summaryrefslogtreecommitdiffstats
path: root/doc/man/rndc.8in
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man/rndc.8in')
-rw-r--r--doc/man/rndc.8in627
1 files changed, 627 insertions, 0 deletions
diff --git a/doc/man/rndc.8in b/doc/man/rndc.8in
new file mode 100644
index 0000000..dba9922
--- /dev/null
+++ b/doc/man/rndc.8in
@@ -0,0 +1,627 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "RNDC" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
+.SH NAME
+rndc \- name server control utility
+.SH SYNOPSIS
+.sp
+\fBrndc\fP [\fB\-b\fP source\-address] [\fB\-c\fP config\-file] [\fB\-k\fP key\-file] [\fB\-s\fP server] [\fB\-p\fP port] [\fB\-q\fP] [\fB\-r\fP] [\fB\-V\fP] [\fB\-y\fP key_id] [[\fB\-4\fP] | [\fB\-6\fP]] {command}
+.SH DESCRIPTION
+.sp
+\fBrndc\fP controls the operation of a name server; it supersedes the
+\fBndc\fP utility. If \fBrndc\fP is
+invoked with no command line options or arguments, it prints a short
+summary of the supported commands and the available options and their
+arguments.
+.sp
+\fBrndc\fP communicates with the name server over a TCP connection,
+sending commands authenticated with digital signatures. In the current
+versions of \fBrndc\fP and \fBnamed\fP, the only supported authentication
+algorithms are HMAC\-MD5 (for compatibility), HMAC\-SHA1, HMAC\-SHA224,
+HMAC\-SHA256 (default), HMAC\-SHA384, and HMAC\-SHA512. They use a shared
+secret on each end of the connection, which provides TSIG\-style
+authentication for the command request and the name server\(aqs response.
+All commands sent over the channel must be signed by a key_id known to
+the server.
+.sp
+\fBrndc\fP reads a configuration file to determine how to contact the name
+server and decide what algorithm and key it should use.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+.B \fB\-4\fP
+This option indicates use of IPv4 only.
+.TP
+.B \fB\-6\fP
+This option indicates use of IPv6 only.
+.TP
+.B \fB\-b source\-address\fP
+This option indicates \fBsource\-address\fP as the source address for the connection to the
+server. Multiple instances are permitted, to allow setting of both the
+IPv4 and IPv6 source addresses.
+.TP
+.B \fB\-c config\-file\fP
+This option indicates \fBconfig\-file\fP as the configuration file instead of the default,
+\fB/etc/rndc.conf\fP\&.
+.TP
+.B \fB\-k key\-file\fP
+This option indicates \fBkey\-file\fP as the key file instead of the default,
+\fB/etc/rndc.key\fP\&. The key in \fB/etc/rndc.key\fP is used to
+authenticate commands sent to the server if the config\-file does not
+exist.
+.TP
+.B \fB\-s server\fP
+\fBserver\fP is the name or address of the server which matches a server
+statement in the configuration file for \fBrndc\fP\&. If no server is
+supplied on the command line, the host named by the default\-server
+clause in the options statement of the \fBrndc\fP configuration file
+is used.
+.TP
+.B \fB\-p port\fP
+This option instructs BIND 9 to send commands to TCP port \fBport\fP instead of its default control
+channel port, 953.
+.TP
+.B \fB\-q\fP
+This option sets quiet mode, where message text returned by the server is not printed
+unless there is an error.
+.TP
+.B \fB\-r\fP
+This option instructs \fBrndc\fP to print the result code returned by \fBnamed\fP
+after executing the requested command (e.g., ISC_R_SUCCESS,
+ISC_R_FAILURE, etc.).
+.TP
+.B \fB\-V\fP
+This option enables verbose logging.
