upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

rndc docbook conversion

Browse source
This commit is contained in:
Bob Halley 2001-03-28 01:01:01 +00:00
parent bed7a35293
commit 4610465ed9
4 changed files with 679 additions and 146 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
bin/rndc/Makefile.in
View file

@ -13,7 +13,7 @@
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.21 2001/03/27 00:44:41 bwelling Exp $
# $Id: Makefile.in,v 1.22 2001/03/28 01:00:58 halley Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -47,7 +47,11 @@ OBJS = rndc.@O@
SRCS = rndc.c
MANPAGES = rndc.8 rndc.conf.5
MANPAGES = rndc.8
HTMLPAGES = rndc.html
MANOBJS = ${MANPAGES} ${HTMLPAGES}
@BIND9_MAKE_RULES@
@ -58,6 +62,11 @@ rndc.@O@: rndc.c
rndc: ${OBJS} ${DEPLIBS}
${LIBTOOL} ${PURIFY} ${CC} ${CFLAGS} -o $@ ${OBJS} ${LIBS}
doc man:: ${MANOBJS}
docclean manclean maintainer-clean::
rm -f ${MANOBJS}
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
@ -68,5 +77,5 @@ install:: rndc installdirs
${INSTALL_DATA} rndc.8 ${DESTDIR}${mandir}/man8
${INSTALL_DATA} rndc.conf.5 ${DESTDIR}${mandir}/man5
clean distclean::
clean distclean maintainer-clean::
rm -f ${TARGETS}

