Table of Contents

Nrcmd Commands

Admin

Admin Command Examples
Admin Properties

Client

Client Command Examples
Client Properties
Action Strings
Authenticate-Until
Host Name Strings

Client-Class

Client-Class Creation and Deletion
Client-Class Properties
Client and Client-Class Hierarchy

DHCP

Import Mode
DHCP Command Examples
DHCP Properties
Log Settings
Troubleshooting MAC Addresses
DHCP Extension Commands

Dhcp-Interface
DNS

Incremental Transfer
NOTIFY
DNS Properties
DNS Methods

Exit

Exit Command Example

Export

Export Leases
Export Zone
Export Zone Name
Export Hostfile

Extension

Extension Command Example
Extension Properties

Force-Lock

Force-Lock Command Example

Help

Help Command Examples

Import

Import Leases
Import Named.boot Files

Ldap

LDAP Command Examples
LDAP Features
LDAP Properties
LDAP Dictionaries

Lease

Lease Command Properties
Client Flags
States

License

Licence Command Example

Listaddr
Policy

Policy Command Example
Policy Features
Policy Properties
Policy Option Method Commands
Policy Lease Time Method Commands

Remote-Dns

Remote-dns Command Example

Remote-dns Features

Remote-dns Features Examples

Save

Validation

Scope

Scope Command Examples
Scope Features
Scope Properties
Scope Method Commands

Scope-selection-tag

Scope-Selection-Tag Examples
Number of Scope Selection Tags

Server

Server Commands
Server Features
Server Properties

Session

Session Command Example

Zone

Zone Command Examples
Zone Feature Commands
Zone Properties
Zone Resource Record Method Commands

Using Nrcmd Commands

The Network Registrar nrcmd program is a command-line based configuration tool. It allows you to set all Network Registrar configurable options as well as start and stop the servers.

Nrcmd Commands

This section contains the complete list of nrcmd commands. You can use them on the command line or insert them into scripts. The commands are grouped alphabetically.

Table 2-1 lists and describes the nrcmd commands.

Table 2-1: Nrcmd Commands

Command	Description
admin	Creates administrators and assigns them passwords
client	Creates clients and assigns them to client-classes
client-class	Creates client-classes
dhcp	Specifies the DHCP server's properties
dhcp-interface	Specifies the IP address the DHCP server's hardware card
dns	Specifies the DNS server's properties
exit	Quits the nrcmd program
export	Writes the state of the lease or a zone to a file
extension	Integrates user-written DHCP extensions into the Network Registrar DHCP server
force-lock	Obtains an exclusive lock for the nrcmd program session
help	Provides online help
import	Loads configuration information from a file
ldap	Specifies the LDAP remote server's properties
lease	Specifies DHCP leases' properties
license	Views and updates license information
listaddr	Reports IP address utilization
policy	Specifies the policy information
remote-dns	Specifies information about remote DNS servers
save	Saves the current configuration changes
scope	Specifies the scopes' properties
scope-selection-tag	Creates scope selection tags
server	Affects server behavior
session	Configures session parameters
zone	Specifies the DNS zones' properties

Admin

Use the admin command to configure administrators for the cluster. You can choose any string for the name. Network Registrar uses the password to authenticate the name. If you create an administrator without a password, Network Registrar cannot authenticate the name, and will deny that user access to the cluster.

admin name create [prop=value]
admin name delete 
admin list 

Admin Command Examples

To create the administrator bob with the password xyz, type:

nrcmd> admin bob create password=xyz
 

To delete the administrator bob, type:

nrcmd> admin bob delete

Admin Properties

You can use the set, get, and show commands to assign and retrieve values from the admin properties.

The syntax is:

admin name set prop=value 
admin name get prop
admin name show 
admin name enterPassword password
 

If you want to enter a password and not have Network Registrar display the password on your screen, create an administrator and do not supply a password. Then use the enterPassword command to enter a password and prevent Network Registrar from echoing it on the screen. Network Registrar prompts you to verify the password before it accepts it.

Table 2-2 lists and describes the admin property.

Table 2-2: Admin Property

Property	Description
password	The administrator's password

Client

The client and client-class commands allow you to create and manipulate clients and groups of clients for the purpose of determining what type of IP address or policy to assign to requesting hosts.