+.TP
+.B \fB\-y key_id\fP
+This option indicates use of the key \fBkey_id\fP from the configuration file. For control message validation to succeed, \fBkey_id\fP must be known
+by \fBnamed\fP with the same algorithm and secret string. If no \fBkey_id\fP is specified,
+\fBrndc\fP first looks for a key clause in the server statement of
+the server being used, or if no server statement is present for that
+host, then in the default\-key clause of the options statement. Note that
+the configuration file contains shared secrets which are used to send
+authenticated control commands to name servers, and should therefore
+not have general read or write access.
+.UNINDENT
+.SH COMMANDS
+.sp
+A list of commands supported by \fBrndc\fP can be seen by running \fBrndc\fP
+without arguments.
+.sp
+Currently supported commands are:
+.INDENT 0.0
+.TP
+.B \fBaddzone\fP \fIzone\fP [\fIclass\fP [\fIview\fP]] \fIconfiguration\fP
+This command adds a zone while the server is running. This command requires the
+\fBallow\-new\-zones\fP option to be set to \fByes\fP\&. The configuration
+string specified on the command line is the zone configuration text
+that would ordinarily be placed in \fBnamed.conf\fP\&.
+.sp
+The configuration is saved in a file called \fBviewname.nzf\fP (or, if
+\fBnamed\fP is compiled with liblmdb, an LMDB database file called
+\fBviewname.nzd\fP). \fBviewname\fP is the name of the view, unless the view
+name contains characters that are incompatible with use as a file
+name, in which case a cryptographic hash of the view name is used
+instead. When \fBnamed\fP is restarted, the file is loaded into
+the view configuration so that zones that were added can persist
+after a restart.
+.sp
+This sample \fBaddzone\fP command adds the zone \fBexample.com\fP to
+the default view:
+.sp
+\fBrndc addzone example.com \(aq{ type master; file \(dqexample.com.db\(dq; };\(aq\fP
+.sp
+(Note the brackets around and semi\-colon after the zone configuration
+text.)
+.sp
+See also \fBrndc delzone\fP and \fBrndc modzone\fP\&.
+.TP
+\fBdelzone\fP [\fB\-clean\fP] \fIzone\fP [\fIclass\fP [\fIview\fP]]
+This command deletes a zone while the server is running.
+.sp
+If the \fB\-clean\fP argument is specified, the zone\(aqs master file (and
+journal file, if any) are deleted along with the zone. Without
+the \fB\-clean\fP option, zone files must be deleted manually. (If the
+zone is of type \fBsecondary\fP or \fBstub\fP, the files needing to be removed
+are reported in the output of the \fBrndc delzone\fP command.)
+.sp
+If the zone was originally added via \fBrndc addzone\fP, then it is
+removed permanently. However, if it was originally configured in
+\fBnamed.conf\fP, then that original configuration remains in place;
+when the server is restarted or reconfigured, the zone is
+recreated. To remove it permanently, it must also be removed from
+\fBnamed.conf\fP\&.
+.sp
+See also \fBrndc addzone\fP and \fBrndc modzone\fP\&.
+.TP
+\fBdnssec\fP ( \fB\-status\fP | \fB\-rollover\fP \fB\-key\fP id [\fB\-alg\fP \fIalgorithm\fP] [\fB\-when\fP \fItime\fP] | \fB\-checkds\fP [\fB\-key\fP \fIid\fP [\fB\-alg\fP \fIalgorithm\fP]] [\fB\-when\fP \fItime\fP] ( \fIpublished\fP | \fIwithdrawn\fP )) \fIzone\fP [\fIclass\fP [\fIview\fP]]
+This command allows you to interact with the \(dqdnssec\-policy\(dq of a given
+zone.
+.sp
+\fBrndc dnssec \-status\fP show the DNSSEC signing state for the specified
+zone.
+.sp
+\fBrndc dnssec \-rollover\fP allows you to schedule key rollover for a
+specific key (overriding the original key lifetime).
+.sp
+\fBrndc dnssec \-checkds\fP informs \fBnamed\fP that the DS for
+a specified zone\(aqs key\-signing key has been confirmed to be published
+in, or withdrawn from, the parent zone. This is required in order to
+complete a KSK rollover. The \fB\-key id\fP and \fB\-alg algorithm\fP arguments
+can be used to specify a particular KSK, if necessary; if there is only
+one key acting as a KSK for the zone, these arguments can be omitted.
