System Administration Commands rndc(1M)
NAME
rndc - name server control utility
SYNOPSIS
rndc [-V] [-b src-addr] [-c config-file] [-k key-file] [-s server]
[-p port] [-y key_id] command
DESCRIPTION
The rndc utility controls the operation of a name server. It
supersedes the ndc utility that was provided in previousBIND releases. If rndc is invoked with no command line
options or arguments, it prints a short summary of the sup-
ported commands and the available options and their argu-
ments.The rndc utility communicates with the name server over a
TCP connection, sending commands authenticated with digital signatures. The only supported authentication algorithm inthe current versions of rndc and named(1M) is HMAC-MD5,
which uses a shared secret on each end of the connection.This algorithm provides TSIG-style authentication for the
command request and the name server's response. All commandssent over the channel must be signed by a key_id known to
the server.The rndc utility reads a configuration file to determine how
to contact the name server and decide what algorithm and key it should use. OPTIONS The following options are supported:-b source-address
Use source-address as the source address for the connec-
tion to the server. Multiple instances are permitted to allow setting of both the IPv4 and IPv6 source addresses.-c config-file
Use config-file as the configuration file instead of the
default /etc/rndc.conf.
-k key-file
Use key-file as the key file instead of the default,
SunOS 5.11 Last change: 11 Jan 2010 1
System Administration Commands rndc(1M)
/etc/rndc.key. The key in /etc/rndc.key is used to
authenticate commands sent to the server if the config-
file does not exist.-s server
The server argument is the name or address of the server that matches a server statement in the configurationfile for rndc. If no server is supplied on the command
line, the host named by the default-server clause in the
options statement of the rndc configuration file is
used.-p port
Send commands to TCP port port instead of BIND 9's default control channel port, 953.-V
Enable verbose logging.-y key_id
Use the key key_id from the configuration file. The
key_id argument must be known by named with the same
algorithm and secret string for control message valida-
tion to succeed. If no key_id is specified, rndc will
first look for a key clause in the server statement of the server being used, or if no server statement ispresent for that host, then the default-key clause of
the options statement. The configuration file containsshared secrets that are used to send authenticated con-
trol commands to name servers. It should therefore not have general read or write access.For the complete set of commands supported by rndc, see the
BIND 9 Administrator Reference Manual or run rndc without
arguments to see its help message. LIMITATIONSThe rndc utility does not support all the commands of the
BIND 8 ndc utility.SunOS 5.11 Last change: 11 Jan 2010 2
System Administration Commands rndc(1M)
There is no way to provide the shared secret for a key_id
without using the configuration file. Several error messages tend toward the cryptic.ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | network/dns/bind ||_____________________________|_____________________________|
| Interface Stability | Volatile ||_____________________________|_____________________________|
SEE ALSO
named(1M), rndc-confgen(1M), named.conf(4), rndc.conf(4),
attributes(5) See the BIND 9 Administrator's Reference Manual. As of the date of publication of this man page, this document is available at https://www.isc.org/software/bind/documentation.SunOS 5.11 Last change: 11 Jan 2010 3