1KNOTC(8) Knot DNS KNOTC(8)
2
6 knotc - Knot DNS control utility
7
9 knotc [parameters] action [action_args]
10
12 If no action is specified, the program is executed in interactive mode.
13 Parameters
15 -c, --config file
16 Use a textual configuration file (default is
17 /etc/knot/knot.conf).
18 -C, --confdb directory
20 Use a binary configuration database directory (default is
21 /var/lib/knot/confdb). The default configuration database, if
22 exists, has a preference to the default configuration file.
23 -m, --max-conf-size MiB
25 Set maximum size of the configuration database (default is 500
26 MiB, maximum 10000 MiB).
27 -s, --socket path
29 Use a control UNIX socket path (default is /run/knot/knot.sock).
30 -t, --timeout seconds
32 Use a control timeout in seconds. Set to 0 for infinity (default
33 is 10). The control socket operations are also subject to the
34 timeout parameter set on the server side in server's Control
35 configuration section.
36 -b, --blocking
38 Zone event trigger commands wait until the event is finished.
39 -f, --force
41 Forced operation. Overrides some checks.
42 -v, --verbose
44 Enable debug output.
45 -h, --help
47 Print the program help.
48 -V, --version
50 Print the program version.
51 Actions
53 status [detail]
54 Check if the server is running. Details are version for the run‐
55 ning server version, workers for the numbers of worker threads,
56 or configure for the configure summary.
57 stop Stop the server if running.
59 reload Reload the server configuration and modified zone files. All
61 open zone transactions will be aborted!
62 stats [module[.counter]]
64 Show global statistics counter(s). To print also counters with
65 value 0, use force option.
66 zone-status zone [filter]
68 Show the zone status. Filters are +role, +serial, +transaction,
69 +events, and +freeze.
70 zone-check [zone...]
72 Test if the server can load the zone. Semantic checks are exe‐
73 cuted if enabled in the configuration. When invoked with flag
74 -f/--force an error is returned when semantic check warning
75 appears. (*)
76 zone-reload [zone...]
78 Trigger a zone reload from a disk without checking its modifica‐
79 tion time. For slave zone, the refresh from a master server is
80 scheduled; for master zone, the notification of slave servers is
81 scheduled. An open zone transaction will be aborted! (#)
82 zone-refresh [zone...]
84 Trigger a check for the zone serial on the zone's master. If the
85 master has a newer zone, a transfer is scheduled. This command
86 is valid for slave zones. (#)
87 zone-retransfer [zone...]
89 Trigger a zone transfer from the zone's master. The server
90 doesn't check the serial of the master's zone. This command is
91 valid for slave zones. (#)
92 zone-notify [zone...]
94 Trigger a NOTIFY message to all configured remotes. This can
95 help in cases when previous NOTIFY had been lost or the slaves
96 offline. (#)
97 zone-flush [zone...] [+outdir directory]
99 Trigger a zone journal flush to the configured zone file. If an
100 output directory is specified, the current zone is immediately
101 dumped (in the blocking mode) to a zone file in the specified
102 directory. (#)
103 zone-sign [zone...]
105 Trigger a DNSSEC re-sign of the zone. Existing signatures will
106 be dropped. This command is valid for zones with DNSSEC signing
107 enabled. (#)
108 zone-key-rollover zone key_type
110 Trigger immediate key rollover. Publish new key and start a key
111 rollover, even when the key has a lifetime to go. Key type can
112 be ksk (also for CSK) or zsk. This command is valid for zones
113 with DNSSEC signing and automatic key management enabled. Note
114 that complete key rollover consists of several steps and the
115 blocking mode relates to the initial one only! (#)
116 zone-ksk-submitted zone...
118 Use when the zone's KSK rollover is in submission phase. By
119 calling this command the user confirms manually that the parent
120 zone contains DS record for the new KSK in submission phase and
121 the old KSK can be retired. (#)
122 zone-freeze [zone...]