+The time of publication or withdrawal for the DS is set to the current
+time by default, but can be overridden to a specific time with the
+argument \fB\-when time\fP, where \fBtime\fP is expressed in YYYYMMDDHHMMSS
+notation.
+.TP
+\fBdnstap\fP ( \fB\-reopen\fP | \fB\-roll\fP [\fInumber\fP] )
+This command closes and re\-opens DNSTAP output files.
+.sp
+\fBrndc dnstap \-reopen\fP allows
+the output file to be renamed externally, so that \fBnamed\fP can
+truncate and re\-open it.
+.sp
+\fBrndc dnstap \-roll\fP causes the output file
+to be rolled automatically, similar to log files. The most recent
+output file has \(dq.0\(dq appended to its name; the previous most recent
+output file is moved to \(dq.1\(dq, and so on. If \fBnumber\fP is specified, then
+the number of backup log files is limited to that number.
+.TP
+\fBdumpdb\fP [\fB\-all\fP | \fB\-cache\fP | \fB\-zones\fP | \fB\-adb\fP | \fB\-bad\fP | \fB\-expired\fP | \fB\-fail\fP] [\fIview ...\fP]
+This command dumps the server\(aqs caches (default) and/or zones to the dump file for
+the specified views. If no view is specified, all views are dumped.
+(See the \fBdump\-file\fP option in the BIND 9 Administrator Reference
+Manual.)
+.TP
+.B \fBflush\fP
+This command flushes the server\(aqs cache.
+.TP
+.B \fBflushname\fP \fIname\fP [\fIview\fP]
+This command flushes the given name from the view\(aqs DNS cache and, if applicable,
+from the view\(aqs nameserver address database, bad server cache, and
+SERVFAIL cache.
+.TP
+.B \fBflushtree\fP \fIname\fP [\fIview\fP]
+This command flushes the given name, and all of its subdomains, from the view\(aqs
+DNS cache, address database, bad server cache, and SERVFAIL cache.
+.TP
+.B \fBfreeze\fP [\fIzone\fP [\fIclass\fP [\fIview\fP]]]
+This command suspends updates to a dynamic zone. If no zone is specified, then all
+zones are suspended. This allows manual edits to be made to a zone
+normally updated by dynamic update, and causes changes in the
+journal file to be synced into the master file. All dynamic update
+attempts are refused while the zone is frozen.
+.sp
+See also \fBrndc thaw\fP\&.
+.TP
+\fBhalt\fP [\fB\-p\fP]
+This command stops the server immediately. Recent changes made through dynamic
+update or IXFR are not saved to the master files, but are rolled
+forward from the journal files when the server is restarted. If
+\fB\-p\fP is specified, \fBnamed\fP\(aqs process ID is returned. This allows
+an external process to determine when \fBnamed\fP has completed
+halting.
+.sp
+See also \fBrndc stop\fP\&.
+.TP
+.B \fBloadkeys\fP [\fIzone\fP [\fIclass\fP [\fIview\fP]]]
+This command fetches all DNSSEC keys for the given zone from the key directory. If
+they are within their publication period, they are merged into the
+zone\(aqs DNSKEY RRset. Unlike \fBrndc sign\fP, however, the zone is not
+immediately re\-signed by the new keys, but is allowed to
+incrementally re\-sign over time.
+.sp
+This command requires that the zone be configured with a \fBdnssec\-policy\fP, or
+that the \fBauto\-dnssec\fP zone option be set to \fBmaintain\fP, and also requires the
+zone to be configured to allow dynamic DNS. (See \(dqDynamic Update Policies\(dq in
+the Administrator Reference Manual for more details.)
