1YADIFA(8) YADIFA YADIFA(8)
2
3
4
6 YADIFA is an utility for controlling YADIFAD
7
9 yadifa module [--config|-c configfile] [--server|-s host] [@host ]
10 [--port|-p port] [-K key-name] [--version|-V] [-h] [--verbose|-v] [-t]
11 command [[-q] zone]
12
14 yadifa controls the operation of yadifad with its control module
15 (ctrl), part of the YADIFA distribution from EURid vzw/asbl. The latest
16 version of YADIFA can be found on:
17 http://www.yadifa.eu/download
18
19
20 yadifa communicates with a name server over a TCP connection. Messages
21 are authenticated using a TSIG signature. The key is a secret shared
22 between client and server. The key can be defined using a <key> sec‐
23 tion both in the client and the server. Additionally, the client ac‐
24 cepts a full definition as a command line option. Note that using au‐
25 thentication is mandatory when using the control module.
26
27 For details about the key, see the manual or the TSIG section below.
28
30 * ctrl command Controls yadifad.
31
33 For controlling yadifad a command can be:
34
35 NORMAL USE CASE
36 yadifa ctrl @server -t command -q argument
37
38 FRIENDLIER USE CASE
39 yadifa ctrl @server command argument
40
41 ctrl Module used for controlling yadifad
42
43 server Is the IP address of the name server to control. If no "server"
44 argument is given yadifa.rc will be checked.
45
46 command Is the command to be invoked
47
48 argument Depending the command this can be e.g. a domain name.
49
50 EXAMPLE
51 yadifa ctrl @127.0.0.1 freeze somedomain.eu
52
54 [--config|-c configfile]
55 Another config file will be used.
56
57 [--server|-s host] | [ @host ]
58 Host is the remote server to operate.
59
60 e.g.:
61
62
63 yadifa --server 192.0.2.1
64
65 yadifa @192.0.2.1
66
67 By default the DNS port is used. A port can be specified along
68 with the IP address:
69
70 e.g.:
71
72
73 yadifa --server "192.0.2.1 port 5353"
74
75 yadifa @"192.0.2.1 port 5353"
76
77 [--port|-p port]
78 Changes the DNS port. (default: 53)
79
80 [-K key-name]
81 Name of the key to be used for the controller. It needs to have
82 been defined using a <key> section. (default: 'ctrl-key')
83
84 [-y hmac-algorithm:key-name:base64-key]
85 Definition of the key to be used for the controller.
86
87 hmac-algorithm
88 Optional, can be: hmac-md5, hmac-sha1, hmac-sha224,
89 hmac-256, hmac-384, hmac-512. (default: hmac-md5)
90
91 key-name
92 is the fqdn of the key.
93
94 base64-key
95 is a base64 encoding of the key bytes.
96
97 e.g.:
98
99
100 -y hmac-sha1:our-shared-secret:ThisIsASecretShared=
101
102 -y our-shared-secret:ThisIsASecretShared=
103
104 [--verbose|-v]
105 Verbose output.
106
107 [--version|-V]
108 Show version information.
109
110 [--help|-h]
111 Show a help text
112
114 [-t] cfgreload
115 Reload the settings from the configuration file on disk.
116
117 [-t] freeze [-q] zone
118 Disables dynamic updates to a zone.
119
120 [-t] freezeall [-q] zone
121 Disables dynamic updates to every zone currently loaded.
122
123 [-t] loglevel level
124 Sets the log level to the given value (0-15), 6 = INFO, 15 =
125 ALL.
126
127 [-t] logreopen
128 Close all log files and reopens them.
129
130 [-t] notify
131 Sends notifies to slaves of these zones.
132
133 [-t] querylog [enable|disable]
134 Sets the log for queries on or off (default: enable).
135
136 [-t] reload [-q] zone
137 Triggers the loading of the zone file(s) if the serial number
138 is incremented.
139
140 [-t] shutdown
141 Shuts down the server.
142
143 [-t] sync [-q] [zone] [clean]
144 Write the zone to disk and optionally cleans up the journal.
145
146 [-t] thaw [-q] [zone]
147 Enables dynamic updates to a zone.
148
149 [-t] thawall
150 Enables dynamic updates to every zone.
151
152 [-t] unfreeze [-q] [zone]
153 Enables dynamic updates to a zone.
154
155 [-t] unfreezeall
156 Enables dynamic updates to every zone.
157
158 [-t] zonecfgreload
159 [-q zone]
160 Reload the zone information in the configuration file and
161 reload the zone file(s) with increased serial number.
162
164 TSIG keys are used for authentication of messages.
165 Their use is mandatory in the controller module.
166
167 Several digest algorithms are supported for the TSIG key:
168
169 * hmac-md5
170
171 * hmac-sha1
172
173 * hmac-sha224
174
175 * hmac-sha256
176
177 * hmac-sha384
178
179 * hmac-sha512
180
181 Several methods can be used to generate the base64-encoded sequence of
182 bytes for the secret:
183
184 * %openssl rand -base64 32
185
186 * %dd if=/dev/random count=1 bs=32 2>/dev/null|base64
187
188 * %dd if=/dev/urandom count=1 bs=32 2>/dev/null|base64
189
190 e.g.:
191
192 #!/bin/sh
193 # TSIG key generation example
194 # can a
195 key_algorithm="hmac-sha256"
196 key_name="secretkey"
197 key_secret=$(openssl rand -base64 32)
198 if [ ! "x$1" == "x" ]
199 then
200 key_name="$1"
201 fi
202
203 echo "# Encoded for the yadifa command-line: -y $key_algorithm:$key_name:$key_secret"
204 echo
205 echo "<key>"
206 echo "algorithm $key_algorithm"
207 echo "name $key_name"
208 echo "secret $key_secret"
209 echo "</key>"
210
211
213 yadifa
214 The name server remote client.
215
216 ${SYSCONFDIR}/yadifa.conf
217 default yadifa configuration file.
218
219 ${HOME}/.yadifa.rc
220 default rcfile.
221
222 yadifa.conf.5
223 Configuration man page for yadifa.
224
225 yadifa.rc.5
226 Configuration man page for yadifa.
227
228 yadifa.8
229 This man page.
230
232 yadifa.conf(5) yadifa.rc(5) yadifad(8)
233
235 OpenSSL
236 yadifad requires OpenSSL version 1.1.1 or later.
237
239 Please check the ChangeLog file from the sources code.
240
242 Version: 2.5.3 of 2020-12-09.
243
245 There is a mailinglist for questions relating to any program in the
246 yadifa package:
247
248 * yadifa-users@mailinglists.yadifa.eu
249 for submitting questions/answers.
250
251 * http://www.yadifa.eu/mailing-list-users
252 for subscription requests.
253
254 If you would like to stay informed about new versions and official
255 patches send a subscription request to via:
256
257 * http://www.yadifa.eu/mailing-list-announcements
258
259 (this is a read-only list).
260
262 Copyright
263 (C)2011-2021, EURid
264 B-1831 Diegem, Belgium
265 info@yadifa.eu
266
268 Gery Van Emelen
269 Email: Gery.VanEmelen@EURid.eu
270 Eric Diaz Fernandez
271 Email: Eric.DiazFernandez@EURid.eu
272
273 WWW: http://www.EURid.eu
274
275YADIFA 2021-10-25 YADIFA(8)