File: //proc/self/root/usr/share/doc/bind9-doc/arm/chapter4.html
<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="./">
<head>
<meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>4. Name Server Operations — BIND 9 9.18.39-0ubuntu0.24.04.2-Ubuntu documentation</title>
<link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
<link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=86f27845" />
<link rel="stylesheet" type="text/css" href="_static/custom.css?v=9ab34431" />
<script src="_static/jquery.js?v=8dae8fb0"></script>
<script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="_static/documentation_options.js?v=9d4ae9d2"></script>
<script src="_static/doctools.js?v=888ff710"></script>
<script src="_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="_static/js/theme.js"></script>
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="5. DNSSEC" href="chapter5.html" />
<link rel="prev" title="3. Configurations and Zone Files" href="chapter3.html" />
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" >
<a href="index.html" class="icon icon-home">
BIND 9
</a>
<div class="version">
9.18.39-0ubuntu0.24.04.2-Ubuntu
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="search.html" method="get">
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="chapter1.html">1. Introduction to DNS and BIND 9</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter2.html">2. Resource Requirements</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter3.html">3. Configurations and Zone Files</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">4. Name Server Operations</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#tools-for-use-with-the-name-server-daemon">4.1. Tools for Use With the Name Server Daemon</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#diagnostic-tools">4.1.1. Diagnostic Tools</a></li>
<li class="toctree-l3"><a class="reference internal" href="#administrative-tools">4.1.2. Administrative Tools</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="#signals">4.2. Signals</a></li>
<li class="toctree-l2"><a class="reference internal" href="#plugins">4.3. Plugins</a></li>
<li class="toctree-l2"><a class="reference internal" href="#configuring-plugins">4.4. Configuring Plugins</a></li>
<li class="toctree-l2"><a class="reference internal" href="#developing-plugins">4.5. Developing Plugins</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="chapter5.html">5. DNSSEC</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter6.html">6. Advanced Configurations</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter7.html">7. Security Configurations</a></li>
<li class="toctree-l1"><a class="reference internal" href="reference.html">8. Configuration Reference</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter9.html">9. Troubleshooting</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter10.html">10. Building BIND 9</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Appendices</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="notes.html">Release Notes</a></li>
<li class="toctree-l1"><a class="reference internal" href="changelog.html">Changelog</a></li>
<li class="toctree-l1"><a class="reference internal" href="dnssec-guide.html">DNSSEC Guide</a></li>
<li class="toctree-l1"><a class="reference internal" href="history.html">A Brief History of the DNS and BIND</a></li>
<li class="toctree-l1"><a class="reference internal" href="general.html">General DNS Reference Information</a></li>
<li class="toctree-l1"><a class="reference internal" href="manpages.html">Manual Pages</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" >
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="index.html">BIND 9</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="index.html" class="icon icon-home" aria-label="Home"></a></li>
<li class="breadcrumb-item active"><span class="section-number">4. </span>Name Server Operations</li>
<li class="wy-breadcrumbs-aside">
<a href="_sources/chapter4.rst.txt" rel="nofollow"> View page source</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<section id="name-server-operations">
<span id="ns-operations"></span><h1><span class="section-number">4. </span>Name Server Operations<a class="headerlink" href="#name-server-operations" title="Link to this heading"></a></h1>
<section id="tools-for-use-with-the-name-server-daemon">
<span id="tools"></span><h2><span class="section-number">4.1. </span>Tools for Use With the Name Server Daemon<a class="headerlink" href="#tools-for-use-with-the-name-server-daemon" title="Link to this heading"></a></h2>
<p>This section describes several indispensable diagnostic, administrative,
and monitoring tools available to the system administrator for
controlling and debugging the name server daemon.</p>
<section id="diagnostic-tools">
<span id="id1"></span><h3><span class="section-number">4.1.1. </span>Diagnostic Tools<a class="headerlink" href="#diagnostic-tools" title="Link to this heading"></a></h3>
<p>The <a class="reference internal" href="manpages.html#std-iscman-dig"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">dig</span></code></a>, <a class="reference internal" href="manpages.html#std-iscman-host"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">host</span></code></a>, and <a class="reference internal" href="manpages.html#std-iscman-nslookup"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">nslookup</span></code></a> programs are all command-line
tools for manually querying name servers. They differ in style and
output format.</p>
<dl>
<dt><a class="reference internal" href="manpages.html#std-iscman-dig"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">dig</span></code></a></dt><dd><p><a class="reference internal" href="manpages.html#std-iscman-dig"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">dig</span></code></a> is the most versatile and complete of these lookup tools. It
has two modes: simple interactive mode for a single query, and batch
mode, which executes a query for each in a list of several query
lines. All query options are accessible from the command line.</p>
<p>For more information and a list of available commands and options,
see <a class="reference internal" href="manpages.html#man-dig"><span class="std std-ref">dig - DNS lookup utility</span></a>.</p>
</dd>
<dt><a class="reference internal" href="manpages.html#std-iscman-host"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">host</span></code></a></dt><dd><p>The <a class="reference internal" href="manpages.html#std-iscman-host"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">host</span></code></a> utility emphasizes simplicity and ease of use. By
default, it converts between host names and Internet addresses, but
its functionality can be extended with the use of options.</p>
<p>For more information and a list of available commands and options,
see <a class="reference internal" href="manpages.html#man-host"><span class="std std-ref">host - DNS lookup utility</span></a>.</p>
</dd>
<dt><a class="reference internal" href="manpages.html#std-iscman-nslookup"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">nslookup</span></code></a></dt><dd><p><a class="reference internal" href="manpages.html#std-iscman-nslookup"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">nslookup</span></code></a> has two modes: interactive and non-interactive.