+.TP
+.B \fBmanaged\-keys\fP (\fIstatus\fP | \fIrefresh\fP | \fIsync\fP | \fIdestroy\fP) [\fIclass\fP [\fIview\fP]]
+This command inspects and controls the \(dqmanaged\-keys\(dq database which handles
+\fI\%RFC 5011\fP DNSSEC trust anchor maintenance. If a view is specified, these
+commands are applied to that view; otherwise, they are applied to all
+views.
+.INDENT 7.0
+.IP \(bu 2
+When run with the \fBstatus\fP keyword, this prints the current status of
+the managed\-keys database.
+.IP \(bu 2
+When run with the \fBrefresh\fP keyword, this forces an immediate refresh
+query to be sent for all the managed keys, updating the
+managed\-keys database if any new keys are found, without waiting
+the normal refresh interval.
+.IP \(bu 2
+When run with the \fBsync\fP keyword, this forces an immediate dump of
+the managed\-keys database to disk (in the file
+\fBmanaged\-keys.bind\fP or (\fBviewname.mkeys\fP). This synchronizes
+the database with its journal file, so that the database\(aqs current
+contents can be inspected visually.
+.IP \(bu 2
+When run with the \fBdestroy\fP keyword, the managed\-keys database
+is shut down and deleted, and all key maintenance is terminated.
+This command should be used only with extreme caution.
+.sp
+Existing keys that are already trusted are not deleted from
+memory; DNSSEC validation can continue after this command is used.
+However, key maintenance operations cease until \fBnamed\fP is
+restarted or reconfigured, and all existing key maintenance states
+are deleted.
+.sp
+Running \fBrndc reconfig\fP or restarting \fBnamed\fP immediately
+after this command causes key maintenance to be reinitialized
+from scratch, just as if the server were being started for the
+first time. This is primarily intended for testing, but it may
+also be used, for example, to jumpstart the acquisition of new
+keys in the event of a trust anchor rollover, or as a brute\-force
+repair for key maintenance problems.
+.UNINDENT
+.TP
+.B \fBmodzone\fP \fIzone\fP [\fIclass\fP [\fIview\fP]] \fIconfiguration\fP
+This command modifies the configuration of a zone while the server is running. This
+command requires the \fBallow\-new\-zones\fP option to be set to \fByes\fP\&.
+As with \fBaddzone\fP, the configuration string specified on the
+command line is the zone configuration text that would ordinarily be
+placed in \fBnamed.conf\fP\&.
+.sp
+If the zone was originally added via \fBrndc addzone\fP, the
+configuration changes are recorded permanently and are still
+in effect after the server is restarted or reconfigured. However, if
+it was originally configured in \fBnamed.conf\fP, then that original
+configuration remains in place; when the server is restarted or
+reconfigured, the zone reverts to its original configuration. To
+make the changes permanent, it must also be modified in
+\fBnamed.conf\fP\&.
+.sp
+See also \fBrndc addzone\fP and \fBrndc delzone\fP\&.
+.TP
+.B \fBnotify\fP \fIzone\fP [\fIclass\fP [\fIview\fP]]
+This command resends NOTIFY messages for the zone.
+.TP
+.B \fBnotrace\fP
+This command sets the server\(aqs debugging level to 0.
+.sp
+See also \fBrndc trace\fP\&.
+.TP
+\fBnta\fP [( \fB\-class\fP \fIclass\fP | \fB\-dump\fP | \fB\-force\fP | \fB\-remove\fP | \fB\-lifetime\fP \fIduration\fP)] \fIdomain\fP [\fIview\fP]
+This command sets a DNSSEC negative trust anchor (NTA) for \fBdomain\fP, with a
+lifetime of \fBduration\fP\&. The default lifetime is configured in
+\fBnamed.conf\fP via the \fBnta\-lifetime\fP option, and defaults to one
+hour. The lifetime cannot exceed one week.
+.sp
+A negative trust anchor selectively disables DNSSEC validation for
+zones that are known to be failing because of misconfiguration rather
+than an attack. When data to be validated is at or below an active
+NTA (and above any other configured trust anchors), \fBnamed\fP
+aborts the DNSSEC validation process and treats the data as insecure
+rather than bogus. This continues until the NTA\(aqs lifetime has
+elapsed.
