Run RNDC Command (RNDC)

Where allowed to run: All environments (*ALL)
Threadsafe: No

The Run RNDC Command (RUNRNDCCMD) command, or its alias RNDC, starts the Remote Name Daemon Control utility. This command allows you to control a Domain Name System (DNS) running on your local system.

Restrictions:

You must have execute (*X) authority to the directories in the path /QIBM/UserData/OS400/DNS/_DYN
You must have read (*R) authority to the /QIBM/UserData/OS400/DNS/_DYN directory files.
You must have execute (*X) authority to the directories in the path of the RNDC configuration file.
You must have read (*R) authority to the RNDC configuration file.
You must have execute (*X) authority to the directories in the path of the RNDC key file.
You must have read (*R) authority to the key file.
You must have execute (*X) authority to the directories in the path of the output file.
You must have write (*W) authority to the output file if it already exists.
You must have read, write and execute (*RWX) authority to the output file's parent directory if the output file does not already exist.

Top

Parameters

Keyword	Description	Choices	Notes
RNDCCMD	RNDC command	Character value	Required, Positional 1
DMNNAMSVR	Domain name server	Character value, *DFT	Optional, Positional 2
PORT	Domain name server port	1-65535, 953	Optional, Positional 3
RNDCCFGF	RNDC configuration file	Path name, *DFT	Optional
SRCADR	Source address	Character value, DFT, ANY4, LOOPBACK4, ANY6, *LOOPBACK6	Optional
KEYFILE	Key file	Path name, *DFT	Optional
KEYNAME	Key name	Character value, *DFT	Optional
DEBUG	Show debug information	NO, YES	Optional
TOSTMF	Output file	Path name, *STDOUT	Optional

Top

RNDC command (RNDCCMD)

Specifies the control command to be sent to the DNS server.

This is a required parameter.

character-value

Specify the control command to run. The command must be one of the following:

reload
    Reload configuration file and zones
reload zone [class [view]]
    Reload a single zone
refresh zone [class [view]]
    Schedule immediate maintenance for a zone
retransfer zone [class [view]]
    Re-transfer a single zone from the master
sign zone [class [view]]
    Sign or re-sign a zone with the new DNSKEY
    RRset if the zone's DNSKEY RRset is changed
    after merging DNSSEC keys under the key
    directory(specified by key-directory
    option in named.conf).
    This command requires that the auto-dnssec
    zone option is set to allow or maintain,
    and that the zone is configured to allow
    dynamic updates(can be configured using
    allow-update or update-policy option)
loadkeys zone [class [view]]
    Merge DNSKEY keys under the key directory(
    specified by key-directory option in
    named.conf) into the zone's DNSKEY RRset.
    While unlike sign command, loadkeys does not
    immediately re-sign the zone with the new
    keys, the zone is allowed to incrementally
    re-sign over time.
    This command requires that the auto-dnssec
    zone option is set to maintain, and that
    the zone is configured to allow dynamic
    updates(can be configured using
    allow-update or update-policy option)
freeze
    Suspend updates to all dynamic zones
freeze zone [class [view]]
    Suspend updates to a dynamic zone. Also
    freeze causes previous updates are
    saved to the zone file
thaw
    Enable updates to all dynamic zones and
    reload them
thaw zone [class [view]]
    Enable updates to a frozen dynamic zone and
    reload it
reconfig
    Reload configuration file and new zones only
stats
    Write server statistics to the statistics file
querylog
    Toggle query logging
dumpdb [-all|-cache|-zones] [view ...]
    Dump cache(s) to the dump file (named_dump.db)
stop
    Save pending updates to master files and stop
    the server
stop -p
    Save pending updates to master files and stop
    the server reporting process id
halt
    Stop the server without saving pending updates
halt -p
    Stop the server without saving pending updates
    reporting process id
trace
    Increment debugging level by one
trace level
    Change the debugging level
notrace
    Set debugging level to 0
flush
    Flushes all of the servers caches
flush [view]
    Flushes the servers cache for a view
flushname name [view]
    Flush the given name from the servers cache(s)
status
    Display status of the server
recursing
    Dump the queries that are currently recursing
    (named.recursing)
validation [on|off] [view ...]
    Enable or disable DNSSEC validation.
    Note that dnssec-enable option also needs to
    be set to yes for DNSSEC validation

Top

Domain name server (DMNNAMSVR)

Specifies the name or the IP address of the DNS server that RNDC will use as its current server for the query session. You can specify any DNS server to which your TCP/IP network has access.