124 Temporarily postpone zone-changing events (load, refresh,
125 update, flush, and DNSSEC signing). (#)
126 zone-thaw [zone...]
128 Dismiss zone freeze. (#)
129 zone-read zone [owner [type]]
131 Get zone data that are currently being presented.
132 zone-begin zone...
134 Begin a zone transaction.
135 zone-commit zone...
137 Commit the zone transaction. All changes are applied to the
138 zone.
139 zone-abort zone...
141 Abort the zone transaction. All changes are discarded.
142 zone-diff zone
144 Get zone changes within the transaction.
145 zone-get zone [owner [type]]
147 Get zone data within the transaction.
148 zone-set zone owner [ttl] type rdata
150 Add zone record within the transaction. The first record in a
151 rrset requires a ttl value specified.
152 zone-unset zone owner [type [rdata]]
154 Remove zone data within the transaction.
155 zone-purge zone... [filter...]
157 Purge zone data, zone file, journal, timers, and/or KASP data of
158 specified zones. Available filters are +expire, +zonefile,
159 +journal, +timers, and +kaspdb. If no filter is specified, all
160 filters are enabled. If the zone is no longer configured, add
161 +orphan filter (zone file cannot be purged in this case). (#)
162 zone-stats zone [module[.counter]]
164 Show zone statistics counter(s). To print also counters with
165 value 0, use force option.
166 conf-init
168 Initialize the configuration database. (*)
169 conf-check
171 Check the server configuration. (*)
172 conf-import filename
174 Import a configuration file into the configuration database.
175 Ensure the server is not using the configuration database! (*)
176 conf-export [filename]
178 Export the configuration database into a config file or stdout.
179 (*)
180 conf-list [item]
182 List the configuration database sections or section items.
183 conf-read [item]
185 Read the item from the active configuration database.
186 conf-begin
188 Begin a writing configuration database transaction. Only one
189 transaction can be opened at a time.
190 conf-commit
192 Commit the configuration database transaction.
193 conf-abort
195 Rollback the configuration database transaction.
196 conf-diff [item]
198 Get the item difference in the transaction.
199 conf-get [item]
201 Get the item data from the transaction.
202 conf-set item [data...]
204 Set the item data in the transaction.
205 conf-unset [item] [data...]
207 Unset the item data in the transaction.
208 Note
210 Empty or -- zone parameter means all zones or all zones with a transac‐
211 tion.
212 Use @ owner to denote the zone name.
214 Type item parameter in the form of section[[id]][.name].
216 (*) indicates a local operation which requires a configuration.
218 (#) indicates an optionally blocking operation.
220 The -b and -f options can be placed right after the command name.
222 Interactive mode
224 The utility provides interactive mode with basic line editing function‐
225 ality, command completion, and command history.
226 Interactive mode behavior can be customized in ~/.editrc. Refer to
228 editrc(5) for details.
229 Command history is saved in ~/.knotc_history.
231
233 Exit status of 0 means successful operation. Any other exit status
234 indicates an error.
235
237 Reload the whole server configuration
238 $ knotc reload
239 Flush the example.com and example.org zones
241 $ knotc zone-flush example.com example.org
242 Get the current server configuration
244 $ knotc conf-read server
245 Get the list of the current zones
247 $ knotc conf-read zone.domain
248 Get the master remotes for the example.com zone
250 $ knotc conf-read 'zone[example.com].master'
251 Add example.org zone with a zonefile location
253 $ knotc conf-begin
254 $ knotc conf-set 'zone[example.org]'
255 $ knotc conf-set 'zone[example.org].file' '/var/zones/example.org.zone'
256 $ knotc conf-commit
257 Get the SOA record for each configured zone
259 $ knotc zone-read -- @ SOA
260
262 knotd(8), knot.conf(5), editrc(5).
263
265 CZ.NIC Labs <https://www.knot-dns.cz>
266
268 Copyright 2010–2020, CZ.NIC, z.s.p.o.
2692.9.3 2020-03-03 KNOTC(8)