+.sp
+NTAs persist across restarts of the \fBnamed\fP server. The NTAs for a
+view are saved in a file called \fBname.nta\fP, where \fBname\fP is the name
+of the view; if it contains characters that are incompatible with
+use as a file name, a cryptographic hash is generated from the name of
+the view.
+.sp
+An existing NTA can be removed by using the \fB\-remove\fP option.
+.sp
+An NTA\(aqs lifetime can be specified with the \fB\-lifetime\fP option.
+TTL\-style suffixes can be used to specify the lifetime in seconds,
+minutes, or hours. If the specified NTA already exists, its lifetime
+is updated to the new value. Setting \fBlifetime\fP to zero is
+equivalent to \fB\-remove\fP\&.
+.sp
+If \fB\-dump\fP is used, any other arguments are ignored and a list
+of existing NTAs is printed. Note that this may include NTAs that are
+expired but have not yet been cleaned up.
+.sp
+Normally, \fBnamed\fP periodically tests to see whether data below
+an NTA can now be validated (see the \fBnta\-recheck\fP option in the
+Administrator Reference Manual for details). If data can be
+validated, then the NTA is regarded as no longer necessary and is
+allowed to expire early. The \fB\-force\fP parameter overrides this behavior
+and forces an NTA to persist for its entire lifetime, regardless of
+whether data could be validated if the NTA were not present.
+.sp
+The view class can be specified with \fB\-class\fP\&. The default is class
+\fBIN\fP, which is the only class for which DNSSEC is currently
+supported.
+.sp
+All of these options can be shortened, i.e., to \fB\-l\fP, \fB\-r\fP,
+\fB\-d\fP, \fB\-f\fP, and \fB\-c\fP\&.
+.sp
+Unrecognized options are treated as errors. To refer to a domain or
+view name that begins with a hyphen, use a double\-hyphen (\-\-) on the
+command line to indicate the end of options.
+.TP
+.B \fBquerylog\fP [(\fIon\fP | \fIoff\fP)]
+This command enables or disables query logging. For backward compatibility, this
+command can also be used without an argument to toggle query logging
+on and off.
+.sp
+Query logging can also be enabled by explicitly directing the
+\fBqueries\fP \fBcategory\fP to a \fBchannel\fP in the \fBlogging\fP section
+of \fBnamed.conf\fP, or by specifying \fBquerylog yes;\fP in the
+\fBoptions\fP section of \fBnamed.conf\fP\&.
+.TP
+.B \fBreconfig\fP
+This command reloads the configuration file and loads new zones, but does not reload
+existing zone files even if they have changed. This is faster than a
+full \fBreload\fP when there is a large number of zones, because it
+avoids the need to examine the modification times of the zone files.
+.TP
+.B \fBrecursing\fP
+This command dumps the list of queries \fBnamed\fP is currently
+recursing on, and the list of domains to which iterative queries
+are currently being sent.
+.sp
+The first list includes all unique clients that are waiting for
+recursion to complete, including the query that is awaiting a
+response and the timestamp (seconds since the Unix epoch) of
+when named started processing this client query.
+.sp
+The second list comprises of domains for which there are active
+(or recently active) fetches in progress. It reports the number
+of active fetches for each domain and the number of queries that
+have been passed (allowed) or dropped (spilled) as a result of
+the \fBfetches\-per\-zone\fP limit. (Note: these counters are not
+cumulative over time; whenever the number of active fetches for
+a domain drops to zero, the counter for that domain is deleted,
+and the next time a fetch is sent to that domain, it is recreated
+with the counters set to zero).
+.TP
+.B \fBrefresh\fP \fIzone\fP [\fIclass\fP [\fIview\fP]]
+This command schedules zone maintenance for the given zone.
+.TP
+.B \fBreload\fP
+This command reloads the configuration file and zones.
