summaryrefslogtreecommitdiffstats
path: root/doc/man/rndc.8in
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man/rndc.8in')
-rw-r--r--doc/man/rndc.8in727
1 files changed, 727 insertions, 0 deletions
diff --git a/doc/man/rndc.8in b/doc/man/rndc.8in
new file mode 100644
index 0000000..7361778
--- /dev/null
+++ b/doc/man/rndc.8in
@@ -0,0 +1,727 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "RNDC" "8" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
+.SH NAME
+rndc \- name server control utility
+.SH SYNOPSIS
+.sp
+\fBrndc\fP [\fB\-b\fP source\-address] [\fB\-c\fP config\-file] [\fB\-k\fP key\-file] [\fB\-s\fP server] [\fB\-p\fP port] [\fB\-q\fP] [\fB\-r\fP] [\fB\-V\fP] [\fB\-y\fP server_key] [[\fB\-4\fP] | [\fB\-6\fP]] {command}
+.SH DESCRIPTION
+.sp
+\fBrndc\fP controls the operation of a name server. If \fBrndc\fP is
+invoked with no command line options or arguments, it prints a short
+summary of the supported commands and the available options and their
+arguments.
+.sp
+\fBrndc\fP communicates with the name server over a TCP connection,
+sending commands authenticated with digital signatures. In the current
+versions of \fBrndc\fP and \fI\%named\fP, the only supported authentication
+algorithms are HMAC\-MD5 (for compatibility), HMAC\-SHA1, HMAC\-SHA224,
+HMAC\-SHA256 (default), HMAC\-SHA384, and HMAC\-SHA512. They use a shared
+secret on each end of the connection, which provides TSIG\-style
+authentication for the command request and the name server\(aqs response.
+All commands sent over the channel must be signed by a server_key known to
+the server.
+.sp
+\fBrndc\fP reads a configuration file to determine how to contact the name
+server and decide what algorithm and key it should use.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+.B \-4
+This option indicates use of IPv4 only.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-6
+This option indicates use of IPv6 only.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-b source\-address
+This option indicates \fBsource\-address\fP as the source address for the connection to the
+server. Multiple instances are permitted, to allow setting of both the
+IPv4 and IPv6 source addresses.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-c config\-file
+This option indicates \fBconfig\-file\fP as the configuration file instead of the default,
+\fB@sysconfdir@/rndc.conf\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-k key\-file
+This option indicates \fBkey\-file\fP as the key file instead of the default,
+\fB@sysconfdir@/rndc.key\fP\&. The key in \fB@sysconfdir@/rndc.key\fP is used to
+authenticate commands sent to the server if the config\-file does not
+exist.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-s server
+\fBserver\fP is the name or address of the server which matches a server
+statement in the configuration file for \fBrndc\fP\&. If no server is
+supplied on the command line, the host named by the default\-server
+clause in the options statement of the \fBrndc\fP configuration file
+is used.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-p port
+This option instructs BIND 9 to send commands to TCP port \fBport\fP instead of its default control
+channel port, 953.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-q
+This option sets quiet mode, where message text returned by the server is not printed
+unless there is an error.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-r
+This option instructs \fBrndc\fP to print the result code returned by \fI\%named\fP
+after executing the requested command (e.g., ISC_R_SUCCESS,
+ISC_R_FAILURE, etc.).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-V
+This option enables verbose logging.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-y server_key
+This option indicates use of the key \fBserver_key\fP from the configuration file. For control message validation to succeed, \fBserver_key\fP must be known
+by \fI\%named\fP with the same algorithm and secret string. If no \fBserver_key\fP is specified,
+\fBrndc\fP first looks for a key clause in the server statement of
+the server being used, or if no server statement is present for that
+host, then in the default\-key clause of the options statement. Note that
+the configuration file contains shared secrets which are used to send
+authenticated control commands to name servers, and should therefore
+not have general read or write access.
+.UNINDENT
+.SH COMMANDS
+.sp
+A list of commands supported by \fBrndc\fP can be seen by running \fBrndc\fP
+without arguments.
