unbound/doc/unbound-control.8.in

.TH "unbound-control" "8" "@date@" "NLnet Labs" "unbound @version@"
.\"
.\" unbound-control.8 -- unbound remote control manual
.\"
.\" Copyright (c) 2008, NLnet Labs. All rights reserved.
.\"
.\" See LICENSE for the license.
.\"
.\"
.SH "NAME"
.LP
unbound-control
\- Unbound remote server control utility.
.SH "SYNOPSIS"
.B unbound-control
.RB [ \-h ]
.RB [ \-c 
.IR cfgfile ]
.RB [ \-s 
.IR server ]
.IR command
.SH "DESCRIPTION"
.B Unbound-control
Performs remote administration on the \fIunbound\fR(8) DNS server.
It reads the configuration file, contacts the unbound server over SSL
sends the command and displays the result.
.P
The available options are:
.TP
.B \-h
Show the version and commandline option help.
.TP
.B \-c \fIcfgfile
The config file to read with settings.  If not given the default
config file @ub_conf_file@ is used.
.TP
.B \-s \fIserver[@port]
IPv4 or IPv6 address of the server to contact.  If not given, the
address is read from the config file.
.SH "COMMANDS"
There are several commands that the server understands.
.TP
.B start
Start the server. Simply execs \fIunbound\fR(8).
.TP
.B stop
Stop the server.
.TP
.B reload
Reload the server.
.SH "EXIT CODE"
The unbound-control program exits with status code 1 on error.
.SH "SET UP"
The setup requires a self\-signed certificate and private keys for both 
the server and client.  The script \fIunbound\-control\-setup\fR generates
these in the default run directory, or with \-d in another directory.
The script preserves private keys present in the directory.
After running the script as root, turn on \fBcontrol-enable\fR in 
\fIunbound.conf\fR.
.SH "BROWSER SUPPORT"
It is also possible to administer via a browser.  The client key needs
to be loaded into the browser, the setup script (see above) has generated
the file \fIunbound_control_browser.pfx\fR, with the client key and 
certificate.  By default it is stored with an empty password.
This can be loaded into a web browser, say Firefox, in the preferences \- 
advanced \- encryption \- view certificates \- your certs window.
Then connect to the server control port (https://localhost:953) and 
create a security override to accept the self-signed certificate from 
the unbound server.  
.SH "FILES"
.TP
.I @ub_conf_file@
unbound configuration file.
.TP
.I @UNBOUND_RUN_DIR@
directory with private keys (unbound_server.key and unbound_control.key), 
self-signed certificates (unbound_server.pem and unbound_control.pem) and 
unbound_control_browser.pfx file.
.SH "SEE ALSO"
\fIunbound.conf\fR(5), 
\fIunbound\fR(8).
control channel security. git-svn-id: file:///svn/unbound/trunk@1229 be551aaa-1e26-0410-a405-d3ace91eadb9 2008-09-11 14:14:12 +00:00			`.TH "unbound-control" "8" "@date@" "NLnet Labs" "unbound @version@"`
			`.\"`
			`.\" unbound-control.8 -- unbound remote control manual`
			`.\"`
			`.\" Copyright (c) 2008, NLnet Labs. All rights reserved.`
			`.\"`
			`.\" See LICENSE for the license.`
			`.\"`
			`.\"`
			`.SH "NAME"`
			`.LP`
			`unbound-control`
			`\- Unbound remote server control utility.`
			`.SH "SYNOPSIS"`
			`.B unbound-control`
			`.RB [ \-h ]`
			`.RB [ \-c`
			`.IR cfgfile ]`
			`.RB [ \-s`
			`.IR server ]`
			`.IR command`
			`.SH "DESCRIPTION"`
			`.B Unbound-control`
			`Performs remote administration on the \fIunbound\fR(8) DNS server.`
			`It reads the configuration file, contacts the unbound server over SSL`
			`sends the command and displays the result.`
			`.P`
			`The available options are:`
			`.TP`
			`.B \-h`
			`Show the version and commandline option help.`
			`.TP`
			`.B \-c \fIcfgfile`
			`The config file to read with settings. If not given the default`
			`config file @ub_conf_file@ is used.`
			`.TP`
			`.B \-s \fIserver[@port]`
			`IPv4 or IPv6 address of the server to contact. If not given, the`
			`address is read from the config file.`
			`.SH "COMMANDS"`
			`There are several commands that the server understands.`
			`.TP`
			`.B start`
			`Start the server. Simply execs \fIunbound\fR(8).`
			`.TP`
			`.B stop`
			`Stop the server.`
			`.TP`
			`.B reload`
			`Reload the server.`
			`.SH "EXIT CODE"`
			`The unbound-control program exits with status code 1 on error.`
			`.SH "SET UP"`
			`The setup requires a self\-signed certificate and private keys for both`
			`the server and client. The script \fIunbound\-control\-setup\fR generates`
			`these in the default run directory, or with \-d in another directory.`
			`The script preserves private keys present in the directory.`
			`After running the script as root, turn on \fBcontrol-enable\fR in`
			`\fIunbound.conf\fR.`
			`.SH "BROWSER SUPPORT"`
			`It is also possible to administer via a browser. The client key needs`
			`to be loaded into the browser, the setup script (see above) has generated`
			`the file \fIunbound_control_browser.pfx\fR, with the client key and`
			`certificate. By default it is stored with an empty password.`
			`This can be loaded into a web browser, say Firefox, in the preferences \-`
			`advanced \- encryption \- view certificates \- your certs window.`
			`Then connect to the server control port (https://localhost:953) and`
			`create a security override to accept the self-signed certificate from`
			`the unbound server.`
			`.SH "FILES"`
			`.TP`
			`.I @ub_conf_file@`
			`unbound configuration file.`
			`.TP`
			`.I @UNBOUND_RUN_DIR@`
			`directory with private keys (unbound_server.key and unbound_control.key),`
			`self-signed certificates (unbound_server.pem and unbound_control.pem) and`
			`unbound_control_browser.pfx file.`
			`.SH "SEE ALSO"`
			`\fIunbound.conf\fR(5),`
			`\fIunbound\fR(8).`