+.TP
+.B \fBreload\fP \fIzone\fP [\fIclass\fP [\fIview\fP]]
+This command reloads the given zone.
+.TP
+.B \fBretransfer\fP \fIzone\fP [\fIclass\fP [\fIview\fP]]
+This command retransfers the given secondary zone from the primary server.
+.sp
+If the zone is configured to use \fBinline\-signing\fP, the signed
+version of the zone is discarded; after the retransfer of the
+unsigned version is complete, the signed version is regenerated
+with new signatures.
+.TP
+.B \fBscan\fP
+This command scans the list of available network interfaces for changes, without
+performing a full \fBreconfig\fP or waiting for the
+\fBinterface\-interval\fP timer.
+.TP
+\fBsecroots\fP [\fB\-\fP] [\fIview\fP ...]
+This command dumps the security roots (i.e., trust anchors configured via
+\fBtrust\-anchors\fP, or the \fBmanaged\-keys\fP or \fBtrusted\-keys\fP statements
+[both deprecated], or \fBdnssec\-validation auto\fP) and negative trust anchors
+for the specified views. If no view is specified, all views are
+dumped. Security roots indicate whether they are configured as trusted
+keys, managed keys, or initializing managed keys (managed keys that have not
+yet been updated by a successful key refresh query).
+.sp
+If the first argument is \fB\-\fP, then the output is returned via the
+\fBrndc\fP response channel and printed to the standard output.
+Otherwise, it is written to the secroots dump file, which defaults to
+\fBnamed.secroots\fP, but can be overridden via the \fBsecroots\-file\fP
+option in \fBnamed.conf\fP\&.
+.sp
+See also \fBrndc managed\-keys\fP\&.
+.TP
+\fBserve\-stale\fP (\fBon\fP | \fBoff\fP | \fBreset\fP | \fBstatus\fP) [\fIclass\fP [\fIview\fP]]
+This command enables, disables, resets, or reports the current status of the serving
+of stale answers as configured in \fBnamed.conf\fP\&.
+.sp
+If serving of stale answers is disabled by \fBrndc\-serve\-stale off\fP,
+then it remains disabled even if \fBnamed\fP is reloaded or
+reconfigured. \fBrndc serve\-stale reset\fP restores the setting as
+configured in \fBnamed.conf\fP\&.
+.sp
+\fBrndc serve\-stale status\fP reports whether serving of stale
+answers is currently enabled, disabled by the configuration, or
+disabled by \fBrndc\fP\&. It also reports the values of
+\fBstale\-answer\-ttl\fP and \fBmax\-stale\-ttl\fP\&.
+.TP
+.B \fBshowzone\fP \fIzone\fP [\fIclass\fP [\fIview\fP]]
+This command prints the configuration of a running zone.
+.sp
+See also \fBrndc zonestatus\fP\&.
+.TP
+.B \fBsign\fP \fIzone\fP [\fIclass\fP [\fIview\fP]]
+This command fetches all DNSSEC keys for the given zone from the key directory (see
+the \fBkey\-directory\fP option in the BIND 9 Administrator Reference
+Manual). If they are within their publication period, they are merged into
+the zone\(aqs DNSKEY RRset. If the DNSKEY RRset is changed, then the
+zone is automatically re\-signed with the new key set.
+.sp
+This command requires that the zone be configured with a \fBdnssec\-policy\fP, or
+that the \fBauto\-dnssec\fP zone option be set to \fBallow\fP or \fBmaintain\fP,
+and also requires the zone to be configured to allow dynamic DNS. (See
+\(dqDynamic Update Policies\(dq in the BIND 9 Administrator Reference Manual for more
+details.)
+.sp
+See also \fBrndc loadkeys\fP\&.
+.TP
+\fBsigning\fP [(\fB\-list\fP | \fB\-clear\fP \fIkeyid/algorithm\fP | \fB\-clear\fP \fIall\fP | \fB\-nsec3param\fP ( \fIparameters\fP | none ) | \fB\-serial\fP \fIvalue\fP ) \fIzone\fP [\fIclass\fP [\fIview\fP]]
+This command lists, edits, or removes the DNSSEC signing\-state records for the
+specified zone. The status of ongoing DNSSEC operations, such as
+signing or generating NSEC3 chains, is stored in the zone in the form
+of DNS resource records of type \fBsig\-signing\-type\fP\&.