+.sp
+Currently supported commands are:
+.INDENT 0.0
+.TP
+.B addzone zone [class [view]] configuration
+This command adds a zone while the server is running. This command requires the
+\fBallow\-new\-zones\fP option to be set to \fByes\fP\&. The configuration
+string specified on the command line is the zone configuration text
+that would ordinarily be placed in \fI\%named.conf\fP\&.
+.sp
+The configuration is saved in a file called \fBviewname.nzf\fP (or, if
+\fI\%named\fP is compiled with liblmdb, an LMDB database file called
+\fBviewname.nzd\fP). \fBviewname\fP is the name of the view, unless the view
+name contains characters that are incompatible with use as a file
+name, in which case a cryptographic hash of the view name is used
+instead. When \fI\%named\fP is restarted, the file is loaded into
+the view configuration so that zones that were added can persist
+after a restart.
+.sp
+This sample \fBaddzone\fP command adds the zone \fBexample.com\fP to
+the default view:
+.sp
+\fBrndc addzone example.com \(aq{ type primary; file \(dqexample.com.db\(dq; };\(aq\fP
+.sp
+(Note the brackets around and semi\-colon after the zone configuration
+text.)
+.sp
+See also \fI\%rndc delzone\fP and \fI\%rndc modzone\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B delzone [\-clean] zone [class [view]]
+This command deletes a zone while the server is running.
+.sp
+If the \fB\-clean\fP argument is specified, the zone\(aqs master file (and
+journal file, if any) are deleted along with the zone. Without
+the \fB\-clean\fP option, zone files must be deleted manually. (If the
+zone is of type \fBsecondary\fP or \fBstub\fP, the files needing to be removed
+are reported in the output of the \fBrndc delzone\fP command.)
+.sp
+If the zone was originally added via \fBrndc addzone\fP, then it is
+removed permanently. However, if it was originally configured in
+\fI\%named.conf\fP, then that original configuration remains in place;
+when the server is restarted or reconfigured, the zone is
+recreated. To remove it permanently, it must also be removed from
+\fI\%named.conf\fP\&.
+.sp
+See also \fI\%rndc addzone\fP and \fI\%rndc modzone\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnssec (\-status | \-rollover \-key id [\-alg algorithm] [\-when time] | \-checkds [\-key id [\-alg algorithm]] [\-when time] published | withdrawn)) zone [class [view]]
+This command allows you to interact with the \(dqdnssec\-policy\(dq of a given
+zone.
+.sp
+\fBrndc dnssec \-status\fP show the DNSSEC signing state for the specified
+zone.
+.sp
+\fBrndc dnssec \-rollover\fP allows you to schedule key rollover for a
+specific key (overriding the original key lifetime).
+.sp
+\fBrndc dnssec \-checkds\fP informs \fI\%named\fP that the DS for
+a specified zone\(aqs key\-signing key has been confirmed to be published
+in, or withdrawn from, the parent zone. This is required in order to
+complete a KSK rollover. The \fB\-key id\fP and \fB\-alg algorithm\fP arguments
+can be used to specify a particular KSK, if necessary; if there is only
+one key acting as a KSK for the zone, these arguments can be omitted.
+The time of publication or withdrawal for the DS is set to the current
+time by default, but can be overridden to a specific time with the
+argument \fB\-when time\fP, where \fBtime\fP is expressed in YYYYMMDDHHMMSS
+notation.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap (\-reopen | \-roll [number])
+This command closes and re\-opens DNSTAP output files.
+.sp
+\fBrndc dnstap \-reopen\fP allows
+the output file to be renamed externally, so that \fI\%named\fP can
+truncate and re\-open it.
+.sp
+\fBrndc dnstap \-roll\fP causes the output file
+to be rolled automatically, similar to log files. The most recent
+output file has \(dq.0\(dq appended to its name; the previous most recent
+output file is moved to \(dq.1\(dq, and so on. If \fBnumber\fP is specified, then
+the number of backup log files is limited to that number.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dumpdb [\-all | \-cache | \-zones | \-adb | \-bad | \-expired | \-fail] [view ...]
