- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch03.html,v 1.77.50.1 2010/01/08 02:08:24 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch03.html,v 1.77.50.4 2010/08/17 00:08:26 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568361">Name Server Operations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568366">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570128">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570381">Signals</a></span></dt>
</dl></dd>
</dl>
</div>
<span><strong class="command">key-directory</strong></span> in
<a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
- Usage”</a>), and merge them
- into the zone's DNSKEY RRset. If the DNSKEY RRset
- is changed as a result of this, then the zone is
- automatically re-signed with the new key set.
+ Usage”</a>). If they are within
+ their publication period, merge them into the
+ zone's DNSKEY RRset. If the DNSKEY RRset
+ is changed, then the zone is automatically
+ re-signed with the new key set.
</p>
<p>
This command requires that the
more details.
</p>
</dd>
+<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em>
+ [<span class="optional"><em class="replaceable"><code>class</code></em>
+ [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd>
+<p>
+ Fetch all DNSSEC keys for the given zone
+ from the key directory (see
+ <span><strong class="command">key-directory</strong></span> in
+ <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
+ Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
+ Usage”</a>). If they are within
+ their publication period, merge them into the
+ zone's DNSKEY RRset. Unlike <span><strong class="command">rndc
+ sign</strong></span>, however, the zone is not
+ immediately re-signed by the new keys, but is
+ allowed to incrementally re-sign over time.
+ </p>
+<p>
+ This command requires that the
+ <span><strong class="command">auto-dnssec</strong></span> zone option to
+ be set to <code class="literal">maintain</code> or
+ <code class="literal">create</code>, and also requires
+ the zone to be configured to allow dynamic DNS.
+ See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a> for
+ more details.
+ </p>
+</dd>
<dt><span class="term"><strong class="userinput"><code>freeze
[<span class="optional"><em class="replaceable"><code>zone</code></em>
[<span class="optional"><em class="replaceable"><code>class</code></em>
specified, all
views are dumped.
</p></dd>
+<dt><span class="term"><strong class="userinput"><code>secroots
+ [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
+<dd><p>
+ Dump the server's security roots to the secroots
+ file for the specified views. If no view is
+ specified, security roots for all
+ views are dumped.
+ </p></dd>
<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
<dd><p>
Stop the server, making sure any recent changes
set to <strong class="userinput"><code>yes</code></strong> to be effective.
It defaults to enabled.
</p></dd>
+<dt><span class="term"><strong class="userinput"><code>addzone
+ <em class="replaceable"><code>zone</code></em>
+ [<span class="optional"><em class="replaceable"><code>class</code></em>
+ [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]
+ <em class="replaceable"><code>configuration</code></em>
+ </code></strong></span></dt>
+<dd>
+<p>
+ Add a zone while the server is running. This
+ command requires the
+ <span><strong class="command">allow-new-zones</strong></span> option to be set
+ to <strong class="userinput"><code>yes</code></strong>. The
+ <em class="replaceable"><code>configuration</code></em> string
+ specified on the command line is the zone
+ configuration text that would ordinarily be
+ placed in <code class="filename">named.conf</code>.
+ </p>
+<p>
+ The configuration is saved in a file called
+ <code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>,
+ where <em class="replaceable"><code>hash</code></em> is a
+ cryptographic hash generated from the name of
+ the view. When <span><strong class="command">named</strong></span> is
+ restarted, the file will be loaded into the view
+ configuration, so that zones that were added
+ can persist after a restart.
+ </p>
+<p>
+ This sample <span><strong class="command">addzone</strong></span> command
+ would add the zone <code class="literal">example.com</code>
+ to the default view:
+ </p>
+<p>
+<code class="prompt">$ </code><strong class="userinput"><code>rndc addzone example.com '{ type master; file "example.com.db"; };'</code></strong>
+ </p>
+<p>
+ (Note the brackets and semi-colon around the zone
+ configuration text.)
+ </p>
+</dd>
+<dt><span class="term"><strong class="userinput"><code>delzone
+ <em class="replaceable"><code>zone</code></em>
+ [<span class="optional"><em class="replaceable"><code>class</code></em>
+ [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]
+ </code></strong></span></dt>
+<dd><p>
+ Delete a zone while the server is running.
+ Only zones that were originally added via
+ <span><strong class="command">rndc addzone</strong></span> can be deleted
+ in this matter.
+ </p></dd>
</dl></div>
<p>
A configuration file is required, since all
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570128"></a>Signals</h3></div></div></div>
+<a name="id2570381"></a>Signals</h3></div></div></div>
<p>
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can