Index Index for
Section 8
Index Alphabetical
listing for R
Bottom of page Bottom of
page		 

RNDC(8)


NAME

  rndc - name server control utility


SYNOPSIS

  rndc [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id]
       {command}


DESCRIPTION

  rndc controls the operation of a name server. It supersedes the ndc utility
  that was provided in old BIND releases. If rndc is invoked with no command
  line options or arguments, it prints a short summary of the supported
  commands and the available options and their arguments.

  rndc communicates with the name server over a TCP connection, sending
  commands authenticated with digital signatures. In the current versions of
  rndc and named named the only supported authentication algorithm is
  HMAC-MD5, which uses a shared secret on each end of the connection. This
  provides TSIG-style authentication for the command request and the name
  server's response. All commands sent over the channel must be signed by a
  key_id known to the server.

  rndc reads a configuration file to determine how to contact the name server
  and decide what algorithm and key it should use.


OPTIONS

  -c config-file
     Use config-file as the configuration file instead of the default,
     /etc/rndc.conf.

  -k key-file
     Use key-file as the key file instead of the default, /etc/rndc.key. The
     key in /etc/rndc.key will be used to authenticate commands sent to the
     server if the config-file does not exist.

  -s server
     server is the name or address of the server which matches a server
     statement in the configuration file for rndc. If no server is supplied
     on the command line, the host named by the default-server clause in the
     option statement of the configuration file will be used.

  -p port
     Send commands to TCP port port instead of BIND 9's default control
     channel port, 953.

  -V Enable verbose logging.

  -y keyid
     Use the key keyid from the configuration file.  keyid must be known by
     named with the same algorithm and secret string in order for control
     message validation to succeed. If no keyid is specified, rndc will first
     look for a key clause in the server statement of the server being used,
     or if no server statement is present for that host, then the default-key
     clause of the options statement. Note that the configuration file
     contains shared secrets which are used to send authenticated control
     commands to name servers. It should therefore not have general read or
     write access.

  For the complete set of commands supported by rndc, see the BIND 9
  Administrator Reference Manual or run rndc without arguments to see its
  help message.


LIMITATIONS

  rndc does not yet support all the commands of the BIND 8 ndc utility.

  There is currently no way to provide the shared secret for a key_id without
  using the configuration file.

  Several error messages could be clearer.


SEE ALSO

  rndc.conf(5), named(8), named.conf(5) ndc(8), BIND 9 Administrator
  Reference Manual.


AUTHOR

  Internet Systems Consortium


COPYRIGHT

  Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")

Index Index for
Section 8
Index Alphabetical
listing for R
Top of page Top of
page