diff options
Diffstat (limited to 'doc/arm/Bv9ARM.ch03.html')
| -rw-r--r-- | doc/arm/Bv9ARM.ch03.html | 300 |
1 files changed, 6 insertions, 294 deletions
diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html index 2aee2472f92b1..91a4a3fe7d0ce 100644 --- a/doc/arm/Bv9ARM.ch03.html +++ b/doc/arm/Bv9ARM.ch03.html @@ -54,7 +54,7 @@ <dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568372">Name Server Operations</a></span></dt> <dd><dl> <dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568377">Tools for Use With the Name Server Daemon</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570424">Signals</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2569430">Signals</a></span></dt> </dl></dd> </dl> </div> @@ -445,300 +445,12 @@ zone "eng.example.com" { it will display a usage message as follows: </p> <div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div> -<p>The <span><strong class="command">command</strong></span> - is one of the following: +<p>See <a href="man.rndc.html" title="rndc"><span class="refentrytitle"><span class="application">rndc</span></span>(8)</a> for details of + the available <span><strong class="command">rndc</strong></span> commands. </p> -<div class="variablelist"><dl> -<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt> -<dd><p> - Reload configuration file and zones. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em> - [<span class="optional"><em class="replaceable"><code>class</code></em> - [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> -<dd><p> - Reload the given zone. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em> - [<span class="optional"><em class="replaceable"><code>class</code></em> - [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> -<dd><p> - Schedule zone maintenance for the given zone. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em> - - [<span class="optional"><em class="replaceable"><code>class</code></em> - [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> -<dd><p> - Retransfer the given zone from the master. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>sign <em class="replaceable"><code>zone</code></em> - [<span class="optional"><em class="replaceable"><code>class</code></em> - [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> -<dd> -<p> - Fetch all DNSSEC keys for the given zone - from the key directory (see - <span><strong class="command">key-directory</strong></span> in - <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and - Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and - Usage”</a>). If they are within - their publication period, merge them into the - zone's DNSKEY RRset. If the DNSKEY RRset - is changed, then the zone is automatically - re-signed with the new key set. - </p> -<p> - This command requires that the - <span><strong class="command">auto-dnssec</strong></span> zone option be set - to <code class="literal">allow</code> or - <code class="literal">maintain</code>, - and also requires the zone to be configured to - allow dynamic DNS. - See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a> for - more details. - </p> -</dd> -<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em> - [<span class="optional"><em class="replaceable"><code>class</code></em> - [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> -<dd> -<p> - Fetch all DNSSEC keys for the given zone - from the key directory (see - <span><strong class="command">key-directory</strong></span> in - <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and - Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and - Usage”</a>). If they are within - their publication period, merge them into the - zone's DNSKEY RRset. Unlike <span><strong class="command">rndc - sign</strong></span>, however, the zone is not - immediately re-signed by the new keys, but is - allowed to incrementally re-sign over time. - </p> -<p> - This command requires that the - <span><strong class="command">auto-dnssec</strong></span> zone option - be set to <code class="literal">maintain</code>, - and also requires the zone to be configured to - allow dynamic DNS. - See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a> for - more details. - </p> -</dd> -<dt><span class="term"><strong class="userinput"><code>freeze - [<span class="optional"><em class="replaceable"><code>zone</code></em> - [<span class="optional"><em class="replaceable"><code>class</code></em> - [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> -<dd><p> - Suspend updates to a dynamic zone. If no zone is - specified, - then all zones are suspended. This allows manual - edits to be made to a zone normally updated by dynamic - update. It - also causes changes in the journal file to be synced - into the master - and the journal file to be removed. All dynamic - update attempts will - be refused while the zone is frozen. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>thaw - [<span class="optional"><em class="replaceable"><code>zone</code></em> - [<span class="optional"><em class="replaceable"><code>class</code></em> - [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> -<dd><p> - Enable updates to a frozen dynamic zone. If no zone - is - specified, then all frozen zones are enabled. This - causes - the server to reload the zone from disk, and - re-enables dynamic updates - after the load has completed. After a zone is thawed, - dynamic updates - will no longer be refused. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em> - [<span class="optional"><em class="replaceable"><code>class</code></em> - [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> -<dd><p> - Resend NOTIFY messages for the zone. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt> -<dd><p> - Reload the configuration file and load new zones, - but do not reload existing zone files even if they - have changed. - This is faster than a full <span><strong class="command">reload</strong></span> when there - is a large number of zones because it avoids the need - to examine the - modification times of the zones files. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt> -<dd><p> - Write server statistics to the statistics file. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>querylog</code></strong></span></dt> -<dd><p> - Toggle query logging. Query logging can also be enabled - by explicitly directing the <span><strong class="command">queries</strong></span> - <span><strong class="command">category</strong></span> to a - <span><strong class="command">channel</strong></span> in the - <span><strong class="command">logging</strong></span> section of - <code class="filename">named.conf</code> or by specifying - <span><strong class="command">querylog yes;</strong></span> in the - <span><strong class="command">options</strong></span> section of - <code class="filename">named.conf</code>. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>dumpdb - [<span class="optional">-all|-cache|-zone</span>] - [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt> -<dd><p> - Dump the server's caches (default) and/or zones to - the - dump file for the specified views. If no view is - specified, all - views are dumped. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>secroots - [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt> -<dd><p> - Dump the server's security roots to the secroots - file for the specified views. If no view is - specified, security roots for all - views are dumped. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt> -<dd><p> - Stop the server, making sure any recent changes - made through dynamic update or IXFR are first saved to - the master files of the updated zones. - If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned. - This allows an external process to determine when <span><strong class="command">named</strong></span> - had completed stopping. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt> -<dd><p> - Stop the server immediately. Recent changes - made through dynamic update or IXFR are not saved to - the master files, but will be rolled forward from the - journal files when the server is restarted. - If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned. - This allows an external process to determine when <span><strong class="command">named</strong></span> - had completed halting. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt> -<dd><p> - Increment the servers debugging level by one. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt> -<dd><p> - Sets the server's debugging level to an explicit - value. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt> -<dd><p> - Sets the server's debugging level to 0. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt> -<dd><p> - Flushes the server's cache. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em></span></dt> -<dd><p> - Flushes the given name from the server's cache. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt> -<dd><p> - Display status of the server. - Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone - and the default <span><strong class="command">./IN</strong></span> - hint zone if there is not an - explicit root zone configured. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt> -<dd><p> - Dump the list of queries <span><strong class="command">named</strong></span> is currently recursing - on. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>validation - [<span class="optional">on|off</span>] - [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>] - </code></strong></span></dt> -<dd><p> - Enable or disable DNSSEC validation. - Note <span><strong class="command">dnssec-enable</strong></span> also needs to be - set to <strong class="userinput"><code>yes</code></strong> to be effective. - It defaults to enabled. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt> -<dd><p> - List the names of all TSIG keys currently configured - for use by <span><strong class="command">named</strong></span> in each view. The - list both statically configured keys and dynamic - TKEY-negotiated keys. - </p></dd> -<dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong> - <em class="replaceable"><code>keyname</code></em> - [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt> -<dd><p> - Delete a given TKEY-negotiated key from the server. - (This does not apply to statically configured TSIG - keys.) - </p></dd> -<dt><span class="term"><strong class="userinput"><code>addzone - <em class="replaceable"><code>zone</code></em> - [<span class="optional"><em class="replaceable"><code>class</code></em> - [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] - <em class="replaceable"><code>configuration</code></em> - </code></strong></span></dt> -<dd> -<p> - Add a zone while the server is running. This - command requires the - <span><strong class="command">allow-new-zones</strong></span> option to be set - to <strong class="userinput"><code>yes</code></strong>. The - <em class="replaceable"><code>configuration</code></em> string - specified on the command line is the zone - configuration text that would ordinarily be - placed in <code class="filename">named.conf</code>. - </p> -<p> - The configuration is saved in a file called - <code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>, - where <em class="replaceable"><code>hash</code></em> is a - cryptographic hash generated from the name of - the view. When <span><strong class="command">named</strong></span> is - restarted, the file will be loaded into the view - configuration, so that zones that were added - can persist after a restart. - </p> -<p> - This sample <span><strong class="command">addzone</strong></span> command - would add the zone <code class="literal">example.com</code> - to the default view: - </p> -<p> -<code class="prompt">$ </code><strong class="userinput"><code>rndc addzone example.com '{ type master; file "example.com.db"; };'</code></strong> - </p> -<p> - (Note the brackets and semi-colon around the zone - configuration text.) - </p> -</dd> -<dt><span class="term"><strong class="userinput"><code>delzone - <em class="replaceable"><code>zone</code></em> - [<span class="optional"><em class="replaceable"><code>class</code></em> - [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] - </code></strong></span></dt> -<dd><p> - Delete a zone while the server is running. - Only zones that were originally added via - <span><strong class="command">rndc addzone</strong></span> can be deleted - in this matter. - </p></dd> -</dl></div> <p> - A configuration file is required, since all + <span><strong class="command">rndc</strong></span> requires a configuration file, + since all communication with the server is authenticated with digital signatures that rely on a shared secret, and there is no way to provide that secret other than with a @@ -888,7 +600,7 @@ controls { </div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2570424"></a>Signals</h3></div></div></div> +<a name="id2569430"></a>Signals</h3></div></div></div> <p> Certain UNIX signals cause the name server to take specific actions, as described in the following table. These signals can |