+This command dumps the server\(aqs caches (default) and/or zones to the dump file for
+the specified views. If no view is specified, all views are dumped.
+(See the \fBdump\-file\fP option in the BIND 9 Administrator Reference
+Manual.)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flush
+This command flushes the server\(aqs cache.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flushname name [view]
+This command flushes the given name from the view\(aqs DNS cache and, if applicable,
+from the view\(aqs nameserver address database, bad server cache, and
+SERVFAIL cache.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flushtree name [view]
+This command flushes the given name, and all of its subdomains, from the view\(aqs
+DNS cache, address database, bad server cache, and SERVFAIL cache.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B freeze [zone [class [view]]]
+This command suspends updates to a dynamic zone. If no zone is specified, then all
+zones are suspended. This allows manual edits to be made to a zone
+normally updated by dynamic update, and causes changes in the
+journal file to be synced into the master file. All dynamic update
+attempts are refused while the zone is frozen.
+.sp
+See also \fI\%rndc thaw\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B halt [\-p]
+This command stops the server immediately. Recent changes made through dynamic
+update or IXFR are not saved to the master files, but are rolled
+forward from the journal files when the server is restarted. If
+\fB\-p\fP is specified, \fI\%named\fP\(aqs process ID is returned. This allows
+an external process to determine when \fI\%named\fP has completed
+halting.
+.sp
+See also \fI\%rndc stop\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B loadkeys [zone [class [view]]]
+This command fetches all DNSSEC keys for the given zone from the key directory. If
+they are within their publication period, they are merged into the
+zone\(aqs DNSKEY RRset. Unlike \fI\%rndc sign\fP, however, the zone is not
+immediately re\-signed by the new keys, but is allowed to
+incrementally re\-sign over time.
+.sp
+This command requires that the zone be configured with a \fBdnssec\-policy\fP, or
+that the \fBauto\-dnssec\fP zone option be set to \fBmaintain\fP, and also requires the
+zone to be configured to allow dynamic DNS. (See \(dqDynamic Update Policies\(dq in
+the Administrator Reference Manual for more details.)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B managed\-keys (status | refresh | sync | destroy) [class [view]]
+This command inspects and controls the \(dqmanaged\-keys\(dq database which handles
+\fI\%RFC 5011\fP DNSSEC trust anchor maintenance. If a view is specified, these
+commands are applied to that view; otherwise, they are applied to all
+views.
+.INDENT 7.0
+.IP \(bu 2
+When run with the \fBstatus\fP keyword, this prints the current status of
+the managed\-keys database.
+.IP \(bu 2
+When run with the \fBrefresh\fP keyword, this forces an immediate refresh
+query to be sent for all the managed keys, updating the
+managed\-keys database if any new keys are found, without waiting
+the normal refresh interval.
+.IP \(bu 2
+When run with the \fBsync\fP keyword, this forces an immediate dump of
+the managed\-keys database to disk (in the file
+\fBmanaged\-keys.bind\fP or (\fBviewname.mkeys\fP). This synchronizes
+the database with its journal file, so that the database\(aqs current
+contents can be inspected visually.
+.IP \(bu 2
+When run with the \fBdestroy\fP keyword, the managed\-keys database
+is shut down and deleted, and all key maintenance is terminated.
+This command should be used only with extreme caution.
+.sp
+Existing keys that are already trusted are not deleted from
+memory; DNSSEC validation can continue after this command is used.
+However, key maintenance operations cease until \fI\%named\fP is
+restarted or reconfigured, and all existing key maintenance states
+are deleted.
+.sp
+Running \fI\%rndc reconfig\fP or restarting \fI\%named\fP immediately
+after this command causes key maintenance to be reinitialized
+from scratch, just as if the server were being started for the
+first time. This is primarily intended for testing, but it may
+also be used, for example, to jumpstart the acquisition of new
+keys in the event of a trust anchor rollover, or as a brute\-force
+repair for key maintenance problems.