Interactive mode allows the user to query name servers for
information about various hosts and domains, or to print a list of
hosts in a domain. Non-interactive mode is used to print just the
name and requested information for a host or domain.</p>
<p>Due to its arcane user interface and frequently inconsistent
behavior, we do not recommend the use of <a class="reference internal" href="manpages.html#std-iscman-nslookup"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">nslookup</span></code></a>. Use <a class="reference internal" href="manpages.html#std-iscman-dig"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">dig</span></code></a>
instead.</p>
</dd>
</dl>
</section>
<section id="administrative-tools">
<span id="admin-tools"></span><h3><span class="section-number">4.1.2. </span>Administrative Tools<a class="headerlink" href="#administrative-tools" title="Link to this heading"></a></h3>
<p>Administrative tools play an integral part in the management of a
server.</p>
<dl>
<dt><a class="reference internal" href="manpages.html#std-iscman-named-checkconf"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named-checkconf</span></code></a></dt><dd><p>The <a class="reference internal" href="manpages.html#std-iscman-named-checkconf"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named-checkconf</span></code></a> program checks the syntax of a <a class="reference internal" href="manpages.html#std-iscman-named.conf"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named.conf</span></code></a>
file.</p>
<p>For more information and a list of available commands and options,
see <a class="reference internal" href="manpages.html#man-named-checkconf"><span class="std std-ref">named-checkconf - named configuration file syntax checking tool</span></a>.</p>
</dd>
<dt><a class="reference internal" href="manpages.html#std-iscman-named-checkzone"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named-checkzone</span></code></a></dt><dd><p>The <a class="reference internal" href="manpages.html#std-iscman-named-checkzone"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named-checkzone</span></code></a> program checks a zone file for syntax and
consistency.</p>
<p>For more information and a list of available commands and options,
see <a class="reference internal" href="manpages.html#man-named-checkzone"><span class="std std-ref">named-checkzone - zone file validation tool</span></a>.</p>
</dd>
<dt><a class="reference internal" href="manpages.html#std-iscman-named-compilezone"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named-compilezone</span></code></a></dt><dd><p>This tool is similar to <a class="reference internal" href="manpages.html#std-iscman-named-checkzone"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named-checkzone</span></code></a> but it always dumps the zone content
to a specified file (typically in a different format).</p>
<p>For more information and a list of available commands and options,
see <a class="reference internal" href="manpages.html#man-named-compilezone"><span class="std std-ref">named-compilezone - zone file converting tool</span></a>.</p>
</dd>
</dl>
<dl id="ops-rndc">
<dt><a class="reference internal" href="manpages.html#std-iscman-rndc"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">rndc</span></code></a></dt><dd><p>The remote name daemon control (<a class="reference internal" href="manpages.html#std-iscman-rndc"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">rndc</span></code></a>) program allows the system
administrator to control the operation of a name server.</p>
<p>See <a class="reference internal" href="manpages.html#man-rndc"><span class="std std-ref">rndc - name server control utility</span></a> for details of the available <a class="reference internal" href="manpages.html#std-iscman-rndc"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">rndc</span></code></a>
commands.</p>
<p><a class="reference internal" href="manpages.html#std-iscman-rndc"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">rndc</span></code></a> requires a configuration file, since all communication with
the server is authenticated with digital signatures that rely on a
shared secret, and there is no way to provide that secret other than
with a configuration file. The default location for the <a class="reference internal" href="manpages.html#std-iscman-rndc"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">rndc</span></code></a>
configuration file is <code class="docutils literal notranslate"><span class="pre">/etc/bind/rndc.conf</span></code>, but an alternate location
can be specified with the <a class="reference internal" href="manpages.html#cmdoption-rndc-c"><code class="xref std std-option docutils literal notranslate"><span class="pre">-c</span></code></a> option. If the configuration file is
not found, <a class="reference internal" href="manpages.html#std-iscman-rndc"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">rndc</span></code></a> also looks in <code class="docutils literal notranslate"><span class="pre">/etc/bind/rndc.key</span></code> (or whatever
<code class="docutils literal notranslate"><span class="pre">sysconfdir</span></code> was defined when the BIND build was configured). The
