NAME
rndc — name server control utility
SYNOPSIS
rndc
[-c
config-file]
[-k
keyname]
[-m]
[-p
port#]
[-s
server]
[-V]
[-y
key_id]
command
[command...]
DESCRIPTION
This command allows the system administrator to control the operation
of a name server. If
rndc
is invoked without any command line options or arguments, it
prints a short summary of the supported commands and the available
options and their arguments.
rndc
communicates with the name server over a TCP connection,
sending commands authenticated with digital signatures.
In the current versions of
rndc,
the only supported encryption algorithm is HMAC-MD5, which uses a
shared secret on each end of the connection.
This provides TSIG-style authentication for the command request
and the name server's response. All commands sent over the channel
must be signed by a
key_id
known to the server.
rndc
reads its default configuration file,
/etc/rndc.conf
to determine how to contact the name server and decide what algorithm
and keys it should use.
Options
- -c config-file
This option can be used to specify an alternate configuration file. The
default configuration file is
/etc/rndc.conf.
- -k keyname
This option can be used to specify the keyname of the
rndc
authentication key. This must be a valid domain name. Default is
rndc-key.
- -m
Provides debugging information to the developers.
- -p port#
This option specifies that
rndc
should send commands to TCP port number
port#
on the system running the name server instead of BIND 9.1.3's
default control channel port, 953.
- -s server
This option is used to specify the server on which this command is run.
server
is the name or address of the server which matches a
server
statement in the configuration file for
rndc.
If no
server
is supplied on the command line, the host named by the
default-server
clause in the
options
statement of the configuration file,
rndc.conf
will be used.
- -V
Provides debugging information and is primarily of interest
only to the BIND 9 developers.
- -y key_id
This option identifies the
key_id
to use from the configuration file.
key_id
must be known to
named
with the same algorithm and secret string for
control message validation to succeed.
If the
-y
option is not specified,
rndc
will first look for a
key
clause in the
server
statement of
rndc.conf
file. If no
server
statement is present for that host, then the
default-key
clause of the
options
statement of the configuration file,
rndc.conf
will be used.
- command
command
is one of the following:
- reload
Reload configuration file and zones.
- reload zone
Reload the given zone.
- refresh zone
Schedule zone maintenance for the given zone.
- stats
Write server statistics to the statistics file as specified by
the
statistics-file
directive of the
options
statement in the
named.conf
configuration file.
If the
statistics-file
directive is not specified,
the statistics is dumped to the
named.stats
file in the directory
specified by the
directory
directive of the
options
statement in the
named.conf
configuration file.
- querylog
Toggle query logging.
- dumpdb
Dump the current contents of the cache into the file specified by
the
dump-file
directive of the
options
statement in the configuration file,
named.conf.
If the
dump-file
directive is not specified,
the cache data is dumped to the
named_dump.db
file in the directory
specified by the
directory
directive of the
options
statement in the
named.conf
configuration file.
- stop
Stop the server. Before stopping the server, any recent changes made
through dynamic update or IXFR will be saved to the master files of
the updated zones.
- halt
Halt the server immediately. Any recent changes made through dynamic
update or IXFR will not be saved to the master files. They are rolled
forward from the journal files when the server is restarted.
- reconfig
Reload configuration file and new zones only.
- trace
Increment debugging level by 1.
- trace level
Change the debugging level.
- notrace
Set debugging level to 1.
- flush
Flush all the server's caches.
- flush [view]
Flush the server's cache for a view.
- status
Display the status of the server.
LIMITATIONS
Note that the configuration file for
rndc
contains shared secrets which are used to send authenticated
control commands to name servers.
It should therefore not have general read or write access.
There is currently no way to provide the shared secret for a
key_id
without using the configuration file.
AUTHOR
rndc
was developed by ISC (Internet Software Consortium).
