1*00b67f09SDavid van Moolenbroek<!-- 2*00b67f09SDavid van Moolenbroek - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") 3*00b67f09SDavid van Moolenbroek - Copyright (C) 2000-2003 Internet Software Consortium. 4*00b67f09SDavid van Moolenbroek - 5*00b67f09SDavid van Moolenbroek - Permission to use, copy, modify, and/or distribute this software for any 6*00b67f09SDavid van Moolenbroek - purpose with or without fee is hereby granted, provided that the above 7*00b67f09SDavid van Moolenbroek - copyright notice and this permission notice appear in all copies. 8*00b67f09SDavid van Moolenbroek - 9*00b67f09SDavid van Moolenbroek - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10*00b67f09SDavid van Moolenbroek - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11*00b67f09SDavid van Moolenbroek - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12*00b67f09SDavid van Moolenbroek - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13*00b67f09SDavid van Moolenbroek - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14*00b67f09SDavid van Moolenbroek - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15*00b67f09SDavid van Moolenbroek - PERFORMANCE OF THIS SOFTWARE. 16*00b67f09SDavid van Moolenbroek--> 17*00b67f09SDavid van Moolenbroek<!-- $Id: man.rndc.html,v 1.5 2015/09/03 07:33:34 christos Exp $ --> 18*00b67f09SDavid van Moolenbroek<html> 19*00b67f09SDavid van Moolenbroek<head> 20*00b67f09SDavid van Moolenbroek<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 21*00b67f09SDavid van Moolenbroek<title>rndc</title> 22*00b67f09SDavid van Moolenbroek<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> 23*00b67f09SDavid van Moolenbroek<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> 24*00b67f09SDavid van Moolenbroek<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages"> 25*00b67f09SDavid van Moolenbroek<link rel="prev" href="man.nsupdate.html" title="nsupdate"> 26*00b67f09SDavid van Moolenbroek<link rel="next" href="man.rndc.conf.html" title="rndc.conf"> 27*00b67f09SDavid van Moolenbroek</head> 28*00b67f09SDavid van Moolenbroek<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> 29*00b67f09SDavid van Moolenbroek<div class="navheader"> 30*00b67f09SDavid van Moolenbroek<table width="100%" summary="Navigation header"> 31*00b67f09SDavid van Moolenbroek<tr><th colspan="3" align="center"><span class="application">rndc</span></th></tr> 32*00b67f09SDavid van Moolenbroek<tr> 33*00b67f09SDavid van Moolenbroek<td width="20%" align="left"> 34*00b67f09SDavid van Moolenbroek<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td> 35*00b67f09SDavid van Moolenbroek<th width="60%" align="center">Manual pages</th> 36*00b67f09SDavid van Moolenbroek<td width="20%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a> 37*00b67f09SDavid van Moolenbroek</td> 38*00b67f09SDavid van Moolenbroek</tr> 39*00b67f09SDavid van Moolenbroek</table> 40*00b67f09SDavid van Moolenbroek<hr> 41*00b67f09SDavid van Moolenbroek</div> 42*00b67f09SDavid van Moolenbroek<div class="refentry" lang="en"> 43*00b67f09SDavid van Moolenbroek<a name="man.rndc"></a><div class="titlepage"></div> 44*00b67f09SDavid van Moolenbroek<div class="refnamediv"> 45*00b67f09SDavid van Moolenbroek<h2>Name</h2> 46*00b67f09SDavid van Moolenbroek<p><span class="application">rndc</span> — name server control utility</p> 47*00b67f09SDavid van Moolenbroek</div> 48*00b67f09SDavid van Moolenbroek<div class="refsynopsisdiv"> 49*00b67f09SDavid van Moolenbroek<h2>Synopsis</h2> 50*00b67f09SDavid van Moolenbroek<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-q</code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div> 51*00b67f09SDavid van Moolenbroek</div> 52*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 53*00b67f09SDavid van Moolenbroek<a name="id2657861"></a><h2>DESCRIPTION</h2> 54*00b67f09SDavid van Moolenbroek<p><span><strong class="command">rndc</strong></span> 55*00b67f09SDavid van Moolenbroek controls the operation of a name 56*00b67f09SDavid van Moolenbroek server. It supersedes the <span><strong class="command">ndc</strong></span> utility 57*00b67f09SDavid van Moolenbroek that was provided in old BIND releases. If 58*00b67f09SDavid van Moolenbroek <span><strong class="command">rndc</strong></span> is invoked with no command line 59*00b67f09SDavid van Moolenbroek options or arguments, it prints a short summary of the 60*00b67f09SDavid van Moolenbroek supported commands and the available options and their 61*00b67f09SDavid van Moolenbroek arguments. 62*00b67f09SDavid van Moolenbroek </p> 63*00b67f09SDavid van Moolenbroek<p><span><strong class="command">rndc</strong></span> 64*00b67f09SDavid van Moolenbroek communicates with the name server over a TCP connection, sending 65*00b67f09SDavid van Moolenbroek commands authenticated with digital signatures. In the current 66*00b67f09SDavid van Moolenbroek versions of 67*00b67f09SDavid van Moolenbroek <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>, 68*00b67f09SDavid van Moolenbroek the only supported authentication algorithms are HMAC-MD5 69*00b67f09SDavid van Moolenbroek (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256 70*00b67f09SDavid van Moolenbroek (default), HMAC-SHA384 and HMAC-SHA512. 71*00b67f09SDavid van Moolenbroek They use a shared secret on each end of the connection. 