diff options
Diffstat (limited to 'doc/arm/man.rndc.html')
-rw-r--r-- | doc/arm/man.rndc.html | 160 |
1 files changed, 77 insertions, 83 deletions
diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index 731a560c7207a..59a1360e7ecb1 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -14,13 +14,12 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>rndc</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> -<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> +<meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> +<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> <link rel="up" href="Bv9ARM.ch13.html" title="Manual pages"> <link rel="prev" href="man.nsupdate.html" title="nsupdate"> <link rel="next" href="man.rndc.conf.html" title="rndc.conf"> @@ -39,7 +38,7 @@ </table> <hr> </div> -<div class="refentry" lang="en"> +<div class="refentry"> <a name="man.rndc"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> @@ -49,22 +48,22 @@ <h2>Synopsis</h2> <div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2644753"></a><h2>DESCRIPTION</h2> -<p><span><strong class="command">rndc</strong></span> +<div class="refsection"> +<a name="id-1.14.21.7"></a><h2>DESCRIPTION</h2> +<p><span class="command"><strong>rndc</strong></span> controls the operation of a name - server. It supersedes the <span><strong class="command">ndc</strong></span> utility + server. It supersedes the <span class="command"><strong>ndc</strong></span> utility that was provided in old BIND releases. If - <span><strong class="command">rndc</strong></span> is invoked with no command line + <span class="command"><strong>rndc</strong></span> is invoked with no command line options or arguments, it prints a short summary of the supported commands and the available options and their arguments. </p> -<p><span><strong class="command">rndc</strong></span> +<p><span class="command"><strong>rndc</strong></span> communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of - <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>, + <span class="command"><strong>rndc</strong></span> and <span class="command"><strong>named</strong></span>, the only supported authentication algorithm is HMAC-MD5, which uses a shared secret on each end of the connection. This provides TSIG-style authentication for the command @@ -72,15 +71,15 @@ over the channel must be signed by a key_id known to the server. </p> -<p><span><strong class="command">rndc</strong></span> +<p><span class="command"><strong>rndc</strong></span> reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use. </p> </div> -<div class="refsect1" lang="en"> -<a name="id2644803"></a><h2>OPTIONS</h2> -<div class="variablelist"><dl> +<div class="refsection"> +<a name="id-1.14.21.8"></a><h2>OPTIONS</h2> +<div class="variablelist"><dl class="variablelist"> <dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt> <dd><p> Use <em class="replaceable"><code>source-address</code></em> @@ -108,9 +107,9 @@ <dd><p><em class="replaceable"><code>server</code></em> is the name or address of the server which matches a server statement in the configuration file for - <span><strong class="command">rndc</strong></span>. If no server is supplied on the + <span class="command"><strong>rndc</strong></span>. If no server is supplied on the command line, the host named by the default-server clause - in the options statement of the <span><strong class="command">rndc</strong></span> + in the options statement of the <span class="command"><strong>rndc</strong></span> configuration file will be used. </p></dd> <dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt> @@ -130,10 +129,10 @@ from the configuration file. <em class="replaceable"><code>key_id</code></em> must be - known by <span><strong class="command">named</strong></span> with the same algorithm and secret string + known by <span class="command"><strong>named</strong></span> with the same algorithm and secret string in order for control message validation to succeed. If no <em class="replaceable"><code>key_id</code></em> - is specified, <span><strong class="command">rndc</strong></span> will first look + is specified, <span class="command"><strong>rndc</strong></span> will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default-key clause of the options statement. @@ -144,22 +143,22 @@ </p></dd> </dl></div> </div> -<div class="refsect1" lang="en"> -<a name="id2645564"></a><h2>COMMANDS</h2> +<div class="refsection"> +<a name="id-1.14.21.9"></a><h2>COMMANDS</h2> <p> - A list of commands supported by <span><strong class="command">rndc</strong></span> can - be seen by running <span><strong class="command">rndc</strong></span> without arguments. + A list of commands supported by <span class="command"><strong>rndc</strong></span> can + be seen by running <span class="command"><strong>rndc</strong></span> without arguments. </p> <p> Currently supported commands are: </p> -<div class="variablelist"><dl> +<div class="variablelist"><dl class="variablelist"> <dt><span class="term"><strong class="userinput"><code>addzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] <em class="replaceable"><code>configuration</code></em> </code></strong></span></dt> <dd> <p> Add