mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
82 lines
2.5 KiB
Groff
82 lines
2.5 KiB
Groff
|
.TH "unbound-control" "8" "@date@" "NLnet Labs" "unbound @version@"
|
||
|
.\"
|
||
|
.\" unbound-control.8 -- unbound remote control manual
|
||
|
.\"
|
||
|
.\" Copyright (c) 2008, NLnet Labs. All rights reserved.
|
||
|
.\"
|
||
|
.\" See LICENSE for the license.
|
||
|
.\"
|
||
|
.\"
|
||
|
.SH "NAME"
|
||
|
.LP
|
||
|
unbound-control
|
||
|
\- Unbound remote server control utility.
|
||
|
.SH "SYNOPSIS"
|
||
|
.B unbound-control
|
||
|
.RB [ \-h ]
|
||
|
.RB [ \-c
|
||
|
.IR cfgfile ]
|
||
|
.RB [ \-s
|
||
|
.IR server ]
|
||
|
.IR command
|
||
|
.SH "DESCRIPTION"
|
||
|
.B Unbound-control
|
||
|
Performs remote administration on the \fIunbound\fR(8) DNS server.
|
||
|
It reads the configuration file, contacts the unbound server over SSL
|
||
|
sends the command and displays the result.
|
||
|
.P
|
||
|
The available options are:
|
||
|
.TP
|
||
|
.B \-h
|
||
|
Show the version and commandline option help.
|
||
|
.TP
|
||
|
.B \-c \fIcfgfile
|
||
|
The config file to read with settings. If not given the default
|
||
|
config file @ub_conf_file@ is used.
|
||
|
.TP
|
||
|
.B \-s \fIserver[@port]
|
||
|
IPv4 or IPv6 address of the server to contact. If not given, the
|
||
|
address is read from the config file.
|
||
|
.SH "COMMANDS"
|
||
|
There are several commands that the server understands.
|
||
|
.TP
|
||
|
.B start
|
||
|
Start the server. Simply execs \fIunbound\fR(8).
|
||
|
.TP
|
||
|
.B stop
|
||
|
Stop the server.
|
||
|
.TP
|
||
|
.B reload
|
||
|
Reload the server.
|
||
|
.SH "EXIT CODE"
|
||
|
The unbound-control program exits with status code 1 on error.
|
||
|
.SH "SET UP"
|
||
|
The setup requires a self\-signed certificate and private keys for both
|
||
|
the server and client. The script \fIunbound\-control\-setup\fR generates
|
||
|
these in the default run directory, or with \-d in another directory.
|
||
|
The script preserves private keys present in the directory.
|
||
|
After running the script as root, turn on \fBcontrol-enable\fR in
|
||
|
\fIunbound.conf\fR.
|
||
|
.SH "BROWSER SUPPORT"
|
||
|
It is also possible to administer via a browser. The client key needs
|
||
|
to be loaded into the browser, the setup script (see above) has generated
|
||
|
the file \fIunbound_control_browser.pfx\fR, with the client key and
|
||
|
certificate. By default it is stored with an empty password.
|
||
|
This can be loaded into a web browser, say Firefox, in the preferences \-
|
||
|
advanced \- encryption \- view certificates \- your certs window.
|
||
|
Then connect to the server control port (https://localhost:953) and
|
||
|
create a security override to accept the self-signed certificate from
|
||
|
the unbound server.
|
||
|
.SH "FILES"
|
||
|
.TP
|
||
|
.I @ub_conf_file@
|
||
|
unbound configuration file.
|
||
|
.TP
|
||
|
.I @UNBOUND_RUN_DIR@
|
||
|
directory with private keys (unbound_server.key and unbound_control.key),
|
||
|
self-signed certificates (unbound_server.pem and unbound_control.pem) and
|
||
|
unbound_control_browser.pfx file.
|
||
|
.SH "SEE ALSO"
|
||
|
\fIunbound.conf\fR(5),
|
||
|
\fIunbound\fR(8).
|