72*00b67f09SDavid van Moolenbroek This provides TSIG-style authentication for the command 73*00b67f09SDavid van Moolenbroek request and the name server's response. All commands sent 74*00b67f09SDavid van Moolenbroek over the channel must be signed by a key_id known to the 75*00b67f09SDavid van Moolenbroek server. 76*00b67f09SDavid van Moolenbroek </p> 77*00b67f09SDavid van Moolenbroek<p><span><strong class="command">rndc</strong></span> 78*00b67f09SDavid van Moolenbroek reads a configuration file to 79*00b67f09SDavid van Moolenbroek determine how to contact the name server and decide what 80*00b67f09SDavid van Moolenbroek algorithm and key it should use. 81*00b67f09SDavid van Moolenbroek </p> 82*00b67f09SDavid van Moolenbroek</div> 83*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 84*00b67f09SDavid van Moolenbroek<a name="id2657911"></a><h2>OPTIONS</h2> 85*00b67f09SDavid van Moolenbroek<div class="variablelist"><dl> 86*00b67f09SDavid van Moolenbroek<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt> 87*00b67f09SDavid van Moolenbroek<dd><p> 88*00b67f09SDavid van Moolenbroek Use <em class="replaceable"><code>source-address</code></em> 89*00b67f09SDavid van Moolenbroek as the source address for the connection to the server. 90*00b67f09SDavid van Moolenbroek Multiple instances are permitted to allow setting of both 91*00b67f09SDavid van Moolenbroek the IPv4 and IPv6 source addresses. 92*00b67f09SDavid van Moolenbroek </p></dd> 93*00b67f09SDavid van Moolenbroek<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt> 94*00b67f09SDavid van Moolenbroek<dd><p> 95*00b67f09SDavid van Moolenbroek Use <em class="replaceable"><code>config-file</code></em> 96*00b67f09SDavid van Moolenbroek as the configuration file instead of the default, 97*00b67f09SDavid van Moolenbroek <code class="filename">/etc/rndc.conf</code>. 98*00b67f09SDavid van Moolenbroek </p></dd> 99*00b67f09SDavid van Moolenbroek<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt> 100*00b67f09SDavid van Moolenbroek<dd><p> 101*00b67f09SDavid van Moolenbroek Use <em class="replaceable"><code>key-file</code></em> 102*00b67f09SDavid van Moolenbroek as the key file instead of the default, 103*00b67f09SDavid van Moolenbroek <code class="filename">/etc/rndc.key</code>. The key in 104*00b67f09SDavid van Moolenbroek <code class="filename">/etc/rndc.key</code> will be used to 105*00b67f09SDavid van Moolenbroek authenticate 106*00b67f09SDavid van Moolenbroek commands sent to the server if the <em class="replaceable"><code>config-file</code></em> 107*00b67f09SDavid van Moolenbroek does not exist. 108*00b67f09SDavid van Moolenbroek </p></dd> 109*00b67f09SDavid van Moolenbroek<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt> 110*00b67f09SDavid van Moolenbroek<dd><p><em class="replaceable"><code>server</code></em> is 111*00b67f09SDavid van Moolenbroek the name or address of the server which matches a 112*00b67f09SDavid van Moolenbroek server statement in the configuration file for 113*00b67f09SDavid van Moolenbroek <span><strong class="command">rndc</strong></span>. If no server is supplied on the 114*00b67f09SDavid van Moolenbroek command line, the host named by the default-server clause 115*00b67f09SDavid van Moolenbroek in the options statement of the <span><strong class="command">rndc</strong></span> 116*00b67f09SDavid van Moolenbroek configuration file will be used. 117*00b67f09SDavid van Moolenbroek </p></dd> 118*00b67f09SDavid van Moolenbroek<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt> 119*00b67f09SDavid van Moolenbroek<dd><p> 120*00b67f09SDavid van Moolenbroek Send commands to TCP port 121*00b67f09SDavid van Moolenbroek <em class="replaceable"><code>port</code></em> 122*00b67f09SDavid van Moolenbroek instead 123*00b67f09SDavid van Moolenbroek of BIND 9's default control channel port, 953. 124*00b67f09SDavid van Moolenbroek </p></dd> 125*00b67f09SDavid van Moolenbroek<dt><span class="term">-q</span></dt> 126*00b67f09SDavid van Moolenbroek<dd><p> 127*00b67f09SDavid van Moolenbroek Quiet mode: Message text returned by the server 128*00b67f09SDavid van Moolenbroek will not be printed except when there is an error. 129*00b67f09SDavid van Moolenbroek </p></dd> 130*00b67f09SDavid van Moolenbroek<dt><span class="term">-V</span></dt> 131*00b67f09SDavid van Moolenbroek<dd><p> 132*00b67f09SDavid van Moolenbroek Enable verbose logging. 133*00b67f09SDavid van Moolenbroek </p></dd> 134*00b67f09SDavid van Moolenbroek<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt> 135*00b67f09SDavid van Moolenbroek<dd><p> 136*00b67f09SDavid van Moolenbroek Use the key <em class="replaceable"><code>key_id</code></em> 137*00b67f09SDavid van Moolenbroek from the configuration file. 138*00b67f09SDavid van Moolenbroek <em class="replaceable"><code>key_id</code></em> 139*00b67f09SDavid van Moolenbroek must be 140*00b67f09SDavid van Moolenbroek known by named with the same algorithm and secret string 141*00b67f09SDavid van Moolenbroek in order for control message validation to succeed. 142*00b67f09SDavid van Moolenbroek If no <em class="replaceable"><code>key_id</code></em> 143*00b67f09SDavid van Moolenbroek is specified, <span><strong class="command">rndc</strong></span> will first look 144*00b67f09SDavid van Moolenbroek for a key clause in the server statement of the server 145*00b67f09SDavid van Moolenbroek being used, or if no server statement is present for that 146*00b67f09SDavid van Moolenbroek host, then the default-key clause of the options statement. 