1KNOTC(8) Knot DNS KNOTC(8)
2
3
4
6 knotc - Knot DNS control utility
7
9 knotc [parameters] action [action_args]
10
12 If no action is specified, the program is executed in interactive mode.
13
14 Parameters
15 -c, --config file
16 Use a textual configuration file (default is
17 /etc/knot/knot.conf).
18
19 -C, --confdb directory
20 Use a binary configuration database directory (default is
21 /var/lib/knot/confdb). The default configuration database, if
22 exists, has a preference to the default configuration file.
23
24 -m, --max-conf-size MiB
25 Set maximum size of the configuration database (default is 500
26 MiB, maximum 10000 MiB).
27
28 -s, --socket path
29 Use a control UNIX socket path (default is /run/knot/knot.sock).
30
31 -t, --timeout seconds
32 Use a control timeout in seconds. Set to 0 for infinity (default
33 is 60). The control socket operations are also subject to the
34 timeout parameter set on the server side in server's Control
35 configuration section.
36
37 -b, --blocking
38 Zone event trigger commands wait until the event is finished.
39
40 -f, --force
41 Forced operation. Overrides some checks.
42
43 -v, --verbose
44 Enable debug output.
45
46 -h, --help
47 Print the program help.
48
49 -V, --version
50 Print the program version.
51
52 Actions
53 status [detail]
54 Check if the server is running. Details are version for the run‐
55 ning server version, workers for the numbers of worker threads,
56 or configure for the configure summary.
57
58 stop Stop the server if running.
59
60 reload Reload the server configuration and modified zone files. All
61 open zone transactions will be aborted!
62
63 stats [module[.counter]]
64 Show global statistics counter(s). To print also counters with
65 value 0, use force option.
66
67 zone-status zone [filter]
68 Show the zone status. Filters are +role, +serial, +transaction,
69 +events, and +freeze.
70
71 zone-check [zone...]
72 Test if the server can load the zone. Semantic checks are exe‐
73 cuted if enabled in the configuration. When invoked with flag
74 -f/--force an error is returned when semantic check warning ap‐
75 pears. (*)
76
77 zone-reload [zone...]
78 Trigger a zone reload from a disk without checking its modifica‐
79 tion time. For secondary zone, the refresh event from primary
80 server(s) is scheduled; for primary zone, the notify event to
81 secondary server(s) is scheduled. An open zone transaction will
82 be aborted! (#)
83
84 zone-refresh [zone...]
85 Trigger a check for the zone serial on the zone's primary
86 server. If the primary server has a newer zone, a transfer is
87 scheduled. This command is valid for secondary zones. (#)
88
89 zone-retransfer [zone...]
90 Trigger a zone transfer from the zone's primary server. The
91 server doesn't check the serial of the primary server's zone.
92 This command is valid for secondary zones. (#)
93
94 zone-notify [zone...]
95 Trigger a NOTIFY message to all configured remotes. This can
96 help in cases when previous NOTIFY had been lost or the sec‐
97 ondary servers have been offline. (#)
98
99 zone-flush [zone...] [+outdir directory]
100 Trigger a zone journal flush to the configured zone file. If an
101 output directory is specified, the current zone is immediately
102 dumped (in the blocking mode) to a zone file in the specified
103 directory. (#)
104
105 zone-backup [zone...] +backupdir directory [+journal] [+nozonefile]
106 Trigger a zone data and metadata backup to specified directory.
107 Optional flag +journal backs up also zone journal, whereas +no‐
108 zonefile avoids backing up current zone contents to a zone file.
109 If zone flushing is disabled, original zone file is backed up
110 instead. (#)
111
112 zone-restore [zone...] +backupdir directory [+journal] [+nozonefile]
113 Trigger a zone data and metadata restore from specified backup
114 directory. Optional flags are equivalent to zone-backup. (#)
115
116 zone-sign [zone...]
117 Trigger a DNSSEC re-sign of the zone. Existing signatures will
118 be dropped. This command is valid for zones with DNSSEC signing
119 enabled. (#)
120
121 zone-key-rollover zone key_type
122 Trigger immediate key rollover. Publish new key and start a key
123 rollover, even when the key has a lifetime to go. Key type can
124 be ksk (also for CSK) or zsk. This command is valid for zones
125 with DNSSEC signing and automatic key management enabled. Note
126 that complete key rollover consists of several steps and the
127 blocking mode relates to the initial one only! (#)
128
129 zone-ksk-submitted zone...
130 Use when the zone's KSK rollover is in submission phase. By
131 calling this command the user confirms manually that the parent
132 zone contains DS record for the new KSK in submission phase and
133 the old KSK can be retired. (#)
134
135 zone-freeze [zone...]