<code class="docutils literal notranslate"><span class="pre">rndc.key</span></code> file is generated by running <a class="reference internal" href="manpages.html#cmdoption-rndc-confgen-a"><code class="xref std std-option docutils literal notranslate"><span class="pre">rndc-confgen</span> <span class="pre">-a</span></code></a> as
described in <a class="reference internal" href="reference.html#namedconf-statement-controls" title="namedconf-statement-controls"><code class="xref any namedconf namedconf-ref docutils literal notranslate"><span class="pre">controls</span></code></a>.</p>
<p>The format of the configuration file is similar to that of
<a class="reference internal" href="manpages.html#std-iscman-named.conf"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named.conf</span></code></a>, but is limited to only three blocks: the <a class="reference internal" href="#rndcconf-statement-options" title="rndcconf-statement-options"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">options</span></code></a>,
<a class="reference internal" href="#rndcconf-statement-key" title="rndcconf-statement-key"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">key</span></code></a>, <a class="reference internal" href="#rndcconf-statement-server" title="rndcconf-statement-server"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">server</span></code></a>, and the <a class="reference internal" href="reference.html#include-grammar"><span class="std std-ref">include Directive</span></a>. These blocks are
what associate the secret keys to the servers with which they are
meant to be shared. The order of blocks is not significant.</p>
</dd>
</dl>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-options">
<span class="sig-name descname"><span class="pre">options</span></span><a class="headerlink" href="#rndcconf-statement-options" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">options</span> <span class="p">{</span>
<span class="n">default</span><span class="o">-</span><span class="n">key</span> <span class="o"><</span><span class="n">string</span><span class="o">></span><span class="p">;</span>
<span class="n">default</span><span class="o">-</span><span class="n">port</span> <span class="o"><</span><span class="n">integer</span><span class="o">></span><span class="p">;</span>
<span class="n">default</span><span class="o">-</span><span class="n">server</span> <span class="o"><</span><span class="n">string</span><span class="o">></span><span class="p">;</span>
<span class="n">default</span><span class="o">-</span><span class="n">source</span><span class="o">-</span><span class="n">address</span> <span class="p">(</span> <span class="o"><</span><span class="n">ipv4_address</span><span class="o">></span> <span class="o">|</span> <span class="o">*</span> <span class="p">);</span>
<span class="n">default</span><span class="o">-</span><span class="n">source</span><span class="o">-</span><span class="n">address</span><span class="o">-</span><span class="n">v6</span> <span class="p">(</span> <span class="o"><</span><span class="n">ipv6_address</span><span class="o">></span> <span class="o">|</span> <span class="o">*</span> <span class="p">);</span>
<span class="p">};</span>
</pre></div>
</div>
</p>
<p><strong>Blocks: </strong>topmost</p>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-default-server">
<span class="sig-name descname"><span class="pre">default-server</span></span><a class="headerlink" href="#rndcconf-statement-default-server" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><code class="docutils literal notranslate"><span class="pre">default-server</span> <span class="pre"><string>;</span></code></p>
<p><strong>Blocks: </strong>options</p>
<p><a class="reference internal" href="#rndcconf-statement-default-server" title="rndcconf-statement-default-server"><code class="xref any rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">default-server</span></code></a> takes a
host name or address argument and represents the server that is
contacted if no <a class="reference internal" href="manpages.html#cmdoption-rndc-s"><code class="xref std std-option docutils literal notranslate"><span class="pre">-s</span></code></a> option is provided on the command line.</p>
</dd></dl>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-default-key">
<span class="sig-name descname"><span class="pre">default-key</span></span><a class="headerlink" href="#rndcconf-statement-default-key" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><code class="docutils literal notranslate"><span class="pre">default-key</span> <span class="pre"><string>;</span></code></p>
<p><strong>Blocks: </strong>options</p>
<p><a class="reference internal" href="#rndcconf-statement-default-key" title="rndcconf-statement-default-key"><code class="xref any rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">default-key</span></code></a> takes the name of a key as its argument, as defined
by a <a class="reference internal" href="#rndcconf-statement-key" title="rndcconf-statement-key"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">key</span></code></a> block.</p>
</dd></dl>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-default-port">
<span class="sig-name descname"><span class="pre">default-port</span></span><a class="headerlink" href="#rndcconf-statement-default-port" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><code class="docutils literal notranslate"><span class="pre">default-port</span> <span class="pre"><integer>;</span></code></p>