147*00b67f09SDavid van Moolenbroek Note that the configuration file contains shared secrets 148*00b67f09SDavid van Moolenbroek which are used to send authenticated control commands 149*00b67f09SDavid van Moolenbroek to name servers. It should therefore not have general read 150*00b67f09SDavid van Moolenbroek or write access. 151*00b67f09SDavid van Moolenbroek </p></dd> 152*00b67f09SDavid van Moolenbroek</dl></div> 153*00b67f09SDavid van Moolenbroek</div> 154*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 155*00b67f09SDavid van Moolenbroek<a name="id2659498"></a><h2>COMMANDS</h2> 156*00b67f09SDavid van Moolenbroek<p> 157*00b67f09SDavid van Moolenbroek A list of commands supported by <span><strong class="command">rndc</strong></span> can 158*00b67f09SDavid van Moolenbroek be seen by running <span><strong class="command">rndc</strong></span> without arguments. 159*00b67f09SDavid van Moolenbroek </p> 160*00b67f09SDavid van Moolenbroek<p> 161*00b67f09SDavid van Moolenbroek Currently supported commands are: 162*00b67f09SDavid van Moolenbroek </p> 163*00b67f09SDavid van Moolenbroek<div class="variablelist"><dl> 164*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt> 165*00b67f09SDavid van Moolenbroek<dd><p> 166*00b67f09SDavid van Moolenbroek Reload configuration file and zones. 167*00b67f09SDavid van Moolenbroek </p></dd> 168*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> 169*00b67f09SDavid van Moolenbroek<dd><p> 170*00b67f09SDavid van Moolenbroek Reload the given zone. 171*00b67f09SDavid van Moolenbroek </p></dd> 172*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> 173*00b67f09SDavid van Moolenbroek<dd><p> 174*00b67f09SDavid van Moolenbroek Schedule zone maintenance for the given zone. 175*00b67f09SDavid van Moolenbroek </p></dd> 176*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> 177*00b67f09SDavid van Moolenbroek<dd> 178*00b67f09SDavid van Moolenbroek<p> 179*00b67f09SDavid van Moolenbroek Retransfer the given slave zone from the master server. 180*00b67f09SDavid van Moolenbroek </p> 181*00b67f09SDavid van Moolenbroek<p> 182*00b67f09SDavid van Moolenbroek If the zone is configured to use 183*00b67f09SDavid van Moolenbroek <span><strong class="command">inline-signing</strong></span>, the signed 184*00b67f09SDavid van Moolenbroek version of the zone is discarded; after the 185*00b67f09SDavid van Moolenbroek retransfer of the unsigned version is complete, the 186*00b67f09SDavid van Moolenbroek signed version will be regenerated with all new 187*00b67f09SDavid van Moolenbroek signatures. 188*00b67f09SDavid van Moolenbroek </p> 189*00b67f09SDavid van Moolenbroek</dd> 190*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>sign <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> 191*00b67f09SDavid van Moolenbroek<dd> 192*00b67f09SDavid van Moolenbroek<p> 193*00b67f09SDavid van Moolenbroek Fetch all DNSSEC keys for the given zone 194*00b67f09SDavid van Moolenbroek from the key directory (see the 195*00b67f09SDavid van Moolenbroek <span><strong class="command">key-directory</strong></span> option in 196*00b67f09SDavid van Moolenbroek the BIND 9 Administrator Reference Manual). If they are within 197*00b67f09SDavid van Moolenbroek their publication period, merge them into the 198*00b67f09SDavid van Moolenbroek zone's DNSKEY RRset. If the DNSKEY RRset 199*00b67f09SDavid van Moolenbroek is changed, then the zone is automatically 200*00b67f09SDavid van Moolenbroek re-signed with the new key set. 201*00b67f09SDavid van Moolenbroek </p> 202*00b67f09SDavid van Moolenbroek<p> 203*00b67f09SDavid van Moolenbroek This command requires that the 204*00b67f09SDavid van Moolenbroek <span><strong class="command">auto-dnssec</strong></span> zone option be set 205*00b67f09SDavid van Moolenbroek to <code class="literal">allow</code> or 206*00b67f09SDavid van Moolenbroek <code class="literal">maintain</code>, 207*00b67f09SDavid van Moolenbroek and also requires the zone to be configured to 208*00b67f09SDavid van Moolenbroek allow dynamic DNS. 209*00b67f09SDavid van Moolenbroek (See "Dynamic Update Policies" in the Administrator 210*00b67f09SDavid van Moolenbroek Reference Manual for more details.) 211*00b67f09SDavid van Moolenbroek </p> 212*00b67f09SDavid van Moolenbroek</dd> 213*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> 214*00b67f09SDavid van Moolenbroek<dd> 215*00b67f09SDavid van Moolenbroek<p> 216*00b67f09SDavid van Moolenbroek Fetch all DNSSEC keys for the given zone 217*00b67f09SDavid van Moolenbroek from the key directory. If they are within 218*00b67f09SDavid van Moolenbroek their publication period, merge them into the 219*00b67f09SDavid van Moolenbroek zone's DNSKEY RRset. Unlike <span><strong class="command">rndc 220*00b67f09SDavid van Moolenbroek sign</strong></span>, however, the zone is not 221*00b67f09SDavid van Moolenbroek immediately re-signed by the new keys, but is 222*00b67f09SDavid van Moolenbroek allowed to incrementally re-sign over time. 223*00b67f09SDavid van Moolenbroek </p> 224*00b67f09SDavid van Moolenbroek<p> 225*00b67f09SDavid van Moolenbroek This command requires that the 226*00b67f09SDavid van Moolenbroek <span><strong class="command">auto-dnssec</strong></span> zone option 227*00b67f09SDavid van Moolenbroek be set to <code class="literal">maintain</code>, 228*00b67f09SDavid van Moolenbroek and also requires the zone to be configured to 229*00b67f09SDavid van Moolenbroek allow dynamic DNS. 230*00b67f09SDavid van Moolenbroek (See "Dynamic Update Policies" in the Administrator 231*00b67f09SDavid van Moolenbroek Reference Manual for more details.) 