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B modzone zone [class [view]] configuration
+This command modifies the configuration of a zone while the server is running. This
+command requires the \fBallow\-new\-zones\fP option to be set to \fByes\fP\&.
+As with \fBaddzone\fP, the configuration string specified on the
+command line is the zone configuration text that would ordinarily be
+placed in \fI\%named.conf\fP\&.
+.sp
+If the zone was originally added via \fI\%rndc addzone\fP, the
+configuration changes are recorded permanently and are still
+in effect after the server is restarted or reconfigured. However, if
+it was originally configured in \fI\%named.conf\fP, then that original
+configuration remains in place; when the server is restarted or
+reconfigured, the zone reverts to its original configuration. To
+make the changes permanent, it must also be modified in
+\fI\%named.conf\fP\&.
+.sp
+See also \fI\%rndc addzone\fP and \fI\%rndc delzone\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B notify zone [class [view]]
+This command resends NOTIFY messages for the zone.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B notrace
+This command sets the server\(aqs debugging level to 0.
+.sp
+See also \fI\%rndc trace\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B nta [(\-class class | \-dump | \-force | \-remove | \-lifetime duration)] domain [view]
+This command sets a DNSSEC negative trust anchor (NTA) for \fBdomain\fP, with a
+lifetime of \fBduration\fP\&. The default lifetime is configured in
+\fI\%named.conf\fP via the \fBnta\-lifetime\fP option, and defaults to one
+hour. The lifetime cannot exceed one week.
+.sp
+A negative trust anchor selectively disables DNSSEC validation for
+zones that are known to be failing because of misconfiguration rather
+than an attack. When data to be validated is at or below an active
+NTA (and above any other configured trust anchors), \fI\%named\fP
+aborts the DNSSEC validation process and treats the data as insecure
+rather than bogus. This continues until the NTA\(aqs lifetime has
+elapsed.
+.sp
+NTAs persist across restarts of the \fI\%named\fP server. The NTAs for a
+view are saved in a file called \fBname.nta\fP, where \fBname\fP is the name
+of the view; if it contains characters that are incompatible with
+use as a file name, a cryptographic hash is generated from the name of
+the view.
+.sp
+An existing NTA can be removed by using the \fB\-remove\fP option.
+.sp
+An NTA\(aqs lifetime can be specified with the \fB\-lifetime\fP option.
+TTL\-style suffixes can be used to specify the lifetime in seconds,
+minutes, or hours. If the specified NTA already exists, its lifetime
+is updated to the new value. Setting \fBlifetime\fP to zero is
+equivalent to \fB\-remove\fP\&.
+.sp
+If \fB\-dump\fP is used, any other arguments are ignored and a list
+of existing NTAs is printed. Note that this may include NTAs that are
+expired but have not yet been cleaned up.
+.sp
+Normally, \fI\%named\fP periodically tests to see whether data below
+an NTA can now be validated (see the \fBnta\-recheck\fP option in the
+Administrator Reference Manual for details). If data can be
+validated, then the NTA is regarded as no longer necessary and is
+allowed to expire early. The \fB\-force\fP parameter overrides this behavior
+and forces an NTA to persist for its entire lifetime, regardless of
+whether data could be validated if the NTA were not present.
+.sp
+The view class can be specified with \fB\-class\fP\&. The default is class
+\fBIN\fP, which is the only class for which DNSSEC is currently
+supported.
+.sp
+All of these options can be shortened, i.e., to \fB\-l\fP, \fB\-r\fP,
+\fB\-d\fP, \fB\-f\fP, and \fB\-c\fP\&.
+.sp
+Unrecognized options are treated as errors. To refer to a domain or
+view name that begins with a hyphen, use a double\-hyphen (\-\-) on the
+command line to indicate the end of options.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B querylog [(on | off)]
+This command enables or disables query logging. For backward compatibility, this
+command can also be used without an argument to toggle query logging
+on and off.