a zone while the server is running. This command requires the - <span><strong class="command">allow-new-zones</strong></span> option to be set + <span class="command"><strong>allow-new-zones</strong></span> option to be set to <strong class="userinput"><code>yes</code></strong>. The <em class="replaceable"><code>configuration</code></em> string specified on the command line is the zone @@ -171,13 +170,13 @@ <code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>, where <em class="replaceable"><code>hash</code></em> is a cryptographic hash generated from the name of - the view. When <span><strong class="command">named</strong></span> is + the view. When <span class="command"><strong>named</strong></span> is restarted, the file will be loaded into the view configuration, so that zones that were added can persist after a restart. </p> <p> - This sample <span><strong class="command">addzone</strong></span> command + This sample <span class="command"><strong>addzone</strong></span> command would add the zone <code class="literal">example.com</code> to the default view: </p> @@ -189,7 +188,7 @@ configuration text.) </p> <p> - See also <span><strong class="command">rndc delzone</strong></span>. + See also <span class="command"><strong>rndc delzone</strong></span>. </p> </dd> <dt><span class="term"><strong class="userinput"><code>delzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt> @@ -197,11 +196,11 @@ <p> Delete a zone while the server is running. Only zones that were originally added via - <span><strong class="command">rndc addzone</strong></span> can be deleted - in this manner. + <span class="command"><strong>rndc addzone</strong></span> can be deleted + in this manner. </p> <p> - See also <span><strong class="command">rndc addzone</strong></span> + See also <span class="command"><strong>rndc addzone</strong></span> </p> </dd> <dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zone|-adb|-bad</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt> @@ -211,7 +210,7 @@ dump file for the specified views. If no view is specified, all views are dumped. - (See the <span><strong class="command">dump-file</strong></span> option in + (See the <span class="command"><strong>dump-file</strong></span> option in the BIND 9 Administrator Reference Manual.) </p></dd> <dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt> @@ -243,7 +242,7 @@ the zone is frozen. </p> <p> - See also <span><strong class="command">rndc thaw</strong></span>. + See also <span class="command"><strong>rndc thaw</strong></span>. </p> </dd> <dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt> @@ -253,12 +252,12 @@ made through dynamic update or IXFR are not saved to the master files, but will be rolled forward from the journal files when the server is restarted. - If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned. - This allows an external process to determine when <span><strong class="command">named</strong></span> + If <code class="option">-p</code> is specified <span class="command"><strong>named</strong></span>'s process id is returned. + This allows an external process to determine when <span class="command"><strong>named</strong></span> had completed halting. </p> <p> - See also <span><strong class="command">rndc stop</strong></span>. + See also <span class="command"><strong>rndc stop</strong></span>. </p> </dd> <dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> @@ -267,14 +266,14 @@ Fetch all DNSSEC keys for the given zone from the key directory. If they are within their publication period, merge them into the - zone's DNSKEY RRset. Unlike <span><strong class="command">rndc + zone's DNSKEY RRset. Unlike <span class="command"><strong>rndc sign</strong></span>, however, the zone is not immediately re-signed by the new keys, but is allowed to incrementally re-sign over time. </p> <p> This command requires that the - <span><strong class="command">auto-dnssec</strong></span> zone option + <span class="command"><strong>auto-dnssec</strong></span> zone option be set to <code class="literal">maintain</code>, and also requires the zone to be configured to allow dynamic DNS. @@ -292,7 +291,7 @@ Sets the server's debugging level to 0. </p> <p> - See also <span><strong class="command">rndc trace</strong></span>. + See also <span class="command"><strong>rndc trace</strong></span>. </p> </dd> <dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional">on|off</span>] </span></dt> @@ -304,13 +303,13 @@ </p> <p> Query logging can also be enabled - by explicitly directing the <span><strong class="command">queries</strong></span> - <span><strong class="command">category</strong></span> to a - <span><strong class="command">channel</strong></span> in the - <span><strong class="command">logging</strong></span> section of + by explicitly directing the <span class="command"><strong>queries</strong></span> + <span class="command"><strong>category</strong></span> to a + <span class="command"><strong>channel</strong></span> in the + <span class="command"><strong>logging</strong></span> section of <code class="filename">named.conf</code> or by specifying - <span><strong class="command">querylog yes;</strong></span> in the - <span><strong class="command">options</strong></span> section of + <span class="command"><strong>querylog yes;</strong></span> in the + <span class="command"><strong>options</strong></span> section of <code class="filename">named.conf</code>. </p> </dd> @@ -319,14 +318,14 @@ Reload the configuration file and load new zones, but do not reload existing zone files even if they have changed. - This is faster than a full <span><strong class="command">reload</strong></span> when there + This is faster than a full <span class="command"><strong>reload</strong></span> when there is a large number of zones because it avoids the need to examine the modification times of the zones files. </p></dd> <dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt> <dd><p> - Dump the list of queries <span><strong class="command">named</strong></span> is currently + Dump the list of queries <span class="command"><strong>named</strong></span> is currently recursing on, and the list of domains to which iterative queries are currently being sent. (The second list includes the number of fetches currently active for the given domain, @@ -352,7 +351,7 @@ </p> <p> If the zone is configured to use - <span><strong class="command">inline-signing</strong></span>, the signed + <span class="command"><strong>inline-signing</strong></span>, the signed version of the zone is discarded; after the retransfer of the unsigned version is complete, the signed version will be regenerated with all new @@ -370,8 +369,8 @@ <dd> <p> Fetch all DNSSEC keys for the given zone - from the key directory (see the - <span><strong class="command">key-directory</strong></span> option in + from the key directory (see the + <span class="command"><strong>key-directory</strong></span> option in the BIND 9 Administrator Reference Manual). If they are within their publication period, merge them into the zone's DNSKEY RRset. If the DNSKEY RRset @@ -380,7 +379,7 @@ </p> <p> This command requires that the - <span><strong class="command">auto-dnssec</strong></span> zone option be set + <span class="command"><strong>auto-dnssec</strong></span> zone option be set to <code class="literal">allow</code> or <code class="literal">maintain</code>, and also requires the zone to be configured to @@ -389,7 +388,7 @@ Reference Manual for more details.) </p> <p> - See also <span><strong class="command">rndc loadkeys</strong></span>. + See also <span class="command"><strong>rndc loadkeys</strong></span>. </p> </dd> <dt><span class="term"><strong class="userinput"><code>signing [<span class="optional">( -list | -clear <em class="replaceable"><code>keyid/algorithm</code></em> | -clear <code class="literal">all</code> | -nsec3param ( <em class="replaceable"><code>parameters</code></em> | <code class="literal">none</code> ) ) </span>] <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt> @@ -400,33 +399,33 @@ operations (such as signing or generating NSEC3 chains) is stored in the zone in the form of DNS resource records of type - <span><strong class="command">sig-signing-type</strong></span>. - <span><strong class="command">rndc signing -list</strong></span> converts + <span class="command"><strong>sig-signing-type</strong></span>. + <span class="command"><strong>rndc signing -list</strong></span> converts these records into a human-readable form, indicating which keys are currently signing or have finished signing the zone, and which NSEC3 chains are being created or removed. </p> <p> - <span><strong class="command">rndc signing -clear</strong></span> can remove + <span class="command"><strong>rndc signing -clear</strong></span> can remove a single key (specified in the same format that - <span><strong class="command">rndc signing -list</strong></span> uses to + <span class="command"><strong>rndc signing -list</strong></span> uses to display it), or all keys. In either case, only completed keys are removed; any record indicating that a key has not yet finished signing the zone will be retained. </p> <p> - <span><strong class="command">rndc signing -nsec3param</strong></span> sets + <span class="command"><strong>rndc signing -nsec3param</strong></span> sets the NSEC3 parameters for a zone. This is the only supported mechanism for using NSEC3 with - <span><strong class="command">inline-signing</strong></span> zones. + <span class="command"><strong>inline-signing</strong></span> zones. Parameters are specified in the same format as an NSEC3PARAM resource record: hash algorithm, flags, iterations, and salt, in that order. </p> <p> - Currently, the only defined value for hash algorithm + Currently, the only defined value for hash algorithm is <code class="literal">1</code>, representing SHA-1. The <code class="option">flags</code> may be set to <code class="literal">0</code> or <code class="literal">1</code>, @@ -442,13 +441,13 @@ So, for example, to create an NSEC3 chain using the SHA-1 hash algorithm, no opt-out flag, 10 iterations, and a salt value of "FFFF", use: - <span><strong class="command">rndc signing -nsec3param 1 0 10 FFFF <em class="replaceable"><code>zone</code></em></strong></span>. + <span