1KNOTC(8) Knot DNS KNOTC(8)
2
3
4
6 knotc - Knot DNS control utility
7
9 knotc [parameters] action [action_args]
10
12 If no action is specified, the program is executed in interactive mode.
13
14 Parameters
15 -c, --config file
16 Use a textual configuration file (default is
17 /etc/knot/knot.conf).
18
19 -C, --confdb directory
20 Use a binary configuration database directory (default is
21 /var/lib/knot/confdb). The default configuration database, if
22 exists, has a preference to the default configuration file.
23
24 -m, --max-conf-size MiB
25 Set maximum size of the configuration database (default is 500
26 MiB, maximum 10000 MiB).
27
28 -s, --socket path
29 Use a control UNIX socket path (default is /run/knot/knot.sock).
30
31 -t, --timeout seconds
32 Use a control timeout in seconds. Set to 0 for infinity (default
33 is 10). The control socket operations are also subject to the
34 timeout parameter set on the server side in server's Control
35 configuration section.
36
37 -b, --blocking
38 Zone event trigger commands wait until the event is finished.
39
40 -f, --force
41 Forced operation. Overrides some checks.
42
43 -v, --verbose
44 Enable debug output.
45
46 -h, --help
47 Print the program help.
48
49 -V, --version
50 Print the program version.
51
52 Actions
53 status [detail]
54 Check if the server is running. Details are version for the run‐
55 ning server version, workers for the numbers of worker threads,
56 or configure for the configure summary.
57
58 stop Stop the server if running.
59
60 reload Reload the server configuration and modified zone files. All
61 open zone transactions will be aborted!
62
63 stats [module[.counter]]
64 Show global statistics counter(s). To print also counters with
65 value 0, use force option.
66
67 zone-status zone [filter]
68 Show the zone status. Filters are +role, +serial, +transaction,
69 +events, and +freeze.
70
71 zone-check [zone...]
72 Test if the server can load the zone. Semantic checks are exe‐
73 cuted if enabled in the configuration. When invoked with flag
74 -f/--force an error is returned when semantic check warning
75 appears. (*)
76
77 zone-reload [zone...]
78 Trigger a zone reload from a disk without checking its modifica‐
79 tion time. For slave zone, the refresh from a master server is
80 scheduled; for master zone, the notification of slave servers is
81 scheduled. An open zone transaction will be aborted! (#)
82
83 zone-refresh [zone...]
84 Trigger a check for the zone serial on the zone's master. If the
85 master has a newer zone, a transfer is scheduled. This command
86 is valid for slave zones. (#)
87
88 zone-retransfer [zone...]
89 Trigger a zone transfer from the zone's master. The server
90 doesn't check the serial of the master's zone. This command is
91 valid for slave zones. (#)
92
93 zone-notify [zone...]
94 Trigger a NOTIFY message to all configured remotes. This can
95 help in cases when previous NOTIFY had been lost or the slaves
96 offline. (#)
97
98 zone-flush [zone...] [+outdir directory]
99 Trigger a zone journal flush to the configured zone file. If an
100 output directory is specified, the current zone is immediately
101 dumped (in the blocking mode) to a zone file in the specified
102 directory. (#)
103
104 zone-sign [zone...]
105 Trigger a DNSSEC re-sign of the zone. Existing signatures will
106 be dropped. This command is valid for zones with DNSSEC signing
107 enabled. (#)
108
109 zone-key-rollover zone key_type
110 Trigger immediate key rollover. Publish new key and start a key
111 rollover, even when the key has a lifetime to go. Key type can
112 be ksk (also for CSK) or zsk. This command is valid for zones
113 with DNSSEC signing and automatic key management enabled. Note
114 that complete key rollover consists of several steps and the
115 blocking mode relates to the initial one only! (#)
116
117 zone-ksk-submitted zone...
118 Use when the zone's KSK rollover is in submission phase. By
119 calling this command the user confirms manually that the parent
120 zone contains DS record for the new KSK in submission phase and
121 the old KSK can be retired. (#)
122
123 zone-freeze [zone...]
124 Temporarily postpone zone-changing events (load, refresh,
125 update, flush, and DNSSEC signing). (#)
126
127 zone-thaw [zone...]