136 Trigger a zone freeze. All running events will be finished and
137 all new and pending (planned) zone-changing events (load, re‐
138 fresh, update, flush, and DNSSEC signing) will be held up until
139 the zone is thawed. (#)
140
141 zone-thaw [zone...]
142 Trigger dismissal of zone freeze. (#)
143
144 zone-read zone [owner [type]]
145 Get zone data that are currently being presented.
146
147 zone-begin zone...
148 Begin a zone transaction.
149
150 zone-commit zone...
151 Commit the zone transaction. All changes are applied to the
152 zone.
153
154 zone-abort zone...
155 Abort the zone transaction. All changes are discarded.
156
157 zone-diff zone
158 Get zone changes within the transaction.
159
160 zone-get zone [owner [type]]
161 Get zone data within the transaction.
162
163 zone-set zone owner [ttl] type rdata
164 Add zone record within the transaction. The first record in a
165 rrset requires a ttl value specified.
166
167 zone-unset zone owner [type [rdata]]
168 Remove zone data within the transaction.
169
170 zone-purge zone... [filter...]
171 Purge zone data, zone file, journal, timers, and/or KASP data of
172 specified zones. Available filters are +expire, +zonefile,
173 +journal, +timers, and +kaspdb. If no filter is specified, all
174 filters are enabled. If the zone is no longer configured, add
175 +orphan filter (zone file cannot be purged in this case). (#)
176
177 zone-stats zone [module[.counter]]
178 Show zone statistics counter(s). To print also counters with
179 value 0, use force option.
180
181 conf-init
182 Initialize the configuration database. If the database doesn't
183 exist yet, execute this command as an intended user to ensure
184 the server is permitted to access the database (e.g. sudo -u
185 knot knotc conf-init). (*)
186
187 conf-check
188 Check the server configuration. (*)
189
190 conf-import filename
191 Import a configuration file into the configuration database. If
192 the database doesn't exist yet, execute this command as an in‐
193 tended user to ensure the server is permitted to access the
194 database (e.g. sudo -u knot knotc conf-import ...). Also ensure
195 the server is not using the configuration database at the same
196 time! (*)
197
198 conf-export [filename]
199 Export the configuration database into a config file or stdout.
200 (*)
201
202 conf-list [item]
203 List the configuration database sections or section items.
204
205 conf-read [item]
206 Read the item from the active configuration database.
207
208 conf-begin
209 Begin a writing configuration database transaction. Only one
210 transaction can be opened at a time.
211
212 conf-commit
213 Commit the configuration database transaction.
214
215 conf-abort
216 Rollback the configuration database transaction.
217
218 conf-diff [item]
219 Get the item difference in the transaction.
220
221 conf-get [item]
222 Get the item data from the transaction.
223
224 conf-set item [data...]
225 Set the item data in the transaction.
226
227 conf-unset [item] [data...]
228 Unset the item data in the transaction.
229
230 Note
231 Empty or -- zone parameter means all zones or all zones with a transac‐
232 tion.
233
234 Use @ owner to denote the zone name.
235
236 Type item parameter in the form of section[[id]][.name].
237
238 (*) indicates a local operation which requires a configuration.
239
240 (#) indicates an optionally blocking operation.
241
242 The -b and -f options can be placed right after the command name.
243
244 The OK response to triggering commands means that the command has been
245 successfully sent to the server. To verify if the operation succeeded
246 it's necessary to check the server log.
247
248 Interactive mode
249 The utility provides interactive mode with basic line editing function‐
250 ality, command completion, and command history.
251
252 Interactive mode behavior can be customized in ~/.editrc. Refer to ed‐
253 itrc(5) for details.
254
255 Command history is saved in ~/.knotc_history.
256
258 Exit status of 0 means successful operation. Any other exit status in‐
259 dicates an error.
260
262 Reload the whole server configuration
263 $ knotc reload
264
265 Flush the example.com and example.org zones
266 $ knotc zone-flush example.com example.org
267
268 Get the current server configuration
269 $ knotc conf-read server
270
271 Get the list of the current zones
272 $ knotc conf-read zone.domain
273
274 Get the primary servers for the example.com zone
275 $ knotc conf-read 'zone[example.com].master'
276
277 Add example.org zone with a zonefile location
278 $ knotc conf-begin
279 $ knotc conf-set 'zone[example.org]'
280 $ knotc conf-set 'zone[example.org].file' '/var/zones/example.org.zone'
281 $ knotc conf-commit
282
283 Get the SOA record for each configured zone
284 $ knotc zone-read -- @ SOA
285
287 knotd(8), knot.conf(5), editrc(5).
288
290 CZ.NIC Labs <https://www.knot-dns.cz>
291
293 Copyright 2010–2021, CZ.NIC, z.s.p.o.
294
295
296
297
2983.0.6 2021-05-12 KNOTC(8)