1KNOTC(8)                           Knot DNS                           KNOTC(8)
2
3
4

NAME

6       knotc - Knot DNS control utility
7

SYNOPSIS

9       knotc [parameters] action [action_args]
10

DESCRIPTION

12       If no action is specified, the program is executed in interactive mode.
13
14   Parameters
15       -c, --config file
16              Use     a     textual    configuration    file    (default    is
17              /etc/knot/knot.conf).
18
19       -C, --confdb directory
20              Use  a  binary  configuration  database  directory  (default  is
21              /var/lib/knot/confdb).   The  default configuration database, if
22              exists, has a preference to the default configuration file.
23
24       -m, --max-conf-size MiB
25              Set maximum size of the configuration database (default  is  500
26              MiB, maximum 10000 MiB).
27
28       -s, --socket path
29              Use a control UNIX socket path (default is /run/knot/knot.sock).
30
31       -t, --timeout seconds
32              Use a control timeout in seconds. Set to 0 for infinity (default
33              is 60).  The control socket operations are also subject  to  the
34              timeout  parameter  set  on  the server side in server's Control
35              configuration section.
36
37       -b, --blocking
38              Zone event trigger commands wait until the event is finished.
39
40       -f, --force
41              Forced operation. Overrides some checks.
42
43       -v, --verbose
44              Enable debug output.
45
46       -h, --help
47              Print the program help.
48
49       -V, --version
50              Print the program version.
51
52   Actions
53       status [detail]
54              Check if the server is running. Details are version for the run‐
55              ning  server version, workers for the numbers of worker threads,
56              or configure for the configure summary.
57
58       stop   Stop the server if running.
59
60       reload Reload the server configuration and  modified  zone  files.  All
61              open zone transactions will be aborted!
62
63       stats [module[.counter]]
64              Show  global  statistics counter(s). To print also counters with
65              value 0, use force option.
66
67       zone-status zone [filter]
68              Show the zone status. Filters are +role, +serial,  +transaction,
69              +events, and +freeze.
70
71       zone-check [zone...]
72              Test  if  the server can load the zone. Semantic checks are exe‐
73              cuted if enabled in the configuration. When  invoked  with  flag
74              -f/--force  an error is returned when semantic check warning ap‐
75              pears. (*)
76
77       zone-reload [zone...]
78              Trigger a zone reload from a disk without checking its modifica‐
79              tion  time.  For  secondary zone, the refresh event from primary
80              server(s) is scheduled; for primary zone, the  notify  event  to
81              secondary  server(s) is scheduled. An open zone transaction will
82              be aborted! (#)
83
84       zone-refresh [zone...]
85              Trigger a check for  the  zone  serial  on  the  zone's  primary
86              server.  If  the  primary server has a newer zone, a transfer is
87              scheduled. This command is valid for secondary zones. (#)
88
89       zone-retransfer [zone...]
90              Trigger a zone transfer from  the  zone's  primary  server.  The
91              server  doesn't  check  the serial of the primary server's zone.
92              This command is valid for secondary zones. (#)
93
94       zone-notify [zone...]
95              Trigger a NOTIFY message to all  configured  remotes.  This  can
96              help  in  cases  when  previous NOTIFY had been lost or the sec‐
97              ondary servers have been offline. (#)
98
99       zone-flush [zone...] [+outdir directory]
100              Trigger a zone journal flush to the configured zone file. If  an
101              output  directory  is specified, the current zone is immediately
102              dumped (in the blocking mode) to a zone file  in  the  specified
103              directory. (#)
104
105       zone-backup [zone...] +backupdir directory [+journal] [+nozonefile]
106              Trigger  a zone data and metadata backup to specified directory.
107              Optional flag +journal backs up also zone journal, whereas  +no‐
108              zonefile avoids backing up current zone contents to a zone file.
109              If zone flushing is disabled, original zone file  is  backed  up
110              instead. (#)
111
112       zone-restore [zone...] +backupdir directory [+journal] [+nozonefile]
113              Trigger  a  zone data and metadata restore from specified backup
114              directory.  Optional flags are equivalent to zone-backup. (#)
115
116       zone-sign [zone...]
117              Trigger a DNSSEC re-sign of the zone. Existing  signatures  will
118              be dropped.  This command is valid for zones with DNSSEC signing
119              enabled. (#)
120
121       zone-key-rollover zone key_type
122              Trigger immediate key rollover. Publish new key and start a  key
123              rollover,  even  when the key has a lifetime to go. Key type can
124              be ksk (also for CSK) or zsk. This command is  valid  for  zones
125              with  DNSSEC  signing and automatic key management enabled. Note
126              that complete key rollover consists of  several  steps  and  the
127              blocking mode relates to the initial one only! (#)
128
129       zone-ksk-submitted zone...
130              Use  when  the  zone's  KSK  rollover is in submission phase. By
131              calling this command the user confirms manually that the  parent
132              zone  contains DS record for the new KSK in submission phase and
133              the old KSK can be retired. (#)
134
135       zone-freeze [zone...]
