System Administration Commands rndc(1M)
NAME
rndc - name server control utility
SYNOPSIS
rndc [-V] [-c config-file] [-k key-file] [-s server]
[-p port] [-y keyid] command
DESCRIPTION
The rndc utility controls the operation of a name server. It
supersedes the ndc utility that was provided in previous
BIND releases. If rndc is invoked with no command line
options or arguments, it prints a short summary of the sup-
ported commands and the available options and their argu-
ments.
The rndc utility communicates with the name server over a
TCP connection, sending commands authenticated with digital
signatures. The only supported authentication algorithm in
the current versions of rndc and named(1M) is HMAC-MD5,
which uses a shared secret on each end of the connection.
This algorithm provides TSIG-style authentication for the
command request and the name server's response. All commands
sent over the channel must be signed by a keyid known to
the server.
The rndc utility reads a configuration file to determine how
to contact the name server and decide what algorithm and key
it should use.
OPTIONS
The following options are supported:
-c config-file Use config-file as the configuration file
instead of the default /etc/rndc.conf.
-k key-file Use key-file as the key file instead of
the default, /etc/rndc.key. The key in
/etc/rndc.key is used to authenticate com-
mands sent to the server if the config-
file does not exist.
-s server The server argument is the name or address
of the server that matches a server state-
ment in the configuration file for rndc.
If no server is supplied on the command
line, the host named by the default-server
clause in the options statement of the
SunOS 5.11 Last change: 24 Dec 2008 1
System Administration Commands rndc(1M)
rndc configuration file is used.
-p port Send commands to TCP port port instead of
BIND 9's default control channel port,
953.
-V Enable verbose logging.
-y keyid Use the key keyid from the configuration
file. The keyid argument must be known by
named with the same algorithm and secret
string for control message validation to
succeed. If no keyid is specified, rndc
will first look for a key clause in the
server statement of the server being used,
or if no server statement is present for
that host, then the default-key clause of
the options statement. The configuration
file contains shared secrets that are used
to send authenticated control commands to
name servers. It should therefore not have
general read or write access.
For the complete set of commands supported by rndc, see the
BIND 9 Administrator Reference Manual or run rndc without
arguments to see its help message.
LIMITATIONS
The rndc utility does not support all the commands of the
BIND 8 ndc utility.
There is no way to provide the shared secret for a keyid
without using the configuration file.
Several error messages could be clearer.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 24 Dec 2008 2
System Administration Commands rndc(1M)
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWbind
Interface Stability External
SEE ALSO
named(1M), rndc-confgen(1M), rndc.conf(4), attributes(5)
BIND 9 Administrator Reference Manual
SunOS 5.11 Last change: 24 Dec 2008 3
|