+\fBrndc signing \-list\fP converts these records into a human\-readable
+form, indicating which keys are currently signing or have finished
+signing the zone, and which NSEC3 chains are being created or
+removed.
+.sp
+\fBrndc signing \-clear\fP can remove a single key (specified in the
+same format that \fBrndc signing \-list\fP uses to display it), or all
+keys. In either case, only completed keys are removed; any record
+indicating that a key has not yet finished signing the zone is
+retained.
+.sp
+\fBrndc signing \-nsec3param\fP sets the NSEC3 parameters for a zone.
+This is the only supported mechanism for using NSEC3 with
+\fBinline\-signing\fP zones. Parameters are specified in the same format
+as an NSEC3PARAM resource record: \fBhash algorithm\fP, \fBflags\fP, \fBiterations\fP,
+and \fBsalt\fP, in that order.
+.sp
+Currently, the only defined value for \fBhash algorithm\fP is \fB1\fP,
+representing SHA\-1. The \fBflags\fP may be set to \fB0\fP or \fB1\fP,
+depending on whether the opt\-out bit in the NSEC3
+chain should be set. \fBiterations\fP defines the number of additional times to apply
+the algorithm when generating an NSEC3 hash. The \fBsalt\fP is a string
+of data expressed in hexadecimal, a hyphen (\fB\-\fP) if no salt is to be
+used, or the keyword \fBauto\fP, which causes \fBnamed\fP to generate a
+random 64\-bit salt.
+.sp
+The only recommended configuration is \fBrndc signing \-nsec3param 1 0 0 \- zone\fP,
+i.e. no salt, no additional iterations, no opt\-out.
+.sp
+\fBWARNING:\fP
+.INDENT 7.0
+.INDENT 3.5
+Do not use extra iterations, salt, or opt\-out unless all their implications
+are fully understood. A higher number of iterations causes interoperability
+problems and opens servers to CPU\-exhausting DoS attacks.
+.UNINDENT
+.UNINDENT
+.sp
+\fBrndc signing \-nsec3param none\fP removes an existing NSEC3 chain and
+replaces it with NSEC.
+.sp
+\fBrndc signing \-serial value\fP sets the serial number of the zone to
+\fBvalue\fP\&. If the value would cause the serial number to go backwards, it
+is rejected. The primary use of this parameter is to set the serial number on inline
+signed zones.
+.TP
+.B \fBstats\fP
+This command writes server statistics to the statistics file. (See the
+\fBstatistics\-file\fP option in the BIND 9 Administrator Reference
+Manual.)
+.TP
+.B \fBstatus\fP
+This command displays the status of the server. Note that the number of zones includes
+the internal \fBbind/CH\fP zone and the default \fB\&./IN\fP hint zone, if
+there is no explicit root zone configured.
+.TP
+\fBstop\fP \fB\-p\fP
+This command stops the server, making sure any recent changes made through dynamic
+update or IXFR are first saved to the master files of the updated
+zones. If \fB\-p\fP is specified, \fBnamed(8)\(ga\(aqs process ID is returned.
+This allows an external process to determine when \(ga\(ganamed\fP has
+completed stopping.
+.sp
+See also \fBrndc halt\fP\&.
+.TP
+\fBsync\fP \fB\-clean\fP [\fIzone\fP [\fIclass\fP [\fIview\fP]]]
+This command syncs changes in the journal file for a dynamic zone to the master
+file. If the \(dq\-clean\(dq option is specified, the journal file is also
+removed. If no zone is specified, then all zones are synced.