232*00b67f09SDavid van Moolenbroek </p> 233*00b67f09SDavid van Moolenbroek</dd> 234*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>freeze [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> 235*00b67f09SDavid van Moolenbroek<dd><p> 236*00b67f09SDavid van Moolenbroek Suspend updates to a dynamic zone. If no zone is 237*00b67f09SDavid van Moolenbroek specified, then all zones are suspended. This allows 238*00b67f09SDavid van Moolenbroek manual edits to be made to a zone normally updated by 239*00b67f09SDavid van Moolenbroek dynamic update. It also causes changes in the 240*00b67f09SDavid van Moolenbroek journal file to be synced into the master file. 241*00b67f09SDavid van Moolenbroek All dynamic update attempts will be refused while 242*00b67f09SDavid van Moolenbroek the zone is frozen. 243*00b67f09SDavid van Moolenbroek </p></dd> 244*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>thaw [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> 245*00b67f09SDavid van Moolenbroek<dd><p> 246*00b67f09SDavid van Moolenbroek Enable updates to a frozen dynamic zone. If no 247*00b67f09SDavid van Moolenbroek zone is specified, then all frozen zones are 248*00b67f09SDavid van Moolenbroek enabled. This causes the server to reload the zone 249*00b67f09SDavid van Moolenbroek from disk, and re-enables dynamic updates after the 250*00b67f09SDavid van Moolenbroek load has completed. After a zone is thawed, 251*00b67f09SDavid van Moolenbroek dynamic updates will no longer be refused. If 252*00b67f09SDavid van Moolenbroek the zone has changed and the 253*00b67f09SDavid van Moolenbroek <span><strong class="command">ixfr-from-differences</strong></span> option is 254*00b67f09SDavid van Moolenbroek in use, then the journal file will be updated to 255*00b67f09SDavid van Moolenbroek reflect changes in the zone. Otherwise, if the 256*00b67f09SDavid van Moolenbroek zone has changed, any existing journal file will be 257*00b67f09SDavid van Moolenbroek removed. 258*00b67f09SDavid van Moolenbroek </p></dd> 259*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>scan</code></strong></span></dt> 260*00b67f09SDavid van Moolenbroek<dd><p> 261*00b67f09SDavid van Moolenbroek Scan the list of available network interfaces 262*00b67f09SDavid van Moolenbroek for changes, without performing a full 263*00b67f09SDavid van Moolenbroek <span><strong class="command">reconfig</strong></span> or waiting for the 264*00b67f09SDavid van Moolenbroek <span><strong class="command">interface-interval</strong></span> timer. 265*00b67f09SDavid van Moolenbroek </p></dd> 266*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>sync [<span class="optional">-clean</span>] [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> 267*00b67f09SDavid van Moolenbroek<dd><p> 268*00b67f09SDavid van Moolenbroek Sync changes in the journal file for a dynamic zone 269*00b67f09SDavid van Moolenbroek to the master file. If the "-clean" option is 270*00b67f09SDavid van Moolenbroek specified, the journal file is also removed. If 271*00b67f09SDavid van Moolenbroek no zone is specified, then all zones are synced. 272*00b67f09SDavid van Moolenbroek </p></dd> 273*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> 274*00b67f09SDavid van Moolenbroek<dd><p> 275*00b67f09SDavid van Moolenbroek Resend NOTIFY messages for the zone. 276*00b67f09SDavid van Moolenbroek </p></dd> 277*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt> 278*00b67f09SDavid van Moolenbroek<dd><p> 279*00b67f09SDavid van Moolenbroek Reload the configuration file and load new zones, 280*00b67f09SDavid van Moolenbroek but do not reload existing zone files even if they 281*00b67f09SDavid van Moolenbroek have changed. 282*00b67f09SDavid van Moolenbroek This is faster than a full <span><strong class="command">reload</strong></span> when there 283*00b67f09SDavid van Moolenbroek is a large number of zones because it avoids the need 284*00b67f09SDavid van Moolenbroek to examine the 285*00b67f09SDavid van Moolenbroek modification times of the zones files. 