RNDC linux command manual

RNDC(8)                                                                RNDC(8)

       rndc - name server control utility

       rndc  [  -c config-file ]  [ -k key-file ]  [ -s server ]  [ -p port ]
       [ -V ]  [ -y key_id ]  command

       rndc controls the operation of a name server. It  supersedes  the  ndc
       utility  that  was  provided  in old BIND releases. If rndc is invoked
       with no command line options or arguments, it prints a  short  summary
       of  the  supported  commands and the available options and their argu-

       rndc communicates with the name server over a TCP connection,  sending
       commands  authenticated  with  digital signatures. In the current ver-
       sions of rndc and named named the only supported authentication  algo-
       rithm  is HMAC-MD5, which uses a shared secret on each end of the con-
       nection.  This provides  TSIG-style  authentication  for  the  command
       request  and  the  name  server's response. All commands sent over the
       channel must be signed by a key_id known to the server.

       rndc reads a configuration file to determine how to contact  the  name
       server and decide what algorithm and key it should use.

       -c config-file
              Use  config-file  as  the  configuration  file  instead  of the
              default, /etc/rndc.conf.

       -k key-file
              Use  key-file  as  the  key  file  instead  of   the   default,
              /etc/rndc.key. The key in /etc/rndc.key will be used to authen-
              ticate commands sent to the server if the config-file does  not

       -s server
              server  is  the  name  or address of the server which matches a
              server statement in the configuration  file  for  rndc.  If  no
              server  is  supplied on the command line, the host named by the
              default-server clause in the option statement of the configura-
              tion file will be used.

       -p port
              Send commands to TCP port port instead of BIND 9's default con-
              trol channel port, 953.

       -V     Enable verbose logging.

       -y keyid
              Use the key keyid from the configuration file.  keyid  must  be
              known  by  named  with  the same algorithm and secret string in
              order for control message validation to succeed.  If  no  keyid
              is  specified,  rndc  will  first  look for a key clause in the
              server statement of the server being  used,  or  if  no  server
              statement is present for that host, then the default-key clause
              of the options statement.  Note  that  the  configuration  file
              contains  shared  secrets  which are used to send authenticated
              control commands to name servers. It should therefore not  have
              general read or write access.

       For  the  complete  set  of commands supported by rndc, see the BIND 9
       Administrator Reference Manual or run rndc without  arguments  to  see
       its help message.

       rndc  does not yet support all the commands of the BIND 8 ndc utility.

       There is currently no way to provide the shared secret  for  a  key_id
       without using the configuration file.

       Several error messages could be clearer.

       rndc.conf(5),  named(8),  named.conf(5)  ndc(8),  BIND 9 Administrator
       Reference Manual.

       Internet Software Consortium

BIND9                           June 30, 2000                         RNDC(8)