+.sp
+Query logging can also be enabled by explicitly directing the
+\fBqueries\fP \fBcategory\fP to a \fBchannel\fP in the \fBlogging\fP section
+of \fI\%named.conf\fP, or by specifying \fBquerylog yes;\fP in the
+\fBoptions\fP section of \fI\%named.conf\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B reconfig
+This command reloads the configuration file and loads new zones, but does not reload
+existing zone files even if they have changed. This is faster than a
+full \fI\%rndc reload\fP when there is a large number of zones, because it
+avoids the need to examine the modification times of the zone files.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B recursing
+This command dumps the list of queries \fI\%named\fP is currently
+recursing on, and the list of domains to which iterative queries
+are currently being sent.
+.sp
+The first list includes all unique clients that are waiting for
+recursion to complete, including the query that is awaiting a
+response and the timestamp (seconds since the Unix epoch) of
+when named started processing this client query.
+.sp
+The second list comprises of domains for which there are active
+(or recently active) fetches in progress. It reports the number
+of active fetches for each domain and the number of queries that
+have been passed (allowed) or dropped (spilled) as a result of
+the \fBfetches\-per\-zone\fP limit. (Note: these counters are not
+cumulative over time; whenever the number of active fetches for
+a domain drops to zero, the counter for that domain is deleted,
+and the next time a fetch is sent to that domain, it is recreated
+with the counters set to zero).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B refresh zone [class [view]]
+This command schedules zone maintenance for the given zone.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B reload
+This command reloads the configuration file and zones.
+.INDENT 7.0
+.TP
+.B zone [class [view]]
+.UNINDENT
+.sp
+If a zone is specified, this command reloads only the given zone.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B retransfer zone [class [view]]
+This command retransfers the given secondary zone from the primary server.
+.sp
+If the zone is configured to use \fBinline\-signing\fP, the signed
+version of the zone is discarded; after the retransfer of the
+unsigned version is complete, the signed version is regenerated
+with new signatures.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B scan
+This command scans the list of available network interfaces for changes, without
+performing a full \fI\%rndc reconfig\fP or waiting for the
+\fBinterface\-interval\fP timer.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B secroots [\-] [view ...]
+This command dumps the security roots (i.e., trust anchors configured via
+\fBtrust\-anchors\fP, or the \fBmanaged\-keys\fP or \fBtrusted\-keys\fP statements
+[both deprecated], or \fBdnssec\-validation auto\fP) and negative trust anchors
+for the specified views. If no view is specified, all views are
+dumped. Security roots indicate whether they are configured as trusted
+keys, managed keys, or initializing managed keys (managed keys that have not
+yet been updated by a successful key refresh query).
+.sp
+If the first argument is \fB\-\fP, then the output is returned via the
+\fBrndc\fP response channel and printed to the standard output.
+Otherwise, it is written to the secroots dump file, which defaults to
+\fBnamed.secroots\fP, but can be overridden via the \fBsecroots\-file\fP
+option in \fI\%named.conf\fP\&.
+.sp
+See also \fI\%rndc managed\-keys\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B serve\-stale (on | off | reset | status) [class [view]]
+This command enables, disables, resets, or reports the current status of
+the serving of stale answers as configured in \fI\%named.conf\fP\&.
+.sp
+If serving of stale answers is disabled by \fBrndc\-serve\-stale off\fP, then it
+remains disabled even if \fI\%named\fP is reloaded or reconfigured. \fBrndc
+serve\-stale reset\fP restores the setting as configured in \fI\%named.conf\fP\&.
+.sp
+\fBrndc serve\-stale status\fP reports whether caching and serving of stale
+answers is currently enabled or disabled. It also reports the values of
+\fBstale\-answer\-ttl\fP and \fBmax\-stale\-ttl\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B showzone zone [class [view]]
+This command prints the configuration of a running zone.
