2 - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
3 - Copyright (C) 2001 Internet Software Consortium.
5 - Permission to use, copy, modify, and distribute this software for any
6 - purpose with or without fee is hereby granted, provided that the above
7 - copyright notice and this permission notice appear in all copies.
9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 - PERFORMANCE OF THIS SOFTWARE.
18 <!-- $Id: rndc.html,v 1.7.2.3 2004/06/03 05:21:16 marka Exp $ -->
26 CONTENT="Modular DocBook HTML Stylesheet Version 1.73
53 > -- name server control utility</DIV
55 CLASS="REFSYNOPSISDIV"
121 > controls the operation of a name
122 server. It supersedes the <B
126 that was provided in old BIND releases. If
130 > is invoked with no command line
131 options or arguments, it prints a short summary of the
132 supported commands and the available options and their
139 > communicates with the name server
140 over a TCP connection, sending commands authenticated with
141 digital signatures. In the current versions of
149 the only supported authentication algorithm is HMAC-MD5,
150 which uses a shared secret on each end of the connection.
151 This provides TSIG-style authentication for the command
152 request and the name server's response. All commands sent
153 over the channel must be signed by a key_id known to the
160 > reads a configuration file to
161 determine how to contact the name server and decide what
162 algorithm and key it should use.
192 as the configuration file instead of the default,
214 as the key file instead of the default,
222 > will be used to authenticate
223 commands sent to the server if the <TT
247 the name or address of the server which matches a
248 server statement in the configuration file for
252 >. If no server is supplied on the
253 command line, the host named by the default-server clause
254 in the option statement of the configuration file will be
267 > Send commands to TCP port
274 of BIND 9's default control channel port, 953.
281 > Enable verbose logging.
299 from the configuration file.
306 known by named with the same algorithm and secret string
307 in order for control message validation to succeed.
318 for a key clause in the server statement of the server
319 being used, or if no server statement is present for that
320 host, then the default-key clause of the options statement.
321 Note that the configuration file contains shared secrets
322 which are used to send authenticated control commands
323 to name servers. It should therefore not have general read
330 > For the complete set of commands supported by <B
334 see the BIND 9 Administrator Reference Manual or run
338 > without arguments to see its help message.
352 > does not yet support all the commands of
359 > There is currently no way to provide the shared secret for a
363 > without using the configuration file.
366 > Several error messages could be clearer.
380 CLASS="REFENTRYTITLE"
387 CLASS="REFENTRYTITLE"
394 CLASS="REFENTRYTITLE"
401 CLASS="REFENTRYTITLE"
407 >BIND 9 Administrator Reference Manual</I
419 > Internet Systems Consortium