<p><strong>Blocks: </strong>options</p>
<p><a class="reference internal" href="#rndcconf-statement-default-port" title="rndcconf-statement-default-port"><code class="xref any rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">default-port</span></code></a> specifies the port to which
<a class="reference internal" href="manpages.html#std-iscman-rndc"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">rndc</span></code></a> should connect if no port is given on the command line or in
a <a class="reference internal" href="#rndcconf-statement-server" title="rndcconf-statement-server"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">server</span></code></a> block.</p>
</dd></dl>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-default-source-address">
<span class="sig-name descname"><span class="pre">default-source-address</span></span><a class="headerlink" href="#rndcconf-statement-default-source-address" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><code class="docutils literal notranslate"><span class="pre">default-source-address</span> <span class="pre">(</span> <span class="pre"><ipv4_address></span> <span class="pre">|</span> <span class="pre">*</span> <span class="pre">);</span></code></p>
<p><strong>Blocks: </strong>options</p>
</dd></dl>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-default-source-address-v6">
<span class="sig-name descname"><span class="pre">default-source-address-v6</span></span><a class="headerlink" href="#rndcconf-statement-default-source-address-v6" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><code class="docutils literal notranslate"><span class="pre">default-source-address-v6</span> <span class="pre">(</span> <span class="pre"><ipv6_address></span> <span class="pre">|</span> <span class="pre">*</span> <span class="pre">);</span></code></p>
<p><strong>Blocks: </strong>options</p>
<p><a class="reference internal" href="#rndcconf-statement-default-source-address" title="rndcconf-statement-default-source-address"><code class="xref any rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">default-source-address</span></code></a> and <a class="reference internal" href="#rndcconf-statement-default-source-address-v6" title="rndcconf-statement-default-source-address-v6"><code class="xref any rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">default-source-address-v6</span></code></a> specify
the IPv4 and IPv6 source address used to communicate with the server
if no address is given on the command line or in a
<a class="reference internal" href="#rndcconf-statement-server" title="rndcconf-statement-server"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">server</span></code></a> block.</p>
</dd></dl>
</dd></dl>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-key">
<span class="sig-name descname"><span class="pre">key</span></span><a class="headerlink" href="#rndcconf-statement-key" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar server: </strong><code class="docutils literal notranslate"><span class="pre">key</span> <span class="pre"><string>;</span></code></p>
<p><strong>Grammar topmost: </strong><div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">key</span> <span class="o"><</span><span class="n">string</span><span class="o">></span> <span class="p">{</span>
<span class="n">algorithm</span> <span class="o"><</span><span class="n">string</span><span class="o">></span><span class="p">;</span>
<span class="n">secret</span> <span class="o"><</span><span class="n">string</span><span class="o">></span><span class="p">;</span>
<span class="p">};</span> <span class="o">//</span> <span class="n">may</span> <span class="n">occur</span> <span class="n">multiple</span> <span class="n">times</span>
</pre></div>
</div>
</p>
<p><strong>Blocks: </strong>topmost, server</p>
<p>The <a class="reference internal" href="#rndcconf-statement-key" title="rndcconf-statement-key"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">key</span></code></a> block defines a key to be used by <a class="reference internal" href="manpages.html#std-iscman-rndc"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">rndc</span></code></a> when
authenticating with <a class="reference internal" href="manpages.html#std-iscman-named"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named</span></code></a>. Its syntax is identical to the <a class="reference internal" href="reference.html#namedconf-statement-key" title="namedconf-statement-key"><code class="xref namedconf namedconf-ref docutils literal notranslate"><span class="pre">key</span></code></a>
statement in <a class="reference internal" href="manpages.html#std-iscman-named.conf"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named.conf</span></code></a>. The keyword <a class="reference internal" href="#rndcconf-statement-key" title="rndcconf-statement-key"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">key</span></code></a> is followed by a key
name, which must be a valid domain name, though it need not actually
be hierarchical; thus, a string like <code class="docutils literal notranslate"><span class="pre">rndc_key</span></code> is a valid name.