+.sp
+See also \fI\%rndc zonestatus\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B sign zone [class [view]]
+This command fetches all DNSSEC keys for the given zone from the key directory (see
+the \fBkey\-directory\fP option in the BIND 9 Administrator Reference
+Manual). If they are within their publication period, they are merged into
+the zone\(aqs DNSKEY RRset. If the DNSKEY RRset is changed, then the
+zone is automatically re\-signed with the new key set.
+.sp
+This command requires that the zone be configured with a \fBdnssec\-policy\fP, or
+that the \fBauto\-dnssec\fP zone option be set to \fBallow\fP or \fBmaintain\fP,
+and also requires the zone to be configured to allow dynamic DNS. (See
+\(dqDynamic Update Policies\(dq in the BIND 9 Administrator Reference Manual for more
+details.)
+.sp
+See also \fI\%rndc loadkeys\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B signing [(\-list | \-clear keyid/algorithm | \-clear all | \-nsec3param (parameters | none) | \-serial value) zone [class [view]]
+This command lists, edits, or removes the DNSSEC signing\-state records for the
+specified zone. The status of ongoing DNSSEC operations, such as
+signing or generating NSEC3 chains, is stored in the zone in the form
+of DNS resource records of type \fBsig\-signing\-type\fP\&.
+\fBrndc signing \-list\fP converts these records into a human\-readable
+form, indicating which keys are currently signing or have finished
+signing the zone, and which NSEC3 chains are being created or
+removed.
+.sp
+\fBrndc signing \-clear\fP can remove a single key (specified in the
+same format that \fBrndc signing \-list\fP uses to display it), or all
+keys. In either case, only completed keys are removed; any record
+indicating that a key has not yet finished signing the zone is
+retained.
+.sp
+\fBrndc signing \-nsec3param\fP sets the NSEC3 parameters for a zone.
+This is the only supported mechanism for using NSEC3 with
+\fBinline\-signing\fP zones. Parameters are specified in the same format
+as an NSEC3PARAM resource record: \fBhash algorithm\fP, \fBflags\fP, \fBiterations\fP,
+and \fBsalt\fP, in that order.
+.sp
+Currently, the only defined value for \fBhash algorithm\fP is \fB1\fP,
+representing SHA\-1. The \fBflags\fP may be set to \fB0\fP or \fB1\fP,
+depending on whether the opt\-out bit in the NSEC3
+chain should be set. \fBiterations\fP defines the number of additional times to apply
+the algorithm when generating an NSEC3 hash. The \fBsalt\fP is a string
+of data expressed in hexadecimal, a hyphen (\fB\-\fP) if no salt is to be
+used, or the keyword \fBauto\fP, which causes \fI\%named\fP to generate a
+random 64\-bit salt.
+.sp
+The only recommended configuration is \fBrndc signing \-nsec3param 1 0 0 \- zone\fP,
+i.e. no salt, no additional iterations, no opt\-out.
+.sp
+\fBWARNING:\fP
+.INDENT 7.0
+.INDENT 3.5
+Do not use extra iterations, salt, or opt\-out unless all their implications
+are fully understood. A higher number of iterations causes interoperability
+problems and opens servers to CPU\-exhausting DoS attacks.
+.UNINDENT
+.UNINDENT
+.sp
+\fBrndc signing \-nsec3param none\fP removes an existing NSEC3 chain and
+replaces it with NSEC.
+.sp
+\fBrndc signing \-serial value\fP sets the serial number of the zone to
+\fBvalue\fP\&. If the value would cause the serial number to go backwards, it
+is rejected. The primary use of this parameter is to set the serial number on inline
+signed zones.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stats
+This command writes server statistics to the statistics file. (See the
+\fBstatistics\-file\fP option in the BIND 9 Administrator Reference
+Manual.)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B status
+This command displays the status of the server. Note that the number of zones includes
+the internal \fBbind/CH\fP zone and the default \fB\&./IN\fP hint zone, if
+there is no explicit root zone configured.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stop \-p
+This command stops the server, making sure any recent changes made through dynamic
+update or IXFR are first saved to the master files of the updated
+zones. If \fB\-p\fP is specified, \fI\%named\fP\(aqs process ID is returned.