235
bin/rndc/rndc.8
View file

@ -12,147 +12,96 @@
.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" $Id: rndc.8,v 1.15 2001/02/17 01:25:34 bwelling Exp $
.Dd Jun 30, 2000
.Dt RNDC 8
.Os BIND9 9
.ds vT BIND9 Programmer's Manual
.Sh NAME
.Nm rndc
.Nd name server control utility
.Sh SYNOPSIS
.Nm rndc
.Op Fl c Ar config-file
.Op Fl M
.Op Fl m
.Op Fl p Ar port#
.Op Fl s Ar server
.Op Fl v
.Op Fl y Ar key_id
.Ar command ....
.Sh DESCRIPTION
This command allows the system administrator to control the operation
of a name server.
It supersedes the
.Xr ndc 8
utility that was provided in old BIND releases.
If
.Nm rndc
is invoked with no command line options or arguments, it
prints a short summary of the supported commands and the available
options and their arguments.
.Pp
.Nm rndc
communicates with the name server over a TCP connection,
sending commands authenticated with digital signatures.
In the current versions of
.Nm rndc
and
.Xr named 8
the only supported encryption algorithm is HMAC-MD5, which uses a
shared secret on each end of the connection.
This provides TSIG-style authentication for the command request
and the name server's response.
All commands sent over the channel
must be signed by a key_id known to the server.
.Pp
.Nm rndc
reads its default configuration file,
.Pa /etc/rndc.conf
to determine how to contact the name server and decide what algorithm
and keys it should use.
The
.Fl c
option can be used to specify an alternate configuration file.
.Pp
.Ar server
is the name or address of the server which matches a
.Dv server
statement in the configuration file for
.Nm rndc .
If no
.Ar server
is supplied on the command line, the host named by the
.Dv default-server
clause in the
.Dv option
statement of the configuration file will be used.
.Pp
The
.Fl p
option can be used to make
.Nm rndc
send commands to TCP port number
.Ar port#
on the system running the name server instead of BIND 9's
default control channel port of 953.
.Pp
The
.Fl y
option identifies the
.Ar key_id
to use from the configuration file.
.Ar key_id
must be known by
.Xr named
with the same algorithm and secret string in order for
control message validation to succeed.
If no
.Fl y
option is provided,
.Nm rndc
will first look for a
.Dv key
clause in the
.Dv server
statement of the server being used, or if no
.Dv server
statement is present for that host, then the
.Dv default-key
clause of the
.Dv options
statement.
Note that the configuration file for
.Nm rndc
contains shared secrets which are used to send authenticated
control commands to name servers.
It should therefore not have general read or write access.
.Pp
The
.Fl M ,
.Fl m ,
and
.Fl v
options provided debugging information and are primarily of interest
to the BIND 9 developers.
They might be changed or removed in future releases.
.Pp
For the complete set of commands supported by rndc, see the
BIND 9 Administrator Reference Manual or run
.Nm rndc
without arguments to see its help message.
.Pp
.Sh LIMITATIONS
.Nm rndc
does not yet support all the commands of the BIND 8
.Xr ndc
utility.
.Pp
There is currently no way to provide the shared secret for a key_id
without using the configuration file.
.Pp
.TH "RNDC" "8" "June 30, 2000" "BIND9" ""
.SH NAME
rndc \- name server control utility
.SH SYNOPSIS
.sp
\fBrndc\fR [ \fB-c \fIconfig-file\fB\fR ] [ \fB-s \fIserver\fB\fR ] [ \fB-p \fIport\fB\fR ] [ \fB-v\fR ] [ \fB-y \fIkey_id\fB\fR ] [ \fBcommand\fR\fI...\fR ]
.SH "DESCRIPTION"
.PP
\fBrndc\fR controls the operation of a name
server. It supersedes the \fBndc\fR utility
that was provided in old BIND releases. If
\fBrndc\fR is invoked with no command line
options or arguments, it prints a short summary of the
supported commands and the available options and their
arguments.
.PP
\fBrndc\fR communicates with the name server
over a TCP connection, sending commands authenticated with
digital signatures. In the current versions of
\fBrndc\fR and \fBnamed\fR named
the only supported authentication algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection.
This provides TSIG-style authentication for the command
request and the name server's response. All commands sent
over the channel must be signed by a key_id known to the
server.
.PP
\fBrndc\fR reads a configuration file to
determine how to contact the name server and decide what
algorithm and key it should use.
.SH "OPTIONS"
.TP
\fB-c \fIconfig-file\fB\fR
Use \fIconfig-file\fR
as the configuration file instead of the default,
\fI/etc/rndc.conf\fR.
.TP
\fB-s \fIserver\fB\fR
\fIserver\fR is
the name or address of the server which matches a
server statement in the configuration file for
\fBrndc\fR. If no server is supplied on the
command line, the host named by the default-server clause
in the option statement of the configuration file will be
used.
.TP
\fB-p \fIport\fB\fR
Send commands to TCP port
\fIport\fR instead
of BIND 9's default control channel port, 953.
.TP
\fB-y \fIkeyid\fB\fR
Use the key \fIkeyid\fR
from the configuration file.
\fIkeyid\fR must be
known by named with the same algorithm and secret string
in order for control message validation to succeed.
If no \fIkeyid\fR
is specified, \fBrndc\fR will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
host, then the default-key clause of the options statement.
Note that the configuration file contains shared secrets
which are used to send authenticated control commands
to name servers. It should therefore not have general read
or write access.
.TP
\fB-v\fR
Enable verbose logging.
.PP
For the complete set of commands supported by \fBrndc\fR,
see the BIND 9 Administrator Reference Manual or run
\fBrndc\fR without arguments to see its help message.
.PP
.SH "LIMITATIONS"
.PP
\fBrndc\fR does not yet support all the commands of
the BIND 8 \fBndc\fR utility.
.PP
There is currently no way to provide the shared secret for a
\fBkey_id\fR without using the configuration file.
.PP
Several error messages could be clearer.
For example, trying to connect
from an address that is not in the list of acceptable addresses
configured into
.Xr named
will result in the error message "end of file" when the server
unceremoniously closes the connection.
.Sh SEE ALSO
.Xr rndc.conf 5 ,
.Xr named 8 ,
.Xr named.conf 5 ,
.Xr RFC2845 ,
.Xr ndc 8 .
.SH "SEE ALSO"
.PP
\fBrndc.conf\fR(5),
\fBnamed\fR(8),
\fBnamed.conf\fR(5)
\fBndc\fR(8),
\fIBIND 9 Administrator Reference Manual\fR.
.SH "AUTHOR"
.PP
Internet Software Consortium