286*00b67f09SDavid van Moolenbroek </p></dd> 287*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>zonestatus [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> 288*00b67f09SDavid van Moolenbroek<dd><p> 289*00b67f09SDavid van Moolenbroek Displays the current status of the given zone, 290*00b67f09SDavid van Moolenbroek including the master file name and any include 291*00b67f09SDavid van Moolenbroek files from which it was loaded, when it was most 292*00b67f09SDavid van Moolenbroek recently loaded, the current serial number, the 293*00b67f09SDavid van Moolenbroek number of nodes, whether the zone supports 294*00b67f09SDavid van Moolenbroek dynamic updates, whether the zone is DNSSEC 295*00b67f09SDavid van Moolenbroek signed, whether it uses automatic DNSSEC key 296*00b67f09SDavid van Moolenbroek management or inline signing, and the scheduled 297*00b67f09SDavid van Moolenbroek refresh or expiry times for the zone. 298*00b67f09SDavid van Moolenbroek </p></dd> 299*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt> 300*00b67f09SDavid van Moolenbroek<dd><p> 301*00b67f09SDavid van Moolenbroek Write server statistics to the statistics file. 302*00b67f09SDavid van Moolenbroek </p></dd> 303*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional">on|off</span>] </span></dt> 304*00b67f09SDavid van Moolenbroek<dd> 305*00b67f09SDavid van Moolenbroek<p> 306*00b67f09SDavid van Moolenbroek Enable or disable query logging. (For backward 307*00b67f09SDavid van Moolenbroek compatibility, this command can also be used without 308*00b67f09SDavid van Moolenbroek an argument to toggle query logging on and off.) 309*00b67f09SDavid van Moolenbroek </p> 310*00b67f09SDavid van Moolenbroek<p> 311*00b67f09SDavid van Moolenbroek Query logging can also be enabled 312*00b67f09SDavid van Moolenbroek by explicitly directing the <span><strong class="command">queries</strong></span> 313*00b67f09SDavid van Moolenbroek <span><strong class="command">category</strong></span> to a 314*00b67f09SDavid van Moolenbroek <span><strong class="command">channel</strong></span> in the 315*00b67f09SDavid van Moolenbroek <span><strong class="command">logging</strong></span> section of 316*00b67f09SDavid van Moolenbroek <code class="filename">named.conf</code> or by specifying 317*00b67f09SDavid van Moolenbroek <span><strong class="command">querylog yes;</strong></span> in the 318*00b67f09SDavid van Moolenbroek <span><strong class="command">options</strong></span> section of 319*00b67f09SDavid van Moolenbroek <code class="filename">named.conf</code>. 320*00b67f09SDavid van Moolenbroek </p> 321*00b67f09SDavid van Moolenbroek</dd> 322*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zone</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt> 323*00b67f09SDavid van Moolenbroek<dd><p> 324*00b67f09SDavid van Moolenbroek Dump the server's caches (default) and/or zones to 325*00b67f09SDavid van Moolenbroek the 326*00b67f09SDavid van Moolenbroek dump file for the specified views. If no view is 327*00b67f09SDavid van Moolenbroek specified, all 328*00b67f09SDavid van Moolenbroek views are dumped. 329*00b67f09SDavid van Moolenbroek </p></dd> 330*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>secroots [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt> 331*00b67f09SDavid van Moolenbroek<dd><p> 332*00b67f09SDavid van Moolenbroek Dump the server's security roots to the secroots 333*00b67f09SDavid van Moolenbroek file for the specified views. If no view is 334*00b67f09SDavid van Moolenbroek specified, security roots for all 335*00b67f09SDavid van Moolenbroek views are dumped. 336*00b67f09SDavid van Moolenbroek </p></dd> 337*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt> 338*00b67f09SDavid van Moolenbroek<dd><p> 339*00b67f09SDavid van Moolenbroek Stop the server, making sure any recent changes 340*00b67f09SDavid van Moolenbroek made through dynamic update or IXFR are first saved to 341*00b67f09SDavid van Moolenbroek the master files of the updated zones. 342*00b67f09SDavid van Moolenbroek If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned. 343*00b67f09SDavid van Moolenbroek This allows an external process to determine when <span><strong class="command">named</strong></span> 344*00b67f09SDavid van Moolenbroek had completed stopping. 345*00b67f09SDavid van Moolenbroek </p></dd> 346*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt> 347*00b67f09SDavid van Moolenbroek<dd><p> 348*00b67f09SDavid van Moolenbroek Stop the server immediately. Recent changes 349*00b67f09SDavid van Moolenbroek made through dynamic update or IXFR are not saved to 350*00b67f09SDavid van Moolenbroek the master files, but will be rolled forward from the 351*00b67f09SDavid van Moolenbroek journal files when the server is restarted. 352*00b67f09SDavid van Moolenbroek If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned. 353*00b67f09SDavid van Moolenbroek This allows an external process to determine when <span><strong class="command">named</strong></span> 354*00b67f09SDavid van Moolenbroek had completed halting. 355*00b67f09SDavid van Moolenbroek </p></dd> 356*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt> 357*00b67f09SDavid van Moolenbroek<dd><p> 358*00b67f09SDavid van Moolenbroek Increment the servers debugging level by one. 359*00b67f09SDavid van Moolenbroek </p></dd> 360*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt> 361*00b67f09SDavid van Moolenbroek<dd><p> 362*00b67f09SDavid van Moolenbroek Sets the server's debugging level to an explicit 363*00b67f09SDavid van Moolenbroek value. 364*00b67f09SDavid van Moolenbroek </p></dd> 365*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt> 366*00b67f09SDavid van Moolenbroek<dd><p> 367*00b67f09SDavid van Moolenbroek Sets the server's debugging level to 0. 368*00b67f09SDavid van Moolenbroek </p></dd> 369*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt> 370*00b67f09SDavid van Moolenbroek<dd><p> 371*00b67f09SDavid van Moolenbroek Flushes the server's cache. 