Using the client command you can assign properties to a specific client entry, based on the client's MAC address or the literal string default, which matches any client that does not have a specific client configuration. The properties you can assign include such things as a class of client, a policy, an action, and the inclusion or exclusion of scope selection tags. The DHCP server looks up these properties to determine how it should process the host's request for an IP address.

A sample Ethernet MAC address might be 1,6,00:a0:24:2e:9c:20.

client name create [prop=value]
client name delete 
client list

Client Command Examples

To create a client that is a member of the external client-class, type:

nrcmd> client 1,6,02:02:02:02:02:02 create client-class-name=external
 

To delete client 1,6,02:02:02:02:02:02:, type:

nrcmd> client 1,6,02:02:02:02:02:02 delete
 

To list all the client-classes, type:

nrcmd> client list

Client Properties

The property list contains the name and values in the following format: property=value{,value}.

For the host-name and domain-name strings to have any effect, you must have enabled dynamic DNS update in the scope from which the IP address was allocated.

You use the set and get commands to set and display their values.

The syntax is:

client macaddress set property=val
client macaddress get property
client macaddress show 
 

Table 2-3 lists and describes the client command properties.

Table 2-3: Client Command Properties

Property	Description
action	The action to take for this client. You can specify either exclude or one-shot. For more information about these two actions, see the "Action Strings" section later in this chapter.
authenticate-until	(Client-only) Specifies whether to limit the authentication time to the duration you have specified. For more information about how to specify the time, see the "Authenticate-Until" section later in this chapter.
client-class-name	(Client-only) The client-class to which the client belongs. The client-class-name property may only appear in the client entry. It is an error to specify a client-class name property in a client-class object. If the client is not a member of a client-class, then the DHCP server uses the default client-class properties.
domain-name	The domain name to use when performing DNS updates. Places the client's A record in this DNS domain.
host-name	The host name. Use this string to replace any host-name DHCP option sent by the DHCP client. For more information about host names, see the "Host Name Strings" section later in this chapter.
policy-name	The policy to add to the Network Registrar DHCP policy search list for this client.
selection-criteria	The scope selection tags to build the scope inclusion list.
selection-criteria excluded	The scope selection tags to build the scope exclusion list.
unauthenticated -client-class-name	The name of the client-class to use if this client is no longer authenticated.
user-defined	A user-defined string that can be set and queried. This property has no effect on the operation of the DHCP server.

Action Strings

The action string is made up of one or more comma-delimited tokens. Valid tokens are the following:

• Exclude---Causes the server to ignore all communication from this client. If you specify the exclude action in the default client entry, then any client not specifically registered through the use of the client command will not be allowed to communicate with the server.

• One-shot---Causes the server to fail to renew or re-offer any lease made to a client that has specified this action string (either directly or in a client-class entry).

One-Shot Action

Authenticate-Until

The authenticate-until property provides a method for limiting the authentication of a client entry. By default, client entries are authenticated forever, but by using the authenticate-until property it is possible to specify an expiration time for the authentication.

When the authentication for a client entry is no longer authenticated, the DHCP server uses the value of the unauthenticated-client-class property for the name of the client-class entry to use in answering this DHCP request. If the unauthenticated-client-class property is not set or if there is no client-class entry in the unauthenticated-client-class property, the DHCP server ignores the DHCP request; that is, the server will not provide the client an IP address.

Host Name Strings

The value you specify in the host-name property can be one of two general forms.

The first form is a string that does not start with a @. This form of host-name value is used to override the DHCP client-request host name. When you enter a valid name, you cause the DHCP server to ignore any host name specified by this client, and instead use this client-entry property. The actual value of the host-name option in the client's DHCP packet is ignored.

• Hostname---Causes the server to use this host name to override the DHCP client request host name. This name can be any valid DNS name. You cannot use underscores.

• @host-name-option---Causes the server to use whatever host-name option the client sent. This is the default behavior if there is no entry for host-name in either the client or client-class.

• @no-host-name-option---Causes the server to drop the host-name option that the client sent, and not replace it. If you have disabled DNS name synthesis, then the client will have no name placed into DNS.

• @use-macaddress---Causes the server to synthesize a host name for the client that is derived from its MAC address, and is unique. This token is used to ensure that a client has a valid, unique, and predictable name in DNS.

Client-Class

The client-class command allows you to apply a set of properties to a group or class of clients.