The <a class="reference internal" href="#rndcconf-statement-key" title="rndcconf-statement-key"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">key</span></code></a> block has two statements: <a class="reference internal" href="#rndcconf-statement-algorithm" title="rndcconf-statement-algorithm"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">algorithm</span></code></a> and <a class="reference internal" href="#rndcconf-statement-secret" title="rndcconf-statement-secret"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">secret</span></code></a>.</p>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-algorithm">
<span class="sig-name descname"><span class="pre">algorithm</span></span><a class="headerlink" href="#rndcconf-statement-algorithm" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><code class="docutils literal notranslate"><span class="pre">algorithm</span> <span class="pre"><string>;</span></code></p>
<p><strong>Blocks: </strong>key</p>
<p>While the configuration parser accepts any string as the argument
to <a class="reference internal" href="#rndcconf-statement-algorithm" title="rndcconf-statement-algorithm"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">algorithm</span></code></a>, currently only the strings <code class="docutils literal notranslate"><span class="pre">hmac-md5</span></code>,
<code class="docutils literal notranslate"><span class="pre">hmac-sha1</span></code>, <code class="docutils literal notranslate"><span class="pre">hmac-sha224</span></code>, <code class="docutils literal notranslate"><span class="pre">hmac-sha256</span></code>,
<code class="docutils literal notranslate"><span class="pre">hmac-sha384</span></code>, and <code class="docutils literal notranslate"><span class="pre">hmac-sha512</span></code> have any meaning.</p>
</dd></dl>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-secret">
<span class="sig-name descname"><span class="pre">secret</span></span><a class="headerlink" href="#rndcconf-statement-secret" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><code class="docutils literal notranslate"><span class="pre">secret</span> <span class="pre"><string>;</span></code></p>
<p><strong>Blocks: </strong>key</p>
<p>The secret
is a Base64-encoded string as specified in <span class="target" id="index-0"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3548.html"><strong>RFC 3548</strong></a>.</p>
</dd></dl>
</dd></dl>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-server">
<span class="sig-name descname"><span class="pre">server</span></span><a class="headerlink" href="#rndcconf-statement-server" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">server</span> <span class="o"><</span><span class="n">string</span><span class="o">></span> <span class="p">{</span>
<span class="n">addresses</span> <span class="p">{</span> <span class="p">(</span> <span class="o"><</span><span class="n">quoted_string</span><span class="o">></span> <span class="p">[</span> <span class="n">port</span> <span class="o"><</span><span class="n">integer</span><span class="o">></span> <span class="p">]</span> <span class="o">|</span> <span class="o"><</span><span class="n">ipv4_address</span><span class="o">></span> <span class="p">[</span> <span class="n">port</span> <span class="o"><</span><span class="n">integer</span><span class="o">></span> <span class="p">]</span> <span class="o">|</span> <span class="o"><</span><span class="n">ipv6_address</span><span class="o">></span> <span class="p">[</span> <span class="n">port</span> <span class="o"><</span><span class="n">integer</span><span class="o">></span> <span class="p">]</span> <span class="p">);</span> <span class="o">...</span> <span class="p">};</span>
<span class="n">key</span> <span class="o"><</span><span class="n">string</span><span class="o">></span><span class="p">;</span>
<span class="n">port</span> <span class="o"><</span><span class="n">integer</span><span class="o">></span><span class="p">;</span>
<span class="n">source</span><span class="o">-</span><span class="n">address</span> <span class="p">(</span> <span class="o"><</span><span class="n">ipv4_address</span><span class="o">></span> <span class="o">|</span> <span class="o">*</span> <span class="p">);</span>
<span class="n">source</span><span class="o">-</span><span class="n">address</span><span class="o">-</span><span class="n">v6</span> <span class="p">(</span> <span class="o"><</span><span class="n">ipv6_address</span><span class="o">></span> <span class="o">|</span> <span class="o">*</span> <span class="p">);</span>
<span class="p">};</span> <span class="o">//</span> <span class="n">may</span> <span class="n">occur</span> <span class="n">multiple</span> <span class="n">times</span>
</pre></div>
</div>
</p>
<p><strong>Blocks: </strong>topmost</p>
<p>The <a class="reference internal" href="#rndcconf-statement-server" title="rndcconf-statement-server"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">server</span></code></a> block specifies connection parameters for a given server.