372*00b67f09SDavid van Moolenbroek </p></dd> 373*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>] </span></dt> 374*00b67f09SDavid van Moolenbroek<dd><p> 375*00b67f09SDavid van Moolenbroek Flushes the given name from the server's DNS cache 376*00b67f09SDavid van Moolenbroek and, if applicable, from the server's nameserver address 377*00b67f09SDavid van Moolenbroek database or bad-server cache. 378*00b67f09SDavid van Moolenbroek </p></dd> 379*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>flushtree</code></strong> <em class="replaceable"><code>name</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>] </span></dt> 380*00b67f09SDavid van Moolenbroek<dd><p> 381*00b67f09SDavid van Moolenbroek Flushes the given name, and all of its subdomains, 382*00b67f09SDavid van Moolenbroek from the server's DNS cache, the address database, 383*00b67f09SDavid van Moolenbroek and the bad server cache. 384*00b67f09SDavid van Moolenbroek </p></dd> 385*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt> 386*00b67f09SDavid van Moolenbroek<dd><p> 387*00b67f09SDavid van Moolenbroek Display status of the server. 388*00b67f09SDavid van Moolenbroek Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone 389*00b67f09SDavid van Moolenbroek and the default <span><strong class="command">./IN</strong></span> 390*00b67f09SDavid van Moolenbroek hint zone if there is not an 391*00b67f09SDavid van Moolenbroek explicit root zone configured. 392*00b67f09SDavid van Moolenbroek </p></dd> 393*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt> 394*00b67f09SDavid van Moolenbroek<dd><p> 395*00b67f09SDavid van Moolenbroek Dump the list of queries <span><strong class="command">named</strong></span> is currently recursing 396*00b67f09SDavid van Moolenbroek on. 397*00b67f09SDavid van Moolenbroek </p></dd> 398*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>validation ( on | off | check ) [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>] </code></strong></span></dt> 399*00b67f09SDavid van Moolenbroek<dd><p> 400*00b67f09SDavid van Moolenbroek Enable, disable, or check the current status of 401*00b67f09SDavid van Moolenbroek DNSSEC validation. 402*00b67f09SDavid van Moolenbroek Note <span><strong class="command">dnssec-enable</strong></span> also needs to be 403*00b67f09SDavid van Moolenbroek set to <strong class="userinput"><code>yes</code></strong> or 404*00b67f09SDavid van Moolenbroek <strong class="userinput"><code>auto</code></strong> to be effective. 405*00b67f09SDavid van Moolenbroek It defaults to enabled. 406*00b67f09SDavid van Moolenbroek </p></dd> 407*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt> 408*00b67f09SDavid van Moolenbroek<dd><p> 409*00b67f09SDavid van Moolenbroek List the names of all TSIG keys currently configured 410*00b67f09SDavid van Moolenbroek for use by <span><strong class="command">named</strong></span> in each view. The 411*00b67f09SDavid van Moolenbroek list both statically configured keys and dynamic 412*00b67f09SDavid van Moolenbroek TKEY-negotiated keys. 413*00b67f09SDavid van Moolenbroek </p></dd> 414*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong> <em class="replaceable"><code>keyname</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt> 415*00b67f09SDavid van Moolenbroek<dd><p> 416*00b67f09SDavid van Moolenbroek Delete a given TKEY-negotiated key from the server. 417*00b67f09SDavid van Moolenbroek (This does not apply to statically configured TSIG 418*00b67f09SDavid van Moolenbroek keys.) 419*00b67f09SDavid van Moolenbroek </p></dd> 420*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>addzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] <em class="replaceable"><code>configuration</code></em> </code></strong></span></dt> 421*00b67f09SDavid van Moolenbroek<dd> 422*00b67f09SDavid van Moolenbroek<p> 423*00b67f09SDavid van Moolenbroek Add a zone while the server is running. This 424*00b67f09SDavid van Moolenbroek command requires the 425*00b67f09SDavid van Moolenbroek <span><strong class="command">allow-new-zones</strong></span> option to be set 426*00b67f09SDavid van Moolenbroek to <strong class="userinput"><code>yes</code></strong>. The 427*00b67f09SDavid van Moolenbroek <em class="replaceable"><code>configuration</code></em> string 428*00b67f09SDavid van Moolenbroek specified on the command line is the zone 429*00b67f09SDavid van Moolenbroek configuration text that would ordinarily be 430*00b67f09SDavid van Moolenbroek placed in <code class="filename">named.conf</code>. 431*00b67f09SDavid van Moolenbroek </p> 432*00b67f09SDavid van Moolenbroek<p> 433*00b67f09SDavid van Moolenbroek The configuration is saved in a file called 434*00b67f09SDavid van Moolenbroek <code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>, 435*00b67f09SDavid van Moolenbroek where <em class="replaceable"><code>hash</code></em> is a 436*00b67f09SDavid van Moolenbroek cryptographic hash generated from the name of 437*00b67f09SDavid van Moolenbroek the view. When <span><strong class="command">named</strong></span> is 438*00b67f09SDavid van Moolenbroek restarted, the file will be loaded into the view 439*00b67f09SDavid van Moolenbroek configuration, so that zones that were added 440*00b67f09SDavid van Moolenbroek can persist after a restart. 