195
bin/rndc/rndc.docbook Normal file
View file

@ -0,0 +1,195 @@
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
<refentry>
<refentryinfo>
<date>June 30, 2000</date>
</refentryinfo>
<refmeta>
<refentrytitle><application>rndc</application></refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
<refnamediv>
<refname><application>rndc</application></refname>
<refpurpose>name server control utility</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>rndc</command>
<arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
<arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
<arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
<arg><option>-v</option></arg>
<arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
<arg rep="repeat">command</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>
<command>rndc</command> controls the operation of a name
server. It supersedes the <command>ndc</command> utility
that was provided in old BIND releases. If
<command>rndc</command> is invoked with no command line
options or arguments, it prints a short summary of the
supported commands and the available options and their
arguments.
</para>
<para>
<command>rndc</command> communicates with the name server
over a TCP connection, sending commands authenticated with
digital signatures. In the current versions of
<command>rndc</command> and <command>named</command> named
the only supported authentication algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection.
This provides TSIG-style authentication for the command
request and the name server's response. All commands sent
over the channel must be signed by a key_id known to the
server.
</para>
<para>
<command>rndc</command> reads a configuration file to
determine how to contact the name server and decide what
algorithm and key it should use.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-c <replaceable class="parameter">config-file</replaceable></term>
<listitem>
<para>
Use <replaceable class="parameter">config-file</replaceable>
as the configuration file instead of the default,
<filename>/etc/rndc.conf</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s <replaceable class="parameter">server</replaceable></term>
<listitem>
<para>
<replaceable class="parameter">server</replaceable> is
the name or address of the server which matches a
server statement in the configuration file for
<command>rndc</command>. If no server is supplied on the
command line, the host named by the default-server clause
in the option statement of the configuration file will be
used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-p <replaceable class="parameter">port</replaceable></term>
<listitem>
<para>
Send commands to TCP port
<replaceable class="parameter">port</replaceable> instead
of BIND 9's default control channel port, 953.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-y <replaceable class="parameter">keyid</replaceable></term>
<listitem>
<para>
Use the key <replaceable class="parameter">keyid</replaceable>
from the configuration file.
<replaceable class="parameter">keyid</replaceable> must be
known by named with the same algorithm and secret string
in order for control message validation to succeed.
If no <replaceable class="parameter">keyid</replaceable>
is specified, <command>rndc</command> will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
host, then the default-key clause of the options statement.
Note that the configuration file contains shared secrets
which are used to send authenticated control commands
to name servers. It should therefore not have general read
or write access.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-v</term>
<listitem>
<para>
Enable verbose logging.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
For the complete set of commands supported by <command>rndc</command>,
see the BIND 9 Administrator Reference Manual or run
<command>rndc</command> without arguments to see its help message.
</para>
</refsect1>
<refsect1>
<title>LIMITATIONS</title>
<para>
<command>rndc</command> does not yet support all the commands of
the BIND 8 <command>ndc</command> utility.
</para>
<para>
There is currently no way to provide the shared secret for a
<option>key_id</option> without using the configuration file.
</para>
<para>
Several error messages could be clearer.
</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>rndc.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>named</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>named.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
<citerefentry>
<refentrytitle>ndc</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
<corpauthor>Internet Software Consortium</corpauthor>
</para>
</refsect1>
</refentry>
<!--
- Local variables:
- mode: sgml
- End:
-->