The server can be specified as a host name or address.</p>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-addresses">
<span class="sig-name descname"><span class="pre">addresses</span></span><a class="headerlink" href="#rndcconf-statement-addresses" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><code class="docutils literal notranslate"><span class="pre">addresses</span> <span class="pre">{</span> <span class="pre">(</span> <span class="pre"><quoted_string></span> <span class="pre">[</span> <span class="pre">port</span> <span class="pre"><integer></span> <span class="pre">]</span> <span class="pre">|</span> <span class="pre"><ipv4_address></span> <span class="pre">[</span> <span class="pre">port</span> <span class="pre"><integer></span> <span class="pre">]</span> <span class="pre">|</span> <span class="pre"><ipv6_address></span> <span class="pre">[</span> <span class="pre">port</span> <span class="pre"><integer></span> <span class="pre">]</span> <span class="pre">);</span> <span class="pre">...</span> <span class="pre">};</span></code></p>
<p><strong>Blocks: </strong>server</p>
<p>Specifies one or more addresses to use when communicating with this
server.</p>
</dd></dl>
<dl class="simple">
<dt><a class="reference internal" href="#rndcconf-statement-key" title="rndcconf-statement-key"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">key</span></code></a></dt><dd><p>Associates a key defined using the <a class="reference internal" href="#rndcconf-statement-key" title="rndcconf-statement-key"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">key</span></code></a> statement with a
server.</p>
</dd>
</dl>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-port">
<span class="sig-name descname"><span class="pre">port</span></span><a class="headerlink" href="#rndcconf-statement-port" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><code class="docutils literal notranslate"><span class="pre">port</span> <span class="pre"><integer>;</span></code></p>
<p><strong>Blocks: </strong>server</p>
<p>Specifes the port <a class="reference internal" href="manpages.html#std-iscman-rndc"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">rndc</span></code></a> should connect to on the server.</p>
</dd></dl>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-source-address">
<span class="sig-name descname"><span class="pre">source-address</span></span><a class="headerlink" href="#rndcconf-statement-source-address" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><code class="docutils literal notranslate"><span class="pre">source-address</span> <span class="pre">(</span> <span class="pre"><ipv4_address></span> <span class="pre">|</span> <span class="pre">*</span> <span class="pre">);</span></code></p>
<p><strong>Blocks: </strong>server</p>
</dd></dl>
<dl class="rndcconf statement">
<dt class="sig sig-object rndcconf" id="rndcconf-statement-source-address-v6">
<span class="sig-name descname"><span class="pre">source-address-v6</span></span><a class="headerlink" href="#rndcconf-statement-source-address-v6" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><code class="docutils literal notranslate"><span class="pre">source-address-v6</span> <span class="pre">(</span> <span class="pre"><ipv6_address></span> <span class="pre">|</span> <span class="pre">*</span> <span class="pre">);</span></code></p>
<p><strong>Blocks: </strong>server</p>
<p>Overrides <a class="reference internal" href="#rndcconf-statement-default-source-address" title="rndcconf-statement-default-source-address"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">default-source-address</span></code></a> and
<a class="reference internal" href="#rndcconf-statement-default-source-address-v6" title="rndcconf-statement-default-source-address-v6"><code class="xref rndcconf rndcconf-ref docutils literal notranslate"><span class="pre">default-source-address-v6</span></code></a> for this specific server.</p>
</dd></dl>
<p>A sample minimal configuration file is as follows:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">key</span> <span class="n">rndc_key</span> <span class="p">{</span>
<span class="n">algorithm</span> <span class="s2">"hmac-sha256"</span><span class="p">;</span>
<span class="n">secret</span>
<span class="s2">"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"</span><span class="p">;</span>
<span class="p">};</span>
<span class="n">options</span> <span class="p">{</span>
<span class="n">default</span><span class="o">-</span><span class="n">server</span> <span class="mf">127.0.0.1</span><span class="p">;</span>
<span class="n">default</span><span class="o">-</span><span class="n">key</span> <span class="n">rndc_key</span><span class="p">;</span>
<span class="p">};</span>
</pre></div>
</div>
<p>This file, if installed as <code class="docutils literal notranslate"><span class="pre">/etc/bind/rndc.conf</span></code>, allows the
command:</p>
<p><a class="reference internal" href="manpages.html#cmdoption-rndc-arg-reload"><code class="xref std std-option docutils literal notranslate"><span class="pre">rndc</span> <span class="pre">reload</span></code></a></p>
<p>to connect to 127.0.0.1 port 953 and causes the name server to reload,