+This allows an external process to determine when \fI\%named\fP has
+completed stopping.
+.sp
+See also \fI\%rndc halt\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B sync \-clean [zone [class [view]]]
+This command syncs changes in the journal file for a dynamic zone to the master
+file. If the \(dq\-clean\(dq option is specified, the journal file is also
+removed. If no zone is specified, then all zones are synced.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tcp\-timeouts [initial idle keepalive advertised]
+When called without arguments, this command displays the current values of the
+\fBtcp\-initial\-timeout\fP, \fBtcp\-idle\-timeout\fP,
+\fBtcp\-keepalive\-timeout\fP, and \fBtcp\-advertised\-timeout\fP options.
+When called with arguments, these values are updated. This allows an
+administrator to make rapid adjustments when under a
+denial\-of\-service (DoS) attack. See the descriptions of these options in the BIND 9
+Administrator Reference Manual for details of their use.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B thaw [zone [class [view]]]
+This command enables updates to a frozen dynamic zone. If no zone is specified,
+then all frozen zones are enabled. This causes the server to reload
+the zone from disk, and re\-enables dynamic updates after the load has
+completed. After a zone is thawed, dynamic updates are no longer
+refused. If the zone has changed and the \fBixfr\-from\-differences\fP
+option is in use, the journal file is updated to reflect
+changes in the zone. Otherwise, if the zone has changed, any existing
+journal file is removed.
+.sp
+See also \fI\%rndc freeze\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B trace [level]
+If no level is specified, this command increments the server\(aqs debugging
+level by one.
+.INDENT 7.0
+.TP
+.B level
+If specified, this command sets the server\(aqs debugging level to the
+provided value.
+.UNINDENT
+.sp
+See also \fI\%rndc notrace\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tsig\-delete keyname [view]
+This command deletes a given TKEY\-negotiated key from the server. This does not
+apply to statically configured TSIG keys.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tsig\-list
+This command lists the names of all TSIG keys currently configured for use by
+\fI\%named\fP in each view. The list includes both statically configured keys and
+dynamic TKEY\-negotiated keys.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B validation (on | off | status) [view ...]
+This command enables, disables, or checks the current status of DNSSEC validation. By
+default, validation is enabled.
+.sp
+The cache is flushed when validation is turned on or off to avoid using data
+that might differ between states.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B zonestatus zone [class [view]]
+This command displays the current status of the given zone, including the master
+file name and any include files from which it was loaded, when it was
+most recently loaded, the current serial number, the number of nodes,
+whether the zone supports dynamic updates, whether the zone is DNSSEC
+signed, whether it uses automatic DNSSEC key management or inline
+signing, and the scheduled refresh or expiry times for the zone.
+.sp
+See also \fI\%rndc showzone\fP\&.
+.UNINDENT
+.sp
+\fBrndc\fP commands that specify zone names, such as \fI\%reload\fP
+\fI\%retransfer\fP, or \fI\%zonestatus\fP, can be ambiguous when applied to zones
+of type \fBredirect\fP\&. Redirect zones are always called \fB\&.\fP, and can be
+confused with zones of type \fBhint\fP or with secondary copies of the root
+zone. To specify a redirect zone, use the special zone name
+\fB\-redirect\fP, without a trailing period. (With a trailing period, this
+would specify a zone called \(dq\-redirect\(dq.)
+.SH LIMITATIONS
+.sp
+There is currently no way to provide the shared secret for a \fBserver_key\fP
+without using the configuration file.
+.sp
+Several error messages could be clearer.
+.SH SEE ALSO
+.sp
+\fI\%rndc.conf(5)\fP, \fI\%rndc\-confgen(8)\fP,
+\fI\%named(8)\fP, \fI\%named.conf(5)\fP, BIND 9 Administrator
+Reference Manual.
+.SH AUTHOR
+Internet Systems Consortium
+.SH COPYRIGHT
+2023, Internet Systems Consortium
+.\" Generated by docutils manpage writer.
+.