380
bin/rndc/rndc.html Normal file
View file

@ -0,0 +1,380 @@
<!--
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
<HTML
><HEAD
><TITLE
>rndc</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.63
"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="AEN1"
><SPAN
CLASS="APPLICATION"
>rndc</SPAN
></A
></H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN9"
></A
><H2
>Name</H2
><SPAN
CLASS="APPLICATION"
>rndc</SPAN
>&nbsp;--&nbsp;name server control utility</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN13"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>rndc</B
> [<TT
CLASS="OPTION"
>-c <TT
CLASS="REPLACEABLE"
><I
>config-file</I
></TT
></TT
>] [<TT
CLASS="OPTION"
>-s <TT
CLASS="REPLACEABLE"
><I
>server</I
></TT
></TT
>] [<TT
CLASS="OPTION"
>-p <TT
CLASS="REPLACEABLE"
><I
>port</I
></TT
></TT
>] [<TT
CLASS="OPTION"
>-v</TT
>] [<TT
CLASS="OPTION"
>-y <TT
CLASS="REPLACEABLE"
><I
>key_id</I
></TT
></TT
>] [command...]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN31"
></A
><H2
>DESCRIPTION</H2
><P
> <B
CLASS="COMMAND"
>rndc</B
> controls the operation of a name
server. It supersedes the <B
CLASS="COMMAND"
>ndc</B
> utility
that was provided in old BIND releases. If
<B
CLASS="COMMAND"
>rndc</B
> is invoked with no command line
options or arguments, it prints a short summary of the
supported commands and the available options and their
arguments.
</P
><P
> <B
CLASS="COMMAND"
>rndc</B
> communicates with the name server
over a TCP connection, sending commands authenticated with
digital signatures. In the current versions of
<B
CLASS="COMMAND"
>rndc</B
> and <B
CLASS="COMMAND"
>named</B
> named
the only supported authentication algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection.
This provides TSIG-style authentication for the command
request and the name server's response. All commands sent
over the channel must be signed by a key_id known to the
server.
</P
><P
> <B
CLASS="COMMAND"
>rndc</B
> reads a configuration file to
determine how to contact the name server and decide what
algorithm and key it should use.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN43"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-c <TT
CLASS="REPLACEABLE"
><I
>config-file</I
></TT
></DT
><DD
><P
> Use <TT
CLASS="REPLACEABLE"
><I
>config-file</I
></TT
>
as the configuration file instead of the default,
<TT
CLASS="FILENAME"
>/etc/rndc.conf</TT
>.
</P
></DD
><DT
>-s <TT
CLASS="REPLACEABLE"
><I
>server</I
></TT
></DT
><DD
><P
> <TT
CLASS="REPLACEABLE"
><I
>server</I
></TT
> is
the name or address of the server which matches a
server statement in the configuration file for
<B
CLASS="COMMAND"
>rndc</B
>. If no server is supplied on the
command line, the host named by the default-server clause
in the option statement of the configuration file will be
used.
</P
></DD
><DT
>-p <TT
CLASS="REPLACEABLE"
><I
>port</I
></TT
></DT
><DD
><P
> Send commands to TCP port
<TT
CLASS="REPLACEABLE"
><I
>port</I
></TT
> instead
of BIND 9's default control channel port, 953.
</P
></DD
><DT
>-y <TT
CLASS="REPLACEABLE"
><I
>keyid</I
></TT
></DT
><DD
><P
> Use the key <TT
CLASS="REPLACEABLE"
><I
>keyid</I
></TT
>
from the configuration file.
<TT
CLASS="REPLACEABLE"
><I
>keyid</I
></TT
> must be
known by named with the same algorithm and secret string
in order for control message validation to succeed.
If no <TT
CLASS="REPLACEABLE"
><I
>keyid</I
></TT
>
is specified, <B
CLASS="COMMAND"
>rndc</B
> will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
host, then the default-key clause of the options statement.
Note that the configuration file contains shared secrets
which are used to send authenticated control commands
to name servers. It should therefore not have general read
or write access.
</P
></DD
><DT
>-v</DT
><DD
><P
> Enable verbose logging.
</P
></DD
></DL
></DIV
><P
> For the complete set of commands supported by <B
CLASS="COMMAND"
>rndc</B
>,
see the BIND 9 Administrator Reference Manual or run
<B
CLASS="COMMAND"
>rndc</B
> without arguments to see its help message.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN82"
></A
><H2
>LIMITATIONS</H2
><P
> <B
CLASS="COMMAND"
>rndc</B
> does not yet support all the commands of
the BIND 8 <B
CLASS="COMMAND"
>ndc</B
> utility.
</P
><P
> There is currently no way to provide the shared secret for a
<TT
CLASS="OPTION"
>key_id</TT
> without using the configuration file.
</P
><P
> Several error messages could be clearer.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN90"
></A
><H2
>SEE ALSO</H2
><P
> <SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>rndc.conf</SPAN
>(5)</SPAN
>,
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>named</SPAN
>(8)</SPAN
>,
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>named.conf</SPAN
>(5)</SPAN
>
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>ndc</SPAN
>(8)</SPAN
>,
<I
CLASS="CITETITLE"
>BIND 9 Administrator Reference Manual</I
>.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN106"
></A
><H2
>AUTHOR</H2
><P
> Internet Software Consortium
</P
></DIV
></BODY
></HTML
>