Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OpenBSD-3.6)
Apropos / Subsearch:
optional field

RNDC(8)                                                   RNDC(8)

       rndc - name server control utility

       rndc [ -c config-file ]  [ -k key-file ]  [ -s server ]  [
       -p port ]  [ -V ]  [ -y key_id ]  command

       rndc controls the operation of a name  server.  It  super-
       sedes  the  ndc  utility  that  was  provided  in old BIND
       releases. If rndc is invoked with no command line  options
       or  arguments,  it prints a short summary of the supported
       commands and the available options and their arguments.

       rndc communicates with the name server over a TCP  connec-
       tion,  sending  commands authenticated with digital signa-
       tures. In the current versions of rndc and named named the
       only supported authentication algorithm is HMAC-MD5, which
       uses a shared secret on each end of the connection.   This
       provides TSIG-style authentication for the command request
       and the name server's response. All commands sent over the
       channel must be signed by a key_id known to the server.

       rndc  reads  a configuration file to determine how to con-
       tact the name server and decide what algorithm and key  it
       should use.

       -c config-file
              Use  config-file  as the configuration file instead
              of the default, /etc/rndc.conf.

       -k key-file
              Use  key-file  as  the  key  file  instead  of  the
              default,  /etc/rndc.key.  The  key in /etc/rndc.key
              will be used to authenticate commands sent  to  the
              server if the config-file does not exist.

       -s server
              server  is  the name or address of the server which
              matches a server  statement  in  the  configuration
              file for rndc. If no server is supplied on the com-
              mand line, the host  named  by  the  default-server
              clause in the option statement of the configuration
              file will be used.

       -p port
              Send commands to TCP port port instead of BIND  9's
              default control channel port, 953.

       -V     Enable verbose logging.

       -y keyid
              Use  the  key  keyid  from  the configuration file.

BIND9                     June 30, 2000                         1

RNDC(8)                                                   RNDC(8)

              keyid must be known by named with  the  same  algo-
              rithm  and  secret string in order for control mes-
              sage validation to succeed.  If no keyid is  speci-
              fied,  rndc will first look for a key clause in the
              server statement of the server being used, or if no
              server statement is present for that host, then the
              default-key clause of the options statement.   Note
              that the configuration file contains shared secrets
              which are used to send authenticated  control  com-
              mands to name servers. It should therefore not have
              general read or write access.

       For the complete set of commands supported  by  rndc,  see
       the  BIND  9  Administrator  Reference  Manual or run rndc
       without arguments to see its help message.

       rndc does not yet support all the commands of the  BIND  8
       ndc utility.

       There is currently no way to provide the shared secret for
       a key_id without using the configuration file.

       Several error messages could be clearer.

       rndc.conf(5),  named(8),  named.conf(5)  ndc(8),  BIND   9
       Administrator Reference Manual.

       Internet Software Consortium

BIND9                     June 30, 2000                         2