Note: RNDC sends information to DNS servers and it needs an active DNS server to send its commands. If you do not specify a DNS server with DMNNAMSVR when you start the tool, it will attempt to use the default server, port and key defined in the rndc.conf file. This is usually the loopback interface 127.0.0.1 and port 953.

*DFT: Use the default DNS server defined in the /QIBM/UserData/OS400/DNS/_DYN/rndc.conf file.
server-domain-name: Specify the name of a DNS server. This is a domain name like 'myserver.i5os.ibm.com'.
server-internet-address: Specify the IP address of a DNS server.
RNDC-server-name: Specify the name of a DNS server in the rndc.conf file. This can be the name like 'NS'.

Top

Domain name server port (PORT)

Specifies the default server port to use.

953: Use control channel port 953.
1-65535: Specify a valid port number.

Top

RNDC configuration file (RNDCCFGF)

Specifies the RNDC configuration file to be used for this session. This file contains both access key and option statements that define the default server and the access key for that server. It is possible to use RNDC to control DNS servers located on other systems if this configuration file contains the access key and server statements that apply to the remote servers.

*DFT: Use /QIBM/UserData/OS400/DNS/_DYN/rndc.conf as the default configuration file. The default server in this file is 'localhost'.
path-name: Specify the path name for a stream file containing RNDC configuration information. For example, '/home/myprofile/my-rndc-conf-file'.

Top

Source address (SRCADR)

Specifies the source address for the connection to the server.

*DFT: Uses the default supplied by the stack.
*ANY4: Use the IPv4 wildcard address ('0.0.0.0').
*LOOPBACK4: Use the IPv4 loopback address ('127.0.0.1').
*ANY6: Use the IPv6 wildcard address ('::').
*LOOPBACK6: Use the IPv6 loopback address ('::1').
character-value: Specify a valid IPv4 or IPv6 internet address.

Top

Key file (KEYFILE)

Specifies the access key file to use for this session. The key in this file will be used to authenticate commands sent to the server.

*DFT: Use /QIBM/UserData/OS400/DNS/_DYN/rndc.key as the default key file.
path-name: Specify the path name for a stream file containing key information. For example, '/home/myprofile/my-rndc-key-file'.

Top

Key name (KEYNAME)

Specifies the access key name to be used for this session. This key name must be known by the server that is being used for this session. If no key name is specified, RNDC will use the defaults from the /QIBM/UserData/OS400/DNS/_DYN/rndc.conf file.

*DFT: Use key name rndc-key.
character-value: Specify the RNDC key name to use.
The DNS server being queried needs to include this key and algorithm in its named.conf configuration file in order to allow RNDC clients with this key.

Top

Show debug information (DEBUG)

Specifies whether or not to turn debugging mode on. More information is displayed about the packet sent to the server and the resulting answer when debugging mode is on.

*NO: Turn off debugging messages.
*YES: Turn on debugging messages.

Top

Output file (TOSTMF)

Specifies the name of a stream file where all command output is written.

*STDOUT: All command output goes to the standard output device (normally the display).
path-name: Specify the path name for a stream file where output should be written.

Top

Examples

Example 1: Reload All DNS Server Configuration and Static Zones

RUNRNDCCMD   RNDCCMD('reload')

This command illustrates a simple reload of any changes to a DNS server configuration and any static zones.

The output from this type of query might look like this:

server reload successful

Similarly, if your RNDC key from the rndc.conf file is not valid, the output from this type of query might look like this:

rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the
  command protocol,
* this host is not authorized to connect,
* the clocks are not syncronized, or
* the key is invalid.

Example 2: Reload a Single Zone

RUNRNDCCMD  RNDCCMD('reload i5os.ibm.com')

This command illustrates a simple reload of a single static zone called 'i5os.ibm.com'.

The output from this type of query might look like this:

zone reload up-to-date

If the zone is not a static zone, the output from this type of query might look like this:

rndc: 'reload i5os.ibm.com' failed: dynamic zone

Example 3: Dumping the Cache

RUNRNDCCMD   RNDCCMD('dumpdb -cache')

This command illustrates how to dump the active cache on the server. The output from this type of query will be empty, because it goes to file named_dump.db in the server directory, i.e., for server NS the file would be /QIBM/UserData/OS400/DNS/NS/named_dump.db.

Top

Error messages

*ESCAPE Messages

DNS0013: Error processing command parameters.
DNS0065: Option 33 of i5/OS is required, but is not installed.
TCP7124: Program &1 in library &2 type *PGM ended abnormally.

Top