Client-Class Creation and Deletion

The syntax is:

client-class name create [prop=val]
client-class name delete 
client-class list 
 

Client-Class Creation and Deletion Examples

To create the client-class internal, type:

nrcmd> client-class internal create
 

To delete the client-class internal, type:

nrcmd> client-class internal delete
 

To list the all the client-classes that use the policy short-lease-time, type:

nrcmd> client-class list policy=short-lease-time

Client-Class Properties

The client-class command allows you to configure and display common properties for DHCP client configurations using the set, get, and show commands.

client-class name set prop=val
client-class name get prop
client-class name show 
 

See Table 2-3 for descriptions of the properties.

Client and Client-Class Hierarchy

The server processes client and client-class property values as follows:

• Network Registrar looks for the scope selection tag in the client-entry. If the tag appears in the client-entry, then Network Registrar uses it. If the tag is blank, then Network Registrar looks for the tag in the client-class. If the tag is specified as none in the client, Network Registrar does not look in the client-class.

• The policy property is processed a bit differently. If you specify a policy in the client, it is placed first on the search list of policies. A policy specified in the client-class is placed next. The policy specified in the scope is placed next, and the system-default policy is placed last. When looking for information from a policy (frequently a DHCP option) to return to a DHCP client, the policies in the list are searched in order. Network Registrar uses the first information it finds.

DHCP

The dhcp command allows you to configure the DHCP server in the cluster. In Network Registrar Software Release 2.0 there is only one DHCP server per cluster, so you do not need to reference the server by name.

dhcp disable feature
dhcp enable feature
dhcp get feature
 

Table 2-4 lists and describes the DHCP features.

Table 2-4: DHCP Features

Feature	Description
client-class	Controls whether or not the DHCP server uses the client and client-class configuration objects to affect request processing. Default disabled.
discover-interfaces	Causes the DHCP server to find all the interface cards on the host and process DHCP requests that it receives from any of them. It will, however, only offer addresses to requests from subnets in which you have defined a valid scope with available addresses. If you do not enable this feature, the DHCP server uses only its list of configured interfaces. Default enabled.
drop-packet-on-script- failure	Causes the server to drop a packet (if possible) when it encounters a script failure. Default enabled.
import-mode	Causes the DHCP server to recognize only packets generated from the nrcmd program's import leases command and ignore all others. You can use this property if you want to update your DHCP server and prevent clients from receiving addresses during this period. Default disabled. For more about import mode, see following section, "Import Mode."
mac-address-only	Causes the DHCP server to use the client's MAC address as the only client identifier. The standard behavior, as specified in RFC 2132, is to use the client ID option (if it is present) as the unique client identifier. If you specify the mac-address-only argument, the DHCP server ignores the client's ID and uses its MAC address instead. You can use this argument to have a single, consistent way of identifying all clients that use your DHCP server. Default disabled.

Import Mode

You can put the DHCP server into import mode by enabling the import-mode feature and then restarting the server. You take the server out of import mode by disabling the feature and restarting the server. You can use import mode to exclude all DHCP lease requests except for the specially tagged ones that come from nrcmd during lease import. See the "Import" section later in this chapter.

DHCP Command Examples

To enable the client-class facility for this DHCP server, type:

nrcmd> dhcp enable client-class
 

To disable import mode, type:

nrcmd> dhcp disable import-mode
 

To display whether discover-interface is enabled or disabled, type:

nrcmd> dhcp get discover-interfaces

DHCP Properties

You can use the set, get, unset, and show commands to assign and retrieve values from the DHCP's name-value properties.

The syntax is:

dhcp get prop=val
dhcp set prop=val
dhcp unset prop
dhcp show
 

Table 2-5 lists and describes the DHCP properties.