441*00b67f09SDavid van Moolenbroek </p> 442*00b67f09SDavid van Moolenbroek<p> 443*00b67f09SDavid van Moolenbroek This sample <span><strong class="command">addzone</strong></span> command 444*00b67f09SDavid van Moolenbroek would add the zone <code class="literal">example.com</code> 445*00b67f09SDavid van Moolenbroek to the default view: 446*00b67f09SDavid van Moolenbroek </p> 447*00b67f09SDavid van Moolenbroek<p> 448*00b67f09SDavid van Moolenbroek<code class="prompt">$ </code><strong class="userinput"><code>rndc addzone example.com '{ type master; file "example.com.db"; };'</code></strong> 449*00b67f09SDavid van Moolenbroek </p> 450*00b67f09SDavid van Moolenbroek<p> 451*00b67f09SDavid van Moolenbroek (Note the brackets and semi-colon around the zone 452*00b67f09SDavid van Moolenbroek configuration text.) 453*00b67f09SDavid van Moolenbroek </p> 454*00b67f09SDavid van Moolenbroek</dd> 455*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>delzone [<span class="optional">-clean</span>] <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt> 456*00b67f09SDavid van Moolenbroek<dd> 457*00b67f09SDavid van Moolenbroek<p> 458*00b67f09SDavid van Moolenbroek Delete a zone while the server is running. 459*00b67f09SDavid van Moolenbroek Only zones that were originally added via 460*00b67f09SDavid van Moolenbroek <span><strong class="command">rndc addzone</strong></span> can be deleted 461*00b67f09SDavid van Moolenbroek in this manner. 462*00b67f09SDavid van Moolenbroek </p> 463*00b67f09SDavid van Moolenbroek<p> 464*00b67f09SDavid van Moolenbroek If the <code class="option">-clean</code> is specified, 465*00b67f09SDavid van Moolenbroek the zone's master file (and journal file, if any) 466*00b67f09SDavid van Moolenbroek will be deleted along with the zone. Without the 467*00b67f09SDavid van Moolenbroek <code class="option">-clean</code> option, zone files must 468*00b67f09SDavid van Moolenbroek be cleaned up by hand. (If the zone is of 469*00b67f09SDavid van Moolenbroek type "slave" or "stub", the files needing to 470*00b67f09SDavid van Moolenbroek be cleaned up will be reported in the output 471*00b67f09SDavid van Moolenbroek of the <span><strong class="command">rndc delzone</strong></span> command.) 472*00b67f09SDavid van Moolenbroek </p> 473*00b67f09SDavid van Moolenbroek</dd> 474*00b67f09SDavid van Moolenbroek<dt><span class="term"><strong class="userinput"><code>signing [<span class="optional">( -list | -clear <em class="replaceable"><code>keyid/algorithm</code></em> | -clear <code class="literal">all</code> | -nsec3param ( <em class="replaceable"><code>parameters</code></em> | <code class="literal">none</code> ) ) </span>] <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt> 475*00b67f09SDavid van Moolenbroek<dd> 476*00b67f09SDavid van Moolenbroek<p> 477*00b67f09SDavid van Moolenbroek List, edit, or remove the DNSSEC signing state records 478*00b67f09SDavid van Moolenbroek for the specified zone. The status of ongoing DNSSEC 479*00b67f09SDavid van Moolenbroek operations (such as signing or generating 480*00b67f09SDavid van Moolenbroek NSEC3 chains) is stored in the zone in the form 481*00b67f09SDavid van Moolenbroek of DNS resource records of type 482*00b67f09SDavid van Moolenbroek <span><strong class="command">sig-signing-type</strong></span>. 483*00b67f09SDavid van Moolenbroek <span><strong class="command">rndc signing -list</strong></span> converts 484*00b67f09SDavid van Moolenbroek these records into a human-readable form, 485*00b67f09SDavid van Moolenbroek indicating which keys are currently signing 486*00b67f09SDavid van Moolenbroek or have finished signing the zone, and which NSEC3 487*00b67f09SDavid van Moolenbroek chains are being created or removed. 488*00b67f09SDavid van Moolenbroek </p> 489*00b67f09SDavid van Moolenbroek<p> 490*00b67f09SDavid van Moolenbroek <span><strong class="command">rndc signing -clear</strong></span> can remove 491*00b67f09SDavid van Moolenbroek a single key (specified in the same format that 492*00b67f09SDavid van Moolenbroek <span><strong class="command">rndc signing -list</strong></span> uses to 493*00b67f09SDavid van Moolenbroek display it), or all keys. In either case, only 494*00b67f09SDavid van Moolenbroek completed keys are removed; any record indicating 495*00b67f09SDavid van Moolenbroek that a key has not yet finished signing the zone 496*00b67f09SDavid van Moolenbroek will be retained. 497*00b67f09SDavid van Moolenbroek </p> 498*00b67f09SDavid van Moolenbroek<p> 499*00b67f09SDavid van Moolenbroek <span><strong class="command">rndc signing -nsec3param</strong></span> sets 500*00b67f09SDavid van Moolenbroek the NSEC3 parameters for a zone. This is the 501*00b67f09SDavid van Moolenbroek only supported mechanism for using NSEC3 with 502*00b67f09SDavid van Moolenbroek <span><strong class="command">inline-signing</strong></span> zones. 503*00b67f09SDavid van Moolenbroek Parameters are specified in the same format as 504*00b67f09SDavid van Moolenbroek an NSEC3PARAM resource record: hash algorithm, 505*00b67f09SDavid van Moolenbroek flags, iterations, and salt, in that order. 506*00b67f09SDavid van Moolenbroek </p> 507*00b67f09SDavid van Moolenbroek<p> 508*00b67f09SDavid van Moolenbroek Currently, the only defined value for hash algorithm 509*00b67f09SDavid van Moolenbroek is <code class="literal">1</code>, representing SHA-1. 