if a name server on the local machine is running with the following
controls statements:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">controls</span> <span class="p">{</span>
<span class="n">inet</span> <span class="mf">127.0.0.1</span>
<span class="n">allow</span> <span class="p">{</span> <span class="n">localhost</span><span class="p">;</span> <span class="p">}</span> <span class="n">keys</span> <span class="p">{</span> <span class="n">rndc_key</span><span class="p">;</span> <span class="p">};</span>
<span class="p">};</span>
</pre></div>
</div>
<p>and it has an identical key block for <code class="docutils literal notranslate"><span class="pre">rndc_key</span></code>.</p>
<p>Running the <a class="reference internal" href="manpages.html#std-iscman-rndc-confgen"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">rndc-confgen</span></code></a> program conveniently creates an
<a class="reference internal" href="manpages.html#std-iscman-rndc.conf"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">rndc.conf</span></code></a> file, and also displays the corresponding
<a class="reference internal" href="reference.html#namedconf-statement-controls" title="namedconf-statement-controls"><code class="xref any namedconf namedconf-ref docutils literal notranslate"><span class="pre">controls</span></code></a> statement needed to add to <a class="reference internal" href="manpages.html#std-iscman-named.conf"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named.conf</span></code></a>.
Alternatively, it is possible to run <a class="reference internal" href="manpages.html#cmdoption-rndc-confgen-a"><code class="xref std std-option docutils literal notranslate"><span class="pre">rndc-confgen</span> <span class="pre">-a</span></code></a> to set up an
<code class="docutils literal notranslate"><span class="pre">rndc.key</span></code> file and not modify <a class="reference internal" href="manpages.html#std-iscman-named.conf"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named.conf</span></code></a> at all.</p>
</dd></dl>
</section>
</section>
<section id="signals">
<h2><span class="section-number">4.2. </span>Signals<a class="headerlink" href="#signals" title="Link to this heading"></a></h2>
<p>Certain Unix signals cause the name server to take specific actions, as
described in the following table. These signals can be sent using the
<code class="docutils literal notranslate"><span class="pre">kill</span></code> command.</p>
<table class="docutils align-default">
<tbody>
<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">SIGHUP</span></code></p></td>
<td><p>Causes the server to read <a class="reference internal" href="manpages.html#std-iscman-named.conf"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named.conf</span></code></a> and reload
the database.</p></td>
</tr>
<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">SIGTERM</span></code></p></td>
<td><p>Causes the server to clean up and exit.</p></td>
</tr>
<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">SIGINT</span></code></p></td>
<td><p>Causes the server to clean up and exit.</p></td>
</tr>
</tbody>
</table>
</section>
<section id="plugins">
<span id="module-info"></span><h2><span class="section-number">4.3. </span>Plugins<a class="headerlink" href="#plugins" title="Link to this heading"></a></h2>
<p>Plugins are a mechanism to extend the functionality of <a class="reference internal" href="manpages.html#std-iscman-named"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named</span></code></a> using
dynamically loadable libraries. By using plugins, core server
functionality can be kept simple for the majority of users; more complex
code implementing optional features need only be installed by users that
need those features.</p>
<p>The plugin interface is a work in progress, and is expected to evolve as
more plugins are added. Currently, only “query plugins” are supported;
these modify the name server query logic. Other plugin types may be
added in the future.</p>
<p>The only plugin currently included in BIND is <a class="reference internal" href="manpages.html#std-iscman-filter-aaaa"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">filter-aaaa.so</span></code></a>, which
replaces the <code class="docutils literal notranslate"><span class="pre">filter-aaaa</span></code> feature that previously existed natively as
part of <a class="reference internal" href="manpages.html#std-iscman-named"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named</span></code></a>. The code for this feature has been removed from
<a class="reference internal" href="manpages.html#std-iscman-named"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named</span></code></a> and can no longer be configured using standard <a class="reference internal" href="manpages.html#std-iscman-named.conf"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named.conf</span></code></a>
syntax, but linking in the <a class="reference internal" href="manpages.html#std-iscman-filter-aaaa"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">filter-aaaa.so</span></code></a> plugin provides identical
functionality.</p>
</section>
<section id="configuring-plugins">