Table 2-5: DHCP Properties

Property	Description
dns-timeout	Controls the number of milliseconds the DHCP server will wait for a response before retrying a dynamic DNS request.
extension-trace-level	Is the default value of the extension trace level for every request object. You can override this value by setting the extension-trace-level in a user-written extension. Setting the level to zero causes very little tracing. Setting the level to three causes considerable tracing. For more information about DHCP extension creation, see the "Extension" section later in this chapter.
hardware-unicast	Controls whether the DHCP server sends unicast instead of broadcast responses when a client indicates that it can accept a unicast. This feature may not be available on all platforms.
log-settings	Controls whether the DHCP server logs additional detail about the events listed in the log-settings. This can be helpful when you are analyzing a problem, but leaving it enabled for a long period can cause the log files to fill up. For more information about the different log settings, see the "Log Settings" section later in this chapter.
max-dhcp-requests	Controls the size of buffers DHCP allocates for responding to DHCP clients. At least 100 buffers of each type should be allocated, and perhaps as many as several thousand would be reasonable in some installations.
max-dhcp-responses	Controls the size of buffers DHCP allocates for receiving packets from DHCP clients. At least 100 buffers of each type should be allocated, and perhaps as many as several thousand would be reasonable in some installations.
max-dns-packets	Controls the size of buffers DHCP allocates for communication with DNS servers. You can reduce the DHCP server's memory requirement by reducing the number of DNS packets, at the risk of missing updates.
max-dns-renaming-retries	Controls the number of times the DHCP server can try to add a host into DNS even if it detects that the host's name is already present in DNS. This field controls the number of times the DHCP server will attempt to modify a host's name in order to resolve a conflict.
max-dns-retries	Controls the number of times the DHCP server attempts to send dynamic DNS updates to a DNS server.
max-dns-ttl	Sets the time to live (TTL) ceiling, in seconds, for DNS records added through dynamic DNS. When the DHCP server adds a DNS record, it sets the TTL to less than one-third of the lease time, or this ceiling value. The DNS record's effective TTL may be determined by the DNS zone's minimum TTL.
one-lease-per-client	Causes the DHCP server to release any other leases the client may have had on this server. Because the default behavior for the Network Registrar DHCP server is to store all the leases a client obtains, this command ensures that only one lease is stored. A client might obtain a number of leases if a user with a laptop traveled throughout the building and requested leases at different locations on the network.
ping-queue-timeout- factor	(Windows NT 3.51 only) In each scope there is a ping timeout number, which is the number of milliseconds that the ping subsystem waits for the ping to respond. The ping queue timeout factor value is the multiple that it waits. The default is 75 seconds.
Scope-selection-tags	Lists scope selection tags associated with this scope. In this context the term tags refers to a named entity that is used to control matching client and client-class entries with candidate scopes.
update-dns-for-bootp	If the server is replying to a BOOTP request, and is offering a lease from a scope that is configured for DNS updates, the DHCP server checks this property before beginning the update. You can use this feature to prevent DNS updates for BOOTP clients, while allowing updates for DHCP clients.
use-ldap-client-data	Controls whether the DHCP server attempts to read client-entry data through LDAP, that is, using the configuration supplied by the ldap command. For more information about the ldap command, see the "Ldap" section later in this chapter.

nrcmd> dhcp set scope-selection tags=internal
 

nrcmd> dhcp get hardware-unicast
 

nrcmd> dhcp unset one-lease-per-client
 

Log Settings

You can set the following flags:

• Default---The default provides a low level of logging in several parts of the DHCP server. If you unconfigure the default, even this logging will not appear.

• Missing-options---This setting (on by default) causes Network Registrar to log a message whenever an option requested by a DHCP client has not been configured in a policy and therefore cannot be supplied by the DHCP server.

• Incoming-packets---This setting (on by default) causes Network Registrar to log a single line message for every incoming packet. This setting is especially useful when you are initially configuring a DHCP server or a BOOTP relay because an immediate positive indication occurs that the DHCP server is receiving packets.

• Incoming-packet-detail---This setting causes Network Registrar to display the contents of every DHCP packet received by the DHCP server. This setting enables the built-in DHCP packet sniffer for input packets. The log files will fill up (and turn over) very rapidly when you have enabled this setting. This setting also causes a significant performance impact on the DHCP server, and you should not continually leave it enabled.

• Outgoing-packet-detail---This setting causes Network Registrar to display the contents of every DHCP packet transmitted by the DHCP server in a human readable way. This setting enables the built-in DHCP packet sniffer for output packets. The log files will fill up (and turn over) very rapidly when this setting is enabled. This setting also causes a significant performance impact on the DHCP server, and you should not leave it enabled.

• Client-detail---This setting causes Network Registrar to log a single line at the conclusion of every client-class client lookup operation. This line shows all the data found for the client as well as the data that was found in the client's client-class. This setting is useful when setting up a client-class configuration, and for debugging problems in client-class processing.