510*00b67f09SDavid van Moolenbroek The <code class="option">flags</code> may be set to 511*00b67f09SDavid van Moolenbroek <code class="literal">0</code> or <code class="literal">1</code>, 512*00b67f09SDavid van Moolenbroek depending on whether you wish to set the opt-out 513*00b67f09SDavid van Moolenbroek bit in the NSEC3 chain. <code class="option">iterations</code> 514*00b67f09SDavid van Moolenbroek defines the number of additional times to apply 515*00b67f09SDavid van Moolenbroek the algorithm when generating an NSEC3 hash. The 516*00b67f09SDavid van Moolenbroek <code class="option">salt</code> is a string of data expressed 517*00b67f09SDavid van Moolenbroek in hexadecimal, a hyphen (`-') if no salt is 518*00b67f09SDavid van Moolenbroek to be used, or the keyword <code class="literal">auto</code>, 519*00b67f09SDavid van Moolenbroek which causes <span><strong class="command">named</strong></span> to generate a 520*00b67f09SDavid van Moolenbroek random 64-bit salt. 521*00b67f09SDavid van Moolenbroek </p> 522*00b67f09SDavid van Moolenbroek<p> 523*00b67f09SDavid van Moolenbroek So, for example, to create an NSEC3 chain using 524*00b67f09SDavid van Moolenbroek the SHA-1 hash algorithm, no opt-out flag, 525*00b67f09SDavid van Moolenbroek 10 iterations, and a salt value of "FFFF", use: 526*00b67f09SDavid van Moolenbroek <span><strong class="command">rndc signing -nsec3param 1 0 10 FFFF <em class="replaceable"><code>zone</code></em></strong></span>. 527*00b67f09SDavid van Moolenbroek To set the opt-out flag, 15 iterations, and no 528*00b67f09SDavid van Moolenbroek salt, use: 529*00b67f09SDavid van Moolenbroek <span><strong class="command">rndc signing -nsec3param 1 1 15 - <em class="replaceable"><code>zone</code></em></strong></span>. 530*00b67f09SDavid van Moolenbroek </p> 531*00b67f09SDavid van Moolenbroek<p> 532*00b67f09SDavid van Moolenbroek <span><strong class="command">rndc signing -nsec3param none</strong></span> 533*00b67f09SDavid van Moolenbroek removes an existing NSEC3 chain and replaces it 534*00b67f09SDavid van Moolenbroek with NSEC. 535*00b67f09SDavid van Moolenbroek </p> 536*00b67f09SDavid van Moolenbroek</dd> 537*00b67f09SDavid van Moolenbroek</dl></div> 538*00b67f09SDavid van Moolenbroek</div> 539*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 540*00b67f09SDavid van Moolenbroek<a name="id2691952"></a><h2>LIMITATIONS</h2> 541*00b67f09SDavid van Moolenbroek<p> 542*00b67f09SDavid van Moolenbroek There is currently no way to provide the shared secret for a 543*00b67f09SDavid van Moolenbroek <code class="option">key_id</code> without using the configuration file. 544*00b67f09SDavid van Moolenbroek </p> 545*00b67f09SDavid van Moolenbroek<p> 546*00b67f09SDavid van Moolenbroek Several error messages could be clearer. 547*00b67f09SDavid van Moolenbroek </p> 548*00b67f09SDavid van Moolenbroek</div> 549*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 550*00b67f09SDavid van Moolenbroek<a name="id2692038"></a><h2>SEE ALSO</h2> 551*00b67f09SDavid van Moolenbroek<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, 552*00b67f09SDavid van Moolenbroek <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>, 553*00b67f09SDavid van Moolenbroek <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, 554*00b67f09SDavid van Moolenbroek <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>, 555*00b67f09SDavid van Moolenbroek <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>, 556*00b67f09SDavid van Moolenbroek <em class="citetitle">BIND 9 Administrator Reference Manual</em>. 557*00b67f09SDavid van Moolenbroek </p> 558*00b67f09SDavid van Moolenbroek</div> 559*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 560*00b67f09SDavid van Moolenbroek<a name="id2692093"></a><h2>AUTHOR</h2> 561*00b67f09SDavid van Moolenbroek<p><span class="corpauthor">Internet Systems Consortium</span> 562*00b67f09SDavid van Moolenbroek </p> 563*00b67f09SDavid van Moolenbroek</div> 564*00b67f09SDavid van Moolenbroek</div> 565*00b67f09SDavid van Moolenbroek<div class="navfooter"> 566*00b67f09SDavid van Moolenbroek<hr> 567*00b67f09SDavid van Moolenbroek<table width="100%" summary="Navigation footer"> 568*00b67f09SDavid van Moolenbroek<tr> 569*00b67f09SDavid van Moolenbroek<td width="40%" align="left"> 570*00b67f09SDavid van Moolenbroek<a accesskey="p" href="man.nsupdate.html">Prev</a>�</td> 571*00b67f09SDavid van Moolenbroek<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td> 572*00b67f09SDavid van Moolenbroek<td width="40%" align="right">�<a accesskey="n" href="man.rndc.conf.html">Next</a> 573*00b67f09SDavid van Moolenbroek</td> 574*00b67f09SDavid van Moolenbroek</tr> 575*00b67f09SDavid van Moolenbroek<tr> 576*00b67f09SDavid van Moolenbroek<td width="40%" align="left" valign="top"> 577*00b67f09SDavid van Moolenbroek<span class="application">nsupdate</span>�</td> 578*00b67f09SDavid van Moolenbroek<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td> 579*00b67f09SDavid van Moolenbroek<td width="40%" align="right" valign="top">�<code class="filename">rndc.conf</code> 580*00b67f09SDavid van Moolenbroek</td> 581*00b67f09SDavid van Moolenbroek</tr> 582*00b67f09SDavid van Moolenbroek</table> 583*00b67f09SDavid van Moolenbroek</div> 584*00b67f09SDavid van Moolenbroek<p style="text-align: center;">BIND 9.10.2-P4</p> 585*00b67f09SDavid van Moolenbroek</body> 586*00b67f09SDavid van Moolenbroek</html> 587