Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Current »

Name

rndc - name server control utility

Subcommands

rndc supports the following subcommands:

• flush: flushes all of the server’s caches.

• flushname name: flushes the given name from the server’s cache(s).

• querylog: toggles named messages in /var/log/messages.

• retransfer zone: re-transfers a single zone without checking serial number.

• status: displays status of the server.

• recursing: Generates a list of queries named is currently recursing on (queries that are waiting for answers from the server). When the command is executed the output is dumped in a newly created file called named. recursing in the /infoblox/var/named_conf/ directory.

Synopsis

rndc [-b source-address] [-k key-file] [-s server] [-p port] [-V] {command}

Description

rndc controls the operation of a name server. It supersedes the ndc utility that was provided in old BIND releases. If rndc is invoked with no command line options or arguments, it prints a short summary of the supported commands and the available options and their arguments. 

rndc communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of rndc and named, the only supported authentication algorithm is HMAC-MD5, which uses a shared secret on each end of the connection. 
This provides TSIG-style authentication for the command request and the name server’s response. All commands sent over the channel must be signed by a key_id known to the server. 

rndc reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use. 

Options

-b source-address

Use source-address as the source address for the connection to the server. Multiple instances are permitted to allow setting of both the IPv4 and IPv6 source addresses.

-k key-file

Use key-file as the key file instead of the default, /etc/rndc.key. The key in /etc/rndc.key will be used to authenticate commands sent to the server if the config-file does not exist.

-s server

server is the name or address of the server which matches a server statement in the configuration file for rndc. If no server is supplied on the command line, the host named by the default-server clause in the options statement of the rndc configuration file will be used.

-p port

Send commands to TCP port port instead of BIND 9’s default control channel port, 953.

-V

Enable verbose logging.

Restrictions in NIOS Expert Mode

–c and -y are not allowed due to the “no file” access policy. rndc only talks to the internal DNS server.

Limitations

rndc does not yet support all the commands of the BIND 8 ndc utility.

There is currently no way to provide the shared secret for a key_id without using the configuration file.

Several error messages could be clearer.

See Also

rndc.conf(5), rndc-confgen(8), named(8), named.conf(5), ndc(8), BIND 9 Administrator Reference Manual.

Author

Internet Systems Consortium

Copyright

Copyright © 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")

Copyright © 2000, 2001 Internet Software Consortium.

  • No labels