RNDC(8)                                                   RNDC(8)


NAME
       rndc - name server control utility

SYNOPSIS
       rndc  [ -c config-file ]  [ -s server ]  [ -p port ]  [ -v
       ]  [ -y key_id ]  [ command... ]

DESCRIPTION
       rndc controls the operation of a name  server.  It  super-
       sedes  the  ndc  utility  that  was  provided  in old BIND
       releases. If rndc is invoked with no command line  options
       or  arguments,  it prints a short summary of the supported
       commands and the available options and their arguments.

       rndc communicates with the name server over a TCP  connec-
       tion,  sending  commands authenticated with digital signa-
       tures. In the current versions of rndc and named named the
       only supported authentication algorithm is HMAC-MD5, which
       uses a shared secret on each end of the connection.   This
       provides TSIG-style authentication for the command request
       and the name server's response. All commands sent over the
       channel must be signed by a key_id known to the server.

       rndc  reads  a configuration file to determine how to con-
       tact the name server and decide what algorithm and key  it
       should use.

OPTIONS
       -c config-file
              Use  config-file  as the configuration file instead
              of the default, /etc/rndc.conf.

       -s server
              server is the name or address of the  server  which
              matches  a  server  statement  in the configuration
              file for rndc. If no server is supplied on the com-
              mand  line,  the  host  named by the default-server
              clause in the option statement of the configuration
              file will be used.

       -p port
              Send  commands to TCP port port instead of BIND 9's
              default control channel port, 953.

       -y keyid
              Use the key  keyid  from  the  configuration  file.
              keyid  must  be  known by named with the same algo-
              rithm and secret string in order for  control  mes-
              sage  validation to succeed.  If no keyid is speci-
              fied, rndc will first look for a key clause in  the
              server statement of the server being used, or if no
              server statement is present for that host, then the
              default-key  clause of the options statement.  Note
              that the configuration file contains shared secrets



BIND9                     June 30, 2000                         1





RNDC(8)                                                   RNDC(8)


              which  are  used to send authenticated control com-
              mands to name servers. It should therefore not have
              general read or write access.

       -v     Enable verbose logging.

       For  the  complete  set of commands supported by rndc, see
       the BIND 9 Administrator  Reference  Manual  or  run  rndc
       without arguments to see its help message.


LIMITATIONS
       rndc  does  not yet support all the commands of the BIND 8
       ndc utility.

       There is currently no way to provide the shared secret for
       a key_id without using the configuration file.

       Several error messages could be clearer.

SEE ALSO
       rndc.conf(5),   named(8),  named.conf(5)  ndc(8),  BIND  9
       Administrator Reference Manual.

AUTHOR
       Internet Software Consortium































BIND9                     June 30, 2000                         2