<h2><span class="section-number">4.4. </span>Configuring Plugins<a class="headerlink" href="#configuring-plugins" title="Link to this heading"></a></h2>
<dl class="namedconf statement">
<dt class="sig sig-object namedconf" id="namedconf-statement-plugin">
<span class="sig-name descname"><span class="pre">plugin</span></span><a class="headerlink" href="#namedconf-statement-plugin" title="Link to this definition"></a></dt>
<dd><p><strong>Grammar: </strong><code class="docutils literal notranslate"><span class="pre">plugin</span> <span class="pre">(</span> <span class="pre">query</span> <span class="pre">)</span> <span class="pre"><string></span> <span class="pre">[</span> <span class="pre">{</span> <span class="pre"><unspecified-text></span> <span class="pre">}</span> <span class="pre">];</span> <span class="pre">//</span> <span class="pre">may</span> <span class="pre">occur</span> <span class="pre">multiple</span> <span class="pre">times</span></code></p>
<p><strong>Blocks: </strong>topmost, view</p>
<p><strong>Tags: </strong>server</p>
<p><p>Configures plugins in <a class="reference internal" href="manpages.html#std-iscman-named.conf"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named.conf</span></code></a>.</p>
</p>
</dd></dl>
<p>A plugin is configured with the <a class="reference internal" href="#namedconf-statement-plugin" title="namedconf-statement-plugin"><code class="xref any namedconf namedconf-ref docutils literal notranslate"><span class="pre">plugin</span></code></a> statement in <a class="reference internal" href="manpages.html#std-iscman-named.conf"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named.conf</span></code></a>:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">plugin</span> <span class="n">query</span> <span class="s2">"library.so"</span> <span class="p">{</span>
<span class="n">parameters</span>
<span class="p">};</span>
</pre></div>
</div>
<p>In this example, file <code class="docutils literal notranslate"><span class="pre">library.so</span></code> is the plugin library. <code class="docutils literal notranslate"><span class="pre">query</span></code>
indicates that this is a query plugin.</p>
<p>Multiple <a class="reference internal" href="#namedconf-statement-plugin" title="namedconf-statement-plugin"><code class="xref any namedconf namedconf-ref docutils literal notranslate"><span class="pre">plugin</span></code></a> statements can be specified, to load different
plugins or multiple instances of the same plugin.</p>
<p><code class="docutils literal notranslate"><span class="pre">parameters</span></code> are passed as an opaque string to the plugin’s initialization
routine. Configuration syntax differs depending on the module.</p>
</section>
<section id="developing-plugins">
<h2><span class="section-number">4.5. </span>Developing Plugins<a class="headerlink" href="#developing-plugins" title="Link to this heading"></a></h2>
<p>Each plugin implements four functions:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">plugin_register</span></code>
to allocate memory, configure a plugin instance, and attach to hook
points within
<a class="reference internal" href="manpages.html#std-iscman-named"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named</span></code></a>
,</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">plugin_destroy</span></code>
to tear down the plugin instance and free memory,</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">plugin_version</span></code>
to check that the plugin is compatible with the current version of
the plugin API,</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">plugin_check</span></code>
to test syntactic correctness of the plugin parameters.</p></li>
</ul>
<p>At various locations within the <a class="reference internal" href="manpages.html#std-iscman-named"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named</span></code></a> source code, there are “hook
points” at which a plugin may register itself. When a hook point is
reached while <a class="reference internal" href="manpages.html#std-iscman-named"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named</span></code></a> is running, it is checked to see whether any
plugins have registered themselves there; if so, the associated “hook
action” - a function within the plugin library - is called. Hook
actions may examine the runtime state and make changes: for example,
modifying the answers to be sent back to a client or forcing a query to
be aborted. More details can be found in the file
<code class="docutils literal notranslate"><span class="pre">lib/ns/include/ns/hooks.h</span></code>.</p>
</section>
</section>
</div>
</div>
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="chapter3.html" class="btn btn-neutral float-left" title="3. Configurations and Zone Files" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="chapter5.html" class="btn btn-neutral float-right" title="5. DNSSEC" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>
<div role="contentinfo">
<p>© Copyright 2025, Internet Systems Consortium.</p>
</div>
Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
<a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>