class="command"><strong>rndc signing -nsec3param 1 0 10 FFFF <em class="replaceable"><code>zone</code></em></strong></span>. To set the opt-out flag, 15 iterations, and no salt, use: - <span><strong class="command">rndc signing -nsec3param 1 1 15 - <em class="replaceable"><code>zone</code></em></strong></span>. + <span class="command"><strong>rndc signing -nsec3param 1 1 15 - <em class="replaceable"><code>zone</code></em></strong></span>. </p> <p> - <span><strong class="command">rndc signing -nsec3param none</strong></span> + <span class="command"><strong>rndc signing -nsec3param none</strong></span> removes an existing NSEC3 chain and replaces it with NSEC. </p> @@ -456,14 +455,14 @@ <dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt> <dd><p> Write server statistics to the statistics file. - (See the <span><strong class="command">statistics-file</strong></span> option in + (See the <span class="command"><strong>statistics-file</strong></span> option in the BIND 9 Administrator Reference Manual.) </p></dd> <dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt> <dd><p> Display status of the server. - Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone - and the default <span><strong class="command">./IN</strong></span> + Note that the number of zones includes the internal <span class="command"><strong>bind/CH</strong></span> zone + and the default <span class="command"><strong>./IN</strong></span> hint zone if there is not an explicit root zone configured. </p></dd> @@ -473,11 +472,11 @@ Stop the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files of the updated zones. - If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned. - This allows an external process to determine when <span><strong class="command">named</strong></span> + If <code class="option">-p</code> is specified <span class="command"><strong>named</strong></span>'s process id is returned. + This allows an external process to determine when <span class="command"><strong>named</strong></span> had completed stopping. </p> -<p>See also <span><strong class="command">rndc halt</strong></span>.</p> +<p>See also <span class="command"><strong>rndc halt</strong></span>.</p> </dd> <dt><span class="term"><strong class="userinput"><code>sync [<span class="optional">-clean</span>] [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> <dd><p> @@ -496,13 +495,13 @@ load has completed. After a zone is thawed, dynamic updates will no longer be refused. If the zone has changed and the - <span><strong class="command">ixfr-from-differences</strong></span> option is + <span class="command"><strong>ixfr-from-differences</strong></span> option is in use, then the journal file will be updated to reflect changes in the zone. Otherwise, if the zone has changed, any existing journal file will be removed. </p> -<p>See also <span><strong class="command">rndc freeze</strong></span>.</p> +<p>See also <span class="command"><strong>rndc freeze</strong></span>.</p> </dd> <dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt> <dd><p> @@ -515,7 +514,7 @@ value. </p> <p> - See also <span><strong class="command">rndc notrace</strong></span>. + See also <span class="command"><strong>rndc notrace</strong></span>. </p> </dd> <dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong> <em class="replaceable"><code>keyname</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt> @@ -527,7 +526,7 @@ <dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt> <dd><p> List the names of all TSIG keys currently configured - for use by <span><strong class="command">named</strong></span> in each view. The + for use by <span class="command"><strong>named</strong></span> in each view. The list both statically configured keys and dynamic TKEY-negotiated keys. </p></dd> @@ -535,15 +534,15 @@ <dd><p> Enable, disable, or check the current status of DNSSEC validation. - Note <span><strong class="command">dnssec-enable</strong></span> also needs to be + Note <span class="command"><strong>dnssec-enable</strong></span> also needs to be set to <strong class="userinput"><code>yes</code></strong> or <strong class="userinput"><code>auto</code></strong> to be effective. It defaults to enabled. </p></dd> </dl></div> </div> -<div class="refsect1" lang="en"> -<a name="id2687854"></a><h2>LIMITATIONS</h2> +<div class="refsection"> +<a name="id-1.14.21.10"></a><h2>LIMITATIONS</h2> <p> There is currently no way to provide the shared secret for a <code class="option">key_id</code> without using the configuration file. @@ -552,8 +551,8 @@ Several error messages could be clearer. </p> </div> -<div class="refsect1" lang="en"> -<a name="id2687873"></a><h2>SEE ALSO</h2> +<div class="refsection"> +<a name="id-1.14.21.11"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, @@ -562,11 +561,6 @@ <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> -<div class="refsect1" lang="en"> -<a name="id2687928"></a><h2>AUTHOR</h2> -<p><span class="corpauthor">Internet Systems Consortium</span> - </p> -</div> </div> <div class="navfooter"> <hr> @@ -587,6 +581,6 @@ </tr> </table> </div> -<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p> </body> </html> |