136              Trigger a zone freeze. All running events will be  finished  and
137              all  new  and  pending (planned) zone-changing events (load, re‐
138              fresh, update, flush, and DNSSEC signing) will be held up  until
139              the zone is thawed. (#)
140
141       zone-thaw [zone...]
142              Trigger dismissal of zone freeze. (#)
143
144       zone-read zone [owner [type]]
145              Get zone data that are currently being presented.
146
147       zone-begin zone...
148              Begin a zone transaction.
149
150       zone-commit zone...
151              Commit  the  zone  transaction.  All  changes are applied to the
152              zone.
153
154       zone-abort zone...
155              Abort the zone transaction. All changes are discarded.
156
157       zone-diff zone
158              Get zone changes within the transaction.
159
160       zone-get zone [owner [type]]
161              Get zone data within the transaction.
162
163       zone-set zone owner [ttl] type rdata
164              Add zone record within the transaction. The first  record  in  a
165              rrset requires a ttl value specified.
166
167       zone-unset zone owner [type [rdata]]
168              Remove zone data within the transaction.
169
170       zone-purge zone... [filter...]
171              Purge zone data, zone file, journal, timers, and/or KASP data of
172              specified zones.   Available  filters  are  +expire,  +zonefile,
173              +journal,  +timers,  and +kaspdb. If no filter is specified, all
174              filters are enabled.  If the zone is no longer  configured,  add
175              +orphan filter (zone file cannot be purged in this case). (#)
176
177       zone-stats zone [module[.counter]]
178              Show  zone  statistics  counter(s).  To print also counters with
179              value 0, use force option.
180
181       conf-init
182              Initialize the configuration database. If the  database  doesn't
183              exist  yet,  execute  this command as an intended user to ensure
184              the server is permitted to access the  database  (e.g.  sudo  -u
185              knot knotc conf-init). (*)
186
187       conf-check
188              Check the server configuration. (*)
189
190       conf-import filename
191              Import  a configuration file into the configuration database. If
192              the database doesn't exist yet, execute this command as  an  in‐
193              tended  user  to  ensure  the  server is permitted to access the
194              database (e.g. sudo -u knot knotc conf-import ...).  Also ensure
195              the  server  is not using the configuration database at the same
196              time! (*)
197
198       conf-export [filename]
199              Export the configuration database into a config file or  stdout.
200              (*)
201
202       conf-list [item]
203              List the configuration database sections or section items.
204
205       conf-read [item]
206              Read the item from the active configuration database.
207
208       conf-begin
209              Begin  a  writing  configuration  database transaction. Only one
210              transaction can be opened at a time.
211
212       conf-commit
213              Commit the configuration database transaction.
214
215       conf-abort
216              Rollback the configuration database transaction.
217
218       conf-diff [item]
219              Get the item difference in the transaction.
220
221       conf-get [item]
222              Get the item data from the transaction.
223
224       conf-set item [data...]
225              Set the item data in the transaction.
226
227       conf-unset [item] [data...]
228              Unset the item data in the transaction.
229
230   Note
231       Empty or -- zone parameter means all zones or all zones with a transac‐
232       tion.
233
234       Use @ owner to denote the zone name.
235
236       Type item parameter in the form of section[[id]][.name].
237
238       (*) indicates a local operation which requires a configuration.
239
240       (#) indicates an optionally blocking operation.
241
242       The -b and -f options can be placed right after the command name.
243
244       The  OK response to triggering commands means that the command has been
245       successfully sent to the server. To verify if the  operation  succeeded
246       it's necessary to check the server log.
247
248   Interactive mode
249       The utility provides interactive mode with basic line editing function‐
250       ality, command completion, and command history.
251
252       Interactive mode behavior can be customized in ~/.editrc. Refer to  ed‐
253       itrc(5) for details.
254
255       Command history is saved in ~/.knotc_history.
256

EXIT VALUES

258       Exit  status of 0 means successful operation. Any other exit status in‐
259       dicates an error.
260

EXAMPLES

262   Reload the whole server configuration
263          $ knotc reload
264
265   Flush the example.com and example.org zones
266          $ knotc zone-flush example.com example.org
267
268   Get the current server configuration
269          $ knotc conf-read server
270
271   Get the list of the current zones
272          $ knotc conf-read zone.domain
273
274   Get the primary servers for the example.com zone
275          $ knotc conf-read 'zone[example.com].master'
276
277   Add example.org zone with a zonefile location
278          $ knotc conf-begin
279          $ knotc conf-set 'zone[example.org]'
280          $ knotc conf-set 'zone[example.org].file' '/var/zones/example.org.zone'
281          $ knotc conf-commit
282
283   Get the SOA record for each configured zone
284          $ knotc zone-read -- @ SOA
285

SEE ALSO

287       knotd(8), knot.conf(5), editrc(5).
288

AUTHOR

290       CZ.NIC Labs <https://www.knot-dns.cz>
291
293       Copyright 2010–2021, CZ.NIC, z.s.p.o.
294
295
296
297
2983.0.6                             2021-05-12                          KNOTC(8)
Impressum