf(5), named(8), named.conf(5)ndc(8), BIND 9 Administrator
       Reference Manual.

       Internet	Systems	Consortium

BIND9				 June 30, 2000			       RNDC(8)


Want to link to this manual page? Use this URL:

home | help