Using the rndc command you can send commands to your DNS servers over TCP authenticated by digital signatures. Without any parameters the command prints out its options:
Usage: rndc [-c config] [-s server] [-p port]
[-k key-file ] [-y key] [-V] command
command is one of the following:
reload Reload configuration file and zones.
reload zone [class [view]]
Reload a single zone.
refresh zone [class [view]]
Schedule immediate maintenance for a zone.
retransfer zone [class [view]]
Retransfer a single zone without checking serial number.
freeze zone [class [view]]
Suspend updates to a dynamic zone.
thaw zone [class [view]]
Enable updates to a frozen dynamic zone and reload it.
reconfig Reload configuration file and new zones only.
stats Write server statistics to the statistics file.
querylog Toggle query logging.
dumpdb [-all|-cache|-zones] [view ...]
Dump cache(s) to the dump file (named_dump.db).
stop Save pending updates to master files and stop the server.
stop -p Save pending updates to master files and stop the server
reporting process id.
halt Stop the server without saving pending updates.
halt -p Stop the server without saving pending updates reporting
process id.
trace Increment debugging level by one.
trace level Change the debugging level.
notrace Set debugging level to 0.
flush Flushes all of the server's caches.
flush [view] Flushes the server's cache for a view.
flushname name [view]
Flush the given name from the server's cache(s)
status Display status of the server.
recursing Dump the queries that are currently recursing (named.recursing)
*restart Restart the server.
* == not yet implemented
Version: 9.3.2
Because digital signatures are used for authentication with the name server daemon, you must speicify either a key-file ( -k option) or key on the command line ( -y option). If no key or key-file is sepcified then rndc will look in the rndc.conf file.
So now you can do cool stuff like turn query logging on and off with:
# rndc querylog
# ping -c 1 www.google.com
# tail /var/log/messages
Jun 28 23:48:21 poseidon named[1986]: query logging is now on
Jun 28 23:48:48 poseidon named[1986]: client 192.168.116.10#33362: query: www.google.com IN A +
# rndc querylog
# tail /var/log/messages
Jun 28 23:51:32 poseidon named[1986]: query logging is now off
You can dump the name server cache with the command:
# rndc dumpdb -cache
The dump file will be specified in the named.conf file in the options directive:
dump-file "/var/named/data/cache_dump.db";
Since my server runs in a chrooted environment the location is actually /var/named/chroot/var/damed/data/cache_dump.db. The file itself is just plain text so you can view it in any editor.
No comments:
Post a Comment