man_knotc.rst 2.47 KB
Newer Older
1 2
.. highlight:: console

3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
knotc -- Knot DNS control utility
=================================

Synopsis
--------

:program:`knotc` [*parameters*] *action* [*action_args*]

Description
-----------

Parameters
..........

**-c**, **--config** *file*
  Use textual configuration file (default is :file:`@conf_dir@/knot.conf`).

**-C**, **--confdb** *directory*
  Use binary configuration database.

**-s**, **--server** *server*
  Remote UNIX socket/IP address (default is :file:`@run_dir@/knot.sock`).

**-p**, **--port** *port*
  Remote server port (only for IP).

**-y**, **--key** [*alg*:]\ *name*:*key*
  Use key specified on the command line (default algorithm is hmac-md5).

**-k**, **--keyfile** *file*
  Use key file.

**-f**, **--force**
  Force operation. Overrides some checks.

**-v**, **--verbose**
  Verbose mode. Print additional runtime information.

**-V**, **--version**
Daniel Salzman's avatar
Daniel Salzman committed
42
  Print program version.
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97

**-h**, **--help**
  Print help and usage.

Actions
.......

If an optional *zone* argument is not specified, the command is applied to all
zones.

**stop**
  Stop server (no-op if not running).

**reload** [*zone*...]
  Reload particular zones or reload whole configuration and changed zones.

**flush** [*zone*...]
  Flush journal and update zone files.

**status**
  Check if server is running.

**zonestatus** [*zone*...]
  Show status of configured zones.

**refresh** [*zone*...]
  Refresh slave zones. Flag **-f** forces re-transfer (zones must be specified).

**checkconf**
  Check current configuration.

**checkzone** [*zone*...]
  Check zones.

**memstats** [*zone*...]
  Estimate memory consumption for zones.

**signzone** *zone*...
  Resign the zone (drop all existing signatures and create new ones).

**import** *file*
  Import configuration database from file. This is potentially dangerous
  operation, thus flag **-f** is required.

**export** *file*
  Export configuration database to file.

Examples
--------

Setup a keyfile for remote control
..................................

1. Generate key::

98
     $ dnssec-keygen -a hmac-md5 -b 256 -n HOST knotc-key
99 100 101

2. Extract secret in base64 format and create keyfile::

102
     $ echo "knotc-key hmac-md5 <secret>" > knotc.key
103 104 105 106 107 108 109 110

Make sure the key can be read/written only by the owner for security reasons.

Reload server remotely
......................

::

111
  $ knotc -s 127.0.0.1 -k knotc.key reload
112 113 114 115 116 117

Flush all zones locally
.......................

::

118
  $ knotc -c knot.conf flush
119 120 121 122 123

See Also
--------

:manpage:`knotd(8)`, :manpage:`knot.conf(5)`.