mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-19 08:33:44 -04:00
166 lines
4.4 KiB
Groff
166 lines
4.4 KiB
Groff
.\" Copyright (C) @YEARS@ Internet Software Consortium.
|
|
.\"
|
|
.\" Permission to use, copy, modify, and distribute this software for any
|
|
.\" purpose with or without fee is hereby granted, provided that the above
|
|
.\" copyright notice and this permission notice appear in all copies.
|
|
.\"
|
|
.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
|
|
.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
|
|
.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
|
|
.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
|
|
.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
|
|
.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
|
|
.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
|
|
.\" SOFTWARE.
|
|
.\"
|
|
.\" $Id: rndc.8,v 1.6 2000/07/12 16:48:19 gson Exp $
|
|
.\"
|
|
.Dd Jun 30, 2000
|
|
.Dt RDNC 8
|
|
.Os BIND9 9
|
|
.ds vT BIND9 Programmer's Manual
|
|
.Sh NAME
|
|
.Nm rdnc
|
|
.Nd name server control utility
|
|
.Sh SYNOPSIS
|
|
.Nm rndc
|
|
.Op Fl c Ar config-file
|
|
.Op Fl M
|
|
.Op Fl m
|
|
.Op Fl p Ar port#
|
|
.Op Fl s Ar server
|
|
.Op Fl v
|
|
.Op Fl y Ar key_id
|
|
.Ar command ....
|
|
.Sh DESCRIPTION
|
|
This command allows the system administrator to control the operation
|
|
of a name server.
|
|
It supersedes the
|
|
.Xr ndc 8
|
|
utility that was provided in old BIND releases.
|
|
If
|
|
.Nm rndc
|
|
is invoked with no command line options or arguments, it
|
|
prints a short summary of the supported commands and the available
|
|
options and their arguments.
|
|
.Pp
|
|
.Nm rndc
|
|
communicates with the name server over a TCP connection,
|
|
sending commands authenticated with digital signatures.
|
|
In the current versions of
|
|
.Nm rndc
|
|
and
|
|
.Xr named 8
|
|
the only supported encryption algorithm is HMAC-MD5, which uses a
|
|
shared secret on each end of the connection.
|
|
This provides TSIG-style authentication for the command request
|
|
and the name server's response.
|
|
All commands sent over the channel
|
|
must be signed by a key_id known to the server.
|
|
.Pp
|
|
.Nm rndc
|
|
reads its default configuration file,
|
|
.Pa /etc/rndc.conf
|
|
to determine how to contact the name server and decide what algorithm
|
|
and keys is should use.
|
|
The
|
|
.Fl c
|
|
option can be used to specify an alternate configuration file.
|
|
.Pp
|
|
.Ar server
|
|
is the name or address of the server which matches a
|
|
.Dv server{}
|
|
statement in the configuration file for
|
|
.Nm rndc .
|
|
If no
|
|
.Ar server
|
|
is supplied on the command line, the host named by the
|
|
.Dv default-server
|
|
clause in the
|
|
.Dv options{}
|
|
statement of the configuration file will be used.
|
|
.Pp
|
|
The
|
|
.Fl p
|
|
option can be used to make
|
|
.Nm rndc
|
|
send commands to TCP port number
|
|
.Ar port#
|
|
on the system running the name server instead of BIND 9's
|
|
default control channel port of 953.
|
|
.Pp
|
|
The
|
|
.Fl y
|
|
option identifies the
|
|
.Ar key_id
|
|
to use from the configuration file.
|
|
.Ar key_id
|
|
must be known by
|
|
.Xr named
|
|
with the same algorithm and secret string in order for
|
|
control message validation to succeed.
|
|
If no
|
|
.Fl y
|
|
option is provided,
|
|
.Nm rndc
|
|
will first look for a
|
|
.Dv key
|
|
clause in the
|
|
.Dv server{}
|
|
statement of the server being used, or if no
|
|
.Dv server{}
|
|
statement is present for that host, then the
|
|
.Dv default-key
|
|
clause of the
|
|
.Dv options{}
|
|
statement.
|
|
Note that the configuration file for
|
|
.Nm rdnc
|
|
contains shared secrets which are used to send authenticated
|
|
control commands to name servers.
|
|
It should therefore not have general read or write access.
|
|
.Pp
|
|
The
|
|
.Fl M ,
|
|
.Fl m ,
|
|
and
|
|
.Fl v
|
|
options provided debugging information and are primarily of interest
|
|
only to the BIND 9 developers.
|
|
They might be changed or removed in future releases.
|
|
.Pp
|
|
The only valid value for
|
|
.Ar command
|
|
is \*qreload\*q, which forces the name server to reload its configuation
|
|
file and zones.
|
|
Further commands will be provided in future releases as the management
|
|
capabilities of
|
|
.Nm rndc
|
|
are extended.
|
|
.Sh LIMITATIONS
|
|
.Nm rndc
|
|
currently only supports the
|
|
.Dv reload
|
|
command.
|
|
Future releases will provide more commands so that
|
|
.Nm rndc
|
|
offers at least as many management capabilities as the old
|
|
.Xr ndc
|
|
utility.
|
|
.Pp
|
|
There is currently no way to provide the shared secret for a key_id
|
|
without using the configuration file.
|
|
.Pp
|
|
Several error messages could be clearer.
|
|
For example, trying to connect
|
|
from an address that is not in the list of acceptable addresses
|
|
configured into
|
|
.Xr named
|
|
will result in the error message "end of file" when the server
|
|
unceremoniously closes the connection.
|
|
.Sh SEE ALSO
|
|
.Xr rndc.conf 5 ,
|
|
.Xr named 8 ,
|
|
.Xr named.conf 5 ,
|
|
.Xr RFC2845 ,
|
|
.Xr ndc 8 .
|