Bind rndc what is

Using the rndc Utility. The rndc utility is a command-line tool that allows you to administer the named service, both locally and from a remote machine. Its usage is as follows:. Configuring the Utility. To prevent unauthorized access to the service, named must be configured to listen on the selected port that is, by default , and an identical key must be used by both the service and the rndc utility. Table The controls statement, shown in the following example, allows rndc to connect from the localhost.

This statement tells named to listen on the default TCP port of the loopback address and allow rndc commands coming from the localhost, if the proper key is given. The next example illustrates a sample key statement. A key with at least a bit length is a good idea. The controls statement, shown in the following example, allows rndc to connect from the localhost.

This statement tells named to listen on the default TCP port of the loopback address and allow rndc commands coming from the localhost, if the proper key is given. The next example illustrates a sample key statement.

A key with at least a bit length is a good idea. This command requires that the auto-dnssec zone option be set to allow or maintain , and also requires the zone to be configured to allow dynamic DNS. In either case, only completed keys are removed; any record indicating that a key has not yet finished signing the zone will be retained.

This is the only supported mechanism for using NSEC3 with inline-signing zones. Currently, the only defined value for hash algorithm is 1 , representing SHA The flags may be set to 0 or 1 , depending on whether you wish to set the opt-out bit in the NSEC3 chain.

To set the opt-out flag, 15 iterations, and no salt, use: rndc signing -nsec3param 1 1 15 - zone. If the value would cause the serial number to go backwards it will be rejected.

The primary use is to set the serial on inline signed zones. Write server statistics to the statistics file. Display status of the server. Stop the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files of the updated zones.

This allows an external process to determine when named had completed stopping. Sync changes in the journal file for a dynamic zone to the master file. If the "-clean" option is specified, the journal file is also removed. If no zone is specified, then all zones are synced.

Enable updates to a frozen dynamic zone. If no zone is specified, then all frozen zones are enabled. This causes the server to reload the zone from disk, and re-enables dynamic updates after the load has completed.

After a zone is thawed, dynamic updates will no longer be refused. If the zone has changed and the ixfr-from-differences option is in use, then the journal file will be updated to reflect changes in the zone.

Otherwise, if the zone has changed, any existing journal file will be removed. Delete a given TKEY-negotiated key from the server. This does not apply to statically configured TSIG keys. List the names of all TSIG keys currently configured for use by named in each view. The list includes both statically configured keys and dynamic TKEY-negotiated keys.

Note dnssec-enable also needs to be set to yes or auto to be effective. It defaults to enabled. Displays the current status of the given zone, including the master file name and any include files from which it was loaded, when it was most recently loaded, the current serial number, the number of nodes, whether the zone supports dynamic updates, whether the zone is DNSSEC signed, whether it uses automatic DNSSEC key management or inline signing, and the scheduled refresh or expiry times for the zone.

BIND 9. Name rndc — name server control utility.