1rndc(1M) System Administration Commands rndc(1M)
2
6 rndc - name server control utility
7
9 rndc [-V] [-c config-file] [-k key-file] [-s server]
10 [-p port] [-y key_id] command
11
14 The rndc utility controls the operation of a name server. It supersedes
15 the ndc utility that was provided in previous BIND releases. If rndc is
16 invoked with no command line options or arguments, it prints a short
17 summary of the supported commands and the available options and their
18 arguments.
19 The rndc utility communicates with the name server over a TCP connec‐
22 tion, sending commands authenticated with digital signatures. The only
23 supported authentication algorithm in the current versions of rndc and
24 named(1M) is HMAC-MD5, which uses a shared secret on each end of the
25 connection. This algorithm provides TSIG-style authentication for the
26 command request and the name server's response. All commands sent over
27 the channel must be signed by a key_id known to the server.
28 The rndc utility reads a configuration file to determine how to contact
31 the name server and decide what algorithm and key it should use.
32
34 The following options are supported:
35 -c config-file Use config-file as the configuration file instead of
37 the default /etc/rndc.conf.
38 -k key-file Use key-file as the key file instead of the default,
41 /etc/rndc.key. The key in /etc/rndc.key is used to
42 authenticate commands sent to the server if the con‐
43 fig-file does not exist.
44 -s server The server argument is the name or address of the
47 server that matches a server statement in the config‐
48 uration file for rndc. If no server is supplied on
49 the command line, the host named by the default-
50 server clause in the options statement of the rndc
51 configuration file is used.
52 -p port Send commands to TCP port port instead of BIND 9's
55 default control channel port, 953.
56 -V Enable verbose logging.
59 -y key_id Use the key key_id from the configuration file. The
62 key_id argument must be known by named with the same
63 algorithm and secret string for control message vali‐
64 dation to succeed. If no key_id is specified, rndc
65 will first look for a key clause in the server state‐
66 ment of the server being used, or if no server state‐
67 ment is present for that host, then the default-key
68 clause of the options statement. The configuration
69 file contains shared secrets that are used to send
70 authenticated control commands to name servers. It
71 should therefore not have general read or write
72 access.
73 For the complete set of commands supported by rndc, see the BIND 9
77 Administrator Reference Manual or run rndc without arguments to see its
78 help message.
79
81 The rndc utility does not support all the commands of the BIND 8 ndc
82 utility.
83 There is no way to provide the shared secret for a key_id without using
86 the configuration file.
87 Several error messages could be clearer.
90
92 See attributes(5) for descriptions of the following attributes:
93 ┌─────────────────────────────┬─────────────────────────────┐
98 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
99 ├─────────────────────────────┼─────────────────────────────┤
100 │Availability │SUNWbind │
101 ├─────────────────────────────┼─────────────────────────────┤
102 │Interface Stability │External │
103 └─────────────────────────────┴─────────────────────────────┘
104
106 named(1M), rndc-confgen(1M), rndc.conf(4), attributes(5)
107 BIND 9 Administrator Reference Manual
110SunOS 5.11 24 Dec 2008 rndc(1M)