man_knotc.rst 4.84 KB
Newer Older
1 2
.. highlight:: console

3 4
knotc – Knot DNS control utility
================================
Jan Včelák's avatar
Jan Včelák committed
5 6 7 8 9 10 11 12 13 14 15 16 17

Synopsis
--------

:program:`knotc` [*parameters*] *action* [*action_args*]

Description
-----------

Parameters
..........

**-c**, **--config** *file*
18
  Use a textual configuration file (default is :file:`@conf_dir@/knot.conf`).
Jan Včelák's avatar
Jan Včelák committed
19 20

**-C**, **--confdb** *directory*
21
  Use a binary configuration database.
Jan Včelák's avatar
Jan Včelák committed
22 23 24 25 26 27 28 29

**-s**, **--server** *server*
  Remote UNIX socket/IP address (default is :file:`@run_dir@/knot.sock`).

**-p**, **--port** *port*
  Remote server port (only for IP).

**-y**, **--key** [*alg*:]\ *name*:*key*
30
  Use the TSIG key specified on the command line (default algorithm is hmac-md5).
Jan Včelák's avatar
Jan Včelák committed
31 32

**-k**, **--keyfile** *file*
33
  Use the TSIG key stored in a file *file* to authenticate the request. The
34 35
  file must contain the key in the same format, which is accepted by the
  **-y** option.
Jan Včelák's avatar
Jan Včelák committed
36 37 38 39 40 41 42 43

**-f**, **--force**
  Force operation. Overrides some checks.

**-v**, **--verbose**
  Verbose mode. Print additional runtime information.

**-V**, **--version**
44
  Print the program version.
Jan Včelák's avatar
Jan Včelák committed
45 46 47 48 49 50 51

**-h**, **--help**
  Print help and usage.

Actions
.......

52
If the optional *zone* argument is not specified, the command is applied to all
Jan Včelák's avatar
Jan Včelák committed
53
zones.
54 55
Configuration *item* is in the *section*\ [**[**\ *id*\ **]**\ ][**.**\ *item*]
format.
Jan Včelák's avatar
Jan Včelák committed
56 57 58 59 60

**stop**
  Stop server (no-op if not running).

**reload** [*zone*...]
61
  Reload particular zones or reload the whole configuration and changed zones.
Jan Včelák's avatar
Jan Včelák committed
62 63 64 65 66 67 68 69

**flush** [*zone*...]
  Flush journal and update zone files.

**status**
  Check if server is running.

**zonestatus** [*zone*...]
70
  Show the status of listed zones.
Jan Včelák's avatar
Jan Včelák committed
71 72

**refresh** [*zone*...]
73
  Refresh slave zones. The **-f** flag forces re-transfer (zones must be specified).
Jan Včelák's avatar
Jan Včelák committed
74 75

**checkconf**
76
  Check the current configuration.
Jan Včelák's avatar
Jan Včelák committed
77 78 79 80 81 82 83 84

**checkzone** [*zone*...]
  Check zones.

**memstats** [*zone*...]
  Estimate memory consumption for zones.

**signzone** *zone*...
85
  Re-sign the zone (drop all existing signatures and create new ones).
Jan Včelák's avatar
Jan Včelák committed
86

87 88 89 90 91
**conf-import** *filename*
  Offline import of the configuration DB from a file. This is a
  potentially dangerous operation so the **-f** flag is required. Also the
  destination configuration DB must be specified via **-C**. Ensure the server
  is not running!
Jan Včelák's avatar
Jan Včelák committed
92

93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129
**conf-export** *filename*
  Export the configuration DB to a file. If no source configuration DB is
  specified, the temporary DB, corresponding to textual configuration file, is
  used.

**conf-desc** [*section*]
  Get the configuration section items list. If no section is specified,
  the list of sections is returned.

**conf-read** [*item*]
  Read from the current configuration DB.

**conf-begin**
  Begin a writing configuration DB transaction. Only one transaction can be
  opened at a time.

**conf-commit**
  Commit the current writing configuration DB transaction.

**conf-abort**
  Abort the current writing configuration DB transaction.

**conf-diff** [*item*]
  Get the difference between the active writing transaction and the current
  configuration DB. Requires active writing configuration DB transaction.

**conf-get** [*item*]
  Read from the active writing configuration DB transaction.
  Requires active writing configuration DB transaction.

**conf-set** *item* [*data*...]
  Write to the active writing configuration DB transaction.
  Requires active writing configuration DB transaction.

**conf-unset** [*item*] [*data*...]
  Delete from the active writing configuration DB transaction.
  Requires active writing configuration DB transaction.
Jan Včelák's avatar
Jan Včelák committed
130 131 132 133

Examples
--------

134
Setup a key file for remote control
135
...................................
Jan Včelák's avatar
Jan Včelák committed
136

137
::
Jan Včelák's avatar
Jan Včelák committed
138

139 140 141 142 143 144 145 146 147
  $ keymgr tsig generate knotc-key > knotc-key.conf

The generated key file contains a key in the server configuration format and
thus can be directly included into the server configuration file.

Knot DNS utilities accept one-line format which is included in the generated
key file on the first line as a comment. It can be extracted easily::

  $ head -1 knotc-key.conf | sed 's/^#\s*//' > knotc.key
Jan Včelák's avatar
Jan Včelák committed
148

149
Make sure the key file can be read only by the owner for security reasons.
Jan Včelák's avatar
Jan Včelák committed
150 151 152 153 154 155

Reload server remotely
......................

::

156
  $ knotc -s 127.0.0.1 -k knotc.key reload
Jan Včelák's avatar
Jan Včelák committed
157 158 159 160 161 162

Flush all zones locally
.......................

::

163
  $ knotc -c knot.conf flush
Jan Včelák's avatar
Jan Včelák committed
164

165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195
Get the current server configuration
....................................

::

  $ knotc conf-read server

Get the list of the current zones
.................................

::

  $ knotc conf-read zone.domain

Get the master remotes for the example.com zone
...............................................

::

  $ knotc conf-read zone[example.com].master

Add example.eu zone with a zonefile location
............................................

::

  $ knotc conf-begin
  $ knotc conf-set zone[example.eu]
  $ knotc conf-set zone[example.eu].file "/var/zones/example.eu.zone"
  $ knotc conf-commit

Jan Včelák's avatar
Jan Včelák committed
196 197 198 199
See Also
--------

:manpage:`knotd(8)`, :manpage:`knot.conf(5)`.