.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc.8,v 1.24.2.9 2007/05/09 03:32:21 marka Exp $
+.\" $Id: rndc.8,v 1.24.2.10 2007/05/31 23:28:40 marka Exp $
.\"
.hy 0
.ad l
communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of
\fBrndc\fR
and
-\fBnamed\fR
-named the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
+\fBnamed\fR, the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
.PP
\fBrndc\fR
reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use.
Enable verbose logging.
.RE
.PP
-\-y \fIkeyid\fR
+\-y \fIkey_id\fR
.RS 4
Use the key
-\fIkeyid\fR
+\fIkey_id\fR
from the configuration file.
-\fIkeyid\fR
+\fIkey_id\fR
must be known by named with the same algorithm and secret string in order for control message validation to succeed. If no
-\fIkeyid\fR
+\fIkey_id\fR
is specified,
\fBrndc\fR
will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access.
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.html,v 1.7.2.17 2007/05/09 03:32:21 marka Exp $ -->
+<!-- $Id: rndc.html,v 1.7.2.18 2007/05/31 23:28:40 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<span><strong class="command">rndc</strong></span> communicates with the name server
over a TCP connection, sending commands authenticated with
digital signatures. In the current versions of
- <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span> named
+ <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
the only supported authentication algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection.
This provides TSIG-style authentication for the command
<dd><p>
Enable verbose logging.
</p></dd>
-<dt><span class="term">-y <em class="replaceable"><code>keyid</code></em></span></dt>
+<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
<dd><p>
- Use the key <em class="replaceable"><code>keyid</code></em>
+ Use the key <em class="replaceable"><code>key_id</code></em>
from the configuration file.
- <em class="replaceable"><code>keyid</code></em> must be
+ <em class="replaceable"><code>key_id</code></em> must be
known by named with the same algorithm and secret string
in order for control message validation to succeed.
- If no <em class="replaceable"><code>keyid</code></em>
+ If no <em class="replaceable"><code>key_id</code></em>
is specified, <span><strong class="command">rndc</strong></span> will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
projects / thirdparty / bind9.git / commitdiff