128 Dismiss zone freeze. (#)
129
130 zone-read zone [owner [type]]
131 Get zone data that are currently being presented.
132
133 zone-begin zone...
134 Begin a zone transaction.
135
136 zone-commit zone...
137 Commit the zone transaction. All changes are applied to the
138 zone.
139
140 zone-abort zone...
141 Abort the zone transaction. All changes are discarded.
142
143 zone-diff zone
144 Get zone changes within the transaction.
145
146 zone-get zone [owner [type]]
147 Get zone data within the transaction.
148
149 zone-set zone owner [ttl] type rdata
150 Add zone record within the transaction. The first record in a
151 rrset requires a ttl value specified.
152
153 zone-unset zone owner [type [rdata]]
154 Remove zone data within the transaction.
155
156 zone-purge zone... [filter...]
157 Purge zone data, zone file, journal, timers, and/or KASP data of
158 specified zones. Available filters are +expire, +zonefile,
159 +journal, +timers, and +kaspdb. If no filter is specified, all
160 filters are enabled. If the zone is no longer configured, add
161 +orphan filter (zone file cannot be purged in this case). (#)
162
163 zone-stats zone [module[.counter]]
164 Show zone statistics counter(s). To print also counters with
165 value 0, use force option.
166
167 conf-init
168 Initialize the configuration database. (*)
169
170 conf-check
171 Check the server configuration. (*)
172
173 conf-import filename
174 Import a configuration file into the configuration database.
175 Ensure the server is not using the configuration database! (*)
176
177 conf-export [filename]
178 Export the configuration database into a config file or stdout.
179 (*)
180
181 conf-list [item]
182 List the configuration database sections or section items.
183
184 conf-read [item]
185 Read the item from the active configuration database.
186
187 conf-begin
188 Begin a writing configuration database transaction. Only one
189 transaction can be opened at a time.
190
191 conf-commit
192 Commit the configuration database transaction.
193
194 conf-abort
195 Rollback the configuration database transaction.
196
197 conf-diff [item]
198 Get the item difference in the transaction.
199
200 conf-get [item]
201 Get the item data from the transaction.
202
203 conf-set item [data...]
204 Set the item data in the transaction.
205
206 conf-unset [item] [data...]
207 Unset the item data in the transaction.
208
209 Note
210 Empty or -- zone parameter means all zones or all zones with a transac‐
211 tion.
212
213 Use @ owner to denote the zone name.
214
215 Type item parameter in the form of section[[id]][.name].
216
217 (*) indicates a local operation which requires a configuration.
218
219 (#) indicates an optionally blocking operation.
220
221 The -b and -f options can be placed right after the command name.
222
223 Interactive mode
224 The utility provides interactive mode with basic line editing function‐
225 ality, command completion, and command history.
226
227 Interactive mode behavior can be customized in ~/.editrc. Refer to
228 editrc(5) for details.
229
230 Command history is saved in ~/.knotc_history.
231
233 Exit status of 0 means successful operation. Any other exit status
234 indicates an error.
235
237 Reload the whole server configuration
238 $ knotc reload
239
240 Flush the example.com and example.org zones
241 $ knotc zone-flush example.com example.org
242
243 Get the current server configuration
244 $ knotc conf-read server
245
246 Get the list of the current zones
247 $ knotc conf-read zone.domain
248
249 Get the master remotes for the example.com zone
250 $ knotc conf-read 'zone[example.com].master'
251
252 Add example.org zone with a zonefile location
253 $ knotc conf-begin
254 $ knotc conf-set 'zone[example.org]'
255 $ knotc conf-set 'zone[example.org].file' '/var/zones/example.org.zone'
256 $ knotc conf-commit
257
258 Get the SOA record for each configured zone
259 $ knotc zone-read -- @ SOA
260
262 knotd(8), knot.conf(5), editrc(5).
263
265 CZ.NIC Labs <https://www.knot-dns.cz>
266
268 Copyright 2010–2020, CZ.NIC, z.s.p.o.
269
270
271
272
2732.9.3 2020-03-03 KNOTC(8)