+.TP
+.B \fBtcp\-timeouts\fP [\fIinitial\fP \fIidle\fP \fIkeepalive\fP \fIadvertised\fP]
+When called without arguments, this command displays the current values of the
+\fBtcp\-initial\-timeout\fP, \fBtcp\-idle\-timeout\fP,
+\fBtcp\-keepalive\-timeout\fP, and \fBtcp\-advertised\-timeout\fP options.
+When called with arguments, these values are updated. This allows an
+administrator to make rapid adjustments when under a
+denial\-of\-service (DoS) attack. See the descriptions of these options in the BIND 9
+Administrator Reference Manual for details of their use.
+.TP
+.B \fBthaw\fP [\fIzone\fP [\fIclass\fP [\fIview\fP]]]
+This command enables updates to a frozen dynamic zone. If no zone is specified,
+then all frozen zones are enabled. This causes the server to reload
+the zone from disk, and re\-enables dynamic updates after the load has
+completed. After a zone is thawed, dynamic updates are no longer
+refused. If the zone has changed and the \fBixfr\-from\-differences\fP
+option is in use, the journal file is updated to reflect
+changes in the zone. Otherwise, if the zone has changed, any existing
+journal file is removed.
+.sp
+See also \fBrndc freeze\fP\&.
+.TP
+.B \fBtrace\fP
+This command increments the server\(aqs debugging level by one.
+.TP
+.B \fBtrace\fP \fIlevel\fP
+This command sets the server\(aqs debugging level to an explicit value.
+.sp
+See also \fBrndc notrace\fP\&.
+.TP
+.B \fBtsig\-delete\fP \fIkeyname\fP [\fIview\fP]
+This command deletes a given TKEY\-negotiated key from the server. This does not
+apply to statically configured TSIG keys.
+.TP
+.B \fBtsig\-list\fP
+This command lists the names of all TSIG keys currently configured for use by
+\fBnamed\fP in each view. The list includes both statically configured keys and
+dynamic TKEY\-negotiated keys.
+.TP
+\fBvalidation\fP (\fBon\fP | \fBoff\fP | \fBstatus\fP) [\fIview\fP ...]\(ga\(ga
+This command enables, disables, or checks the current status of DNSSEC validation. By
+default, validation is enabled.
+.sp
+The cache is flushed when validation is turned on or off to avoid using data
+that might differ between states.
+.TP
+.B \fBzonestatus\fP \fIzone\fP [\fIclass\fP [\fIview\fP]]
+This command displays the current status of the given zone, including the master
+file name and any include files from which it was loaded, when it was
+most recently loaded, the current serial number, the number of nodes,
+whether the zone supports dynamic updates, whether the zone is DNSSEC
+signed, whether it uses automatic DNSSEC key management or inline
+signing, and the scheduled refresh or expiry times for the zone.
+.sp
+See also \fBrndc showzone\fP\&.
+.UNINDENT
+.sp
+\fBrndc\fP commands that specify zone names, such as \fBreload\fP,
+\fBretransfer\fP, or \fBzonestatus\fP, can be ambiguous when applied to zones
+of type \fBredirect\fP\&. Redirect zones are always called \fB\&.\fP, and can be
+confused with zones of type \fBhint\fP or with secondary copies of the root
+zone. To specify a redirect zone, use the special zone name
+\fB\-redirect\fP, without a trailing period. (With a trailing period, this
+would specify a zone called \(dq\-redirect\(dq.)
+.SH LIMITATIONS
+.sp
+There is currently no way to provide the shared secret for a \fBkey_id\fP
+without using the configuration file.
+.sp
+Several error messages could be clearer.
+.SH SEE ALSO
+.sp
+\fBrndc.conf(5)\fP, \fBrndc\-confgen(8)\fP,
+\fBnamed(8)\fP, \fBnamed.conf(5)\fP, \fBndc(8)\fP, BIND 9 Administrator
+Reference Manual.
+.SH AUTHOR
+Internet Systems Consortium
+.SH COPYRIGHT
+2023, Internet Systems Consortium
+.\" Generated by docutils manpage writer.
+.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-11 19:06:40 +0000