Open System Services Shell and Utilities Reference Manual (G06.27+, H06.04+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

831

832

833

834

835

836

837

838

839

840

rndc(8) OSS Shell and Utilities Reference Manual

NAME

rndc - Starts the nonsecure BIND 9 Internet domain name server control utility

SYNOPSIS

/etc/dns923/rndc

[ -c conﬁg_ﬁle ]

[ -k key_ﬁle ]

[ -s server ]

[ -p port ]

[ -V ]

[ -y key_id ]

command

FLAGS

-c config_file Use conﬁg_ﬁle as the conﬁguration ﬁle instead of the default,

/etc/rndc.conf.

-k key_file Use key_ﬁle as the key ﬁle instead of the default, /etc/rndc.key.

The key in /etc/rndc.key will be used to authenticate commands

sent to the server if the conﬁg_ﬁle does not exist.

-s server server is the name or address of the server which matches a server

statement in the conﬁguration ﬁle for rndc. If no server is sup-

plied on the command line, the host named by the default-server

clause in the option statement of the conﬁguration ﬁle is used.

-p port Send commands to TCP port port instead of BIND 9’s default

control channel port, 953.

-V Enable verbose logging.

-y keyid Use the key keyid from the conﬁguration ﬁle. keyid must be

known by named with the same algorithm and secret string in

order for control message validation to succeed. If no keyid is

speciﬁed, rndc ﬁrst looks for a key clause in the server statement

of the server being used, or if no server statement is present for

that host, it then looks for the default-key clause of the options

statement. Note that the conﬁguration ﬁle contains shared secrets

which are used to send authenticated control commands to name

servers. It should therefore not have general read or write access.

Operands

command For the complete set of commands supported by rndc, see the

BIND 9 Administrator Reference Manual or run rndc without

arguments to see its help message.

DESCRIPTION

rndc controls the operation of a BIND 9 domain name server. If rndc is invoked with no com-

mand line options or arguments, it prints a short summary of the supported commands and the

available options and their arguments.

rndc communicates with the name server over a TCP connection, sending commands authenti-

cated with digital signatures. In the nonsecure version of rndc and named, the only supported

authentication algorithm is HMAC-MD5, which uses a shared secret on each end of the connec-

tion. This provides TSIG-style authentication for the command request and the name server’s

response. All commands sent over the channel must be signed by a key_id known to the server.

12−56 Hewlett-Packard Company 527188-004