Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Next »

NAME

rndc - name server control utility

SUBCOMMANDS

rndc supports the following subcommands:

• flush: flushes all of the server’s caches.

• flushname name: flushes the given name from the server’s cache(s).

• querylog: toggles named messages in /var/log/messages.

• retransfer zone: re-transfers a single zone without checking serial number.

• status: displays status of the server.

• recursing: Generates a list of queries named is currently recursing on
(queries that are waiting for answers from the server). When the command is 
executed the output is dumped in a newly created file called named.recursing 
in the /infoblox/var/named_conf/ directory.

SYNOPSIS

rndc [-b source-address] [-k key-file] [-s server] 
[-p port] [-V] {command}

DESCRIPTION

rndc controls the operation of a name server. It supersedes the ndc 
utility that was provided in old BIND releases. If rndc is invoked with 
no command line options or arguments, it prints a short summary of the 
supported commands and the available options and their arguments. 

rndc communicates with the name server over a TCP connection, sending 
commands authenticated with digital signatures. In the current versions 
of rndc and named, the only supported authentication algorithm is 
HMAC-MD5, which uses a shared secret on each end of the connection. 
This provides TSIG-style authentication for the command request and the 
name server’s response. All commands sent over the channel must be 
signed by a key_id known to the server. 

rndc reads a configuration file to determine how to contact the name 
server and decide what algorithm and key it should use. 

OPTIONS

-b source-address

Use source-address as the source address for the connection to the
server. Multiple instances are permitted to allow setting of both 
the IPv4 and IPv6 source addresses.

-k key-file

Use key-file as the key file instead of the default, /etc/rndc.key. 
The key in /etc/rndc.key will be used to authenticate commands sent 
to the server if the config-file does not exist.

-s server

server is the name or address of the server which matches a server 
statement in the configuration file for rndc. If no server is 
supplied on the command line, the host named by the default-server 
clause in the options statement of the rndc configuration file will 
be used.

-p port

Send commands to TCP port port instead of BIND 9’s default control 
channel port, 953.

-V

Enable verbose logging.

RESTRICTIONS IN NIOS EXPERT MODE

–c and -y are not allowed due to the “no file” access policy. 

rndc only talks to the internal DNS server.

LIMITATIONS

rndc does not yet support all the commands of the BIND 8 ndc utility.

There is currently no way to provide the shared secret for a key_id 
without using the configuration file.

Several error messages could be clearer.

SEE ALSO

rndc.conf(5), rndc-confgen(8), named(8), named.conf(5), ndc(8), BIND 9 
Administrator Reference Manual.

AUTHOR

Internet Systems Consortium

Copyright © 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")

Copyright © 2000, 2001 Internet Software Consortium.

  • No labels