• Client-criteria-processing---This setting causes Network Registrar to a log message whenever it examines a scope to find an available lease or whenever it examines a scope to determine if a lease is still acceptable for a client who already has one. This setting can be very useful when configuring or debugging client-class scope criteria processing. It causes a moderate amount of information to be logged, and you should not continually leave it enabled.

• Unknown-criteria---This setting causes Network Registrar to display a single-line log message whenever the DHCP server finds a client entry that specifies a selection-criteria or selection-criteria-excluded that is not found in any scope appropriate for that client's current network location.

To suppress warning messages for unconfigured or missing options, type:

nrcmd> dhcp set log-settings=default,incoming-packet
 

nrcmd> dhcp set log-settings=client
nrcmd> dhcp reload
 

nrcmd> dhcp set log-settings=default
nrcmd> dhcp reload
 

Troubleshooting MAC Addresses

As an additional aid to troubleshooting your configuration you can use the example extension, dextrace, distributed on the Cisco Network Registrar 2.0 CD. It looks for a particular MAC address in every input packet. When it finds that MAC address, it enables packet sniffing for just that input and any corresponding output packet. You can configure this extension using the CLI, and the configuration commands are in the example source file for dexextension.c. This extension places only a very small load on the server, and is suitable for long-term use when trying to diagnose some DHCP problem in which a troublesome MAC address is known, but it is not possible (or perhaps not convenient) to manually stimulate that DHCP client directly in order to find the problem.

DHCP Extension Commands

You can use the method commands attachExtension, detachExtension, and listExtensions to configure the extensions points in the server. You can name each extension point and associate one extension with it. For more information about extensions, see the "Extension" section later in this chapter.

• AttachExtension sets the specified extension point to call the named extension. If the extension point is already configured to call an extension, Network Registrar overwrites it with the new value.

• DetachExtension removes any extension configuration from the specified extension point.

• ListExtensions shows the current configurations for each extension point.

The syntax is:

dhcp attachExtension extension-point extension-name
dhcp detachExtension extension-point
dhcp listExtensions
 

DHCP Extension Commands Examples

To add the test extension at the extension point post-packet-decode, type:

nrcmd> dhcp attachExtension post-packet-decode test
 

To remove the extension test from the extension point post-packet-decode, type:

nrcmd> dhcp detachExtension post-packet-decode
 

To list all the extensions points and any extensions associated with them, type:

nrcmd> dhcp listExtensions

Dhcp-Interface

The dhcp-interface command allows you to add, remove, and list the IP addresses of your server's hardware card (such as Ethernet or token ring), also called the Interface card. Interfaces are named with the IP address and net mask for the physical device.

Network Registrar uses the distinguished interface named default to provide configurable default values for interfaces that the DHCP server discovers automatically. If you delete the default interface, the DHCP server uses hard-coded default values for port numbers and socket buffer sizes for the interfaces that it auto-discovers.

dhcp-interface name create addr [mask]
dhcp-interface name delete
dhcp-interface list
dhcp-interface name show
dhcp-interface get prop
dhcp-interface set prop=val [prop=val...]
dhcp-interface unset prop
 

Table 2-6 lists and describes the DHCP interface properties.

Table 2-6: DHCP Interface Properties

Property	Description
addr	The IP address of the interface.
ignore	Indicates that the server should ignore this interface, which might be the case if you had several interfaces. You can use this property to temporarily disable a specific interface in a list of interfaces.
mask	The subnet number.

nrcmd> dhcp-interface net1 create 192.168.1.12 255.255.255.0
nrcmd> dhcp-interface net2 create 10.1.2.3 255.255.255.0
 

nrcmd> dhcp-interface net1 set ignore=true
 

nrcmd> dhcp-interface net1 delete
 

nrcmd> dhcp-interface list

DNS

The dns command allows you to enable or disable DNS server features. In Network Registrar Software 2.0 there is only one DNS server per cluster, so you do not need to reference the server by name.

dns disable feature
dns enable feature
dns get feature
 

Table 2-7 lists and describes the DNS features.

Table 2-7: DNS Features

Feature	Description
ixfr-enable	Required, default enabled. Controls the incremental transfer behavior for zones for which you have not configured a specific behavior. For more information about incremental transfer, see the following section, "Incremental Transfer."
lame-deleg-notify	Required, default disabled. Controls whether you want Network Registrar to notice and log when a DNS server listed in a parent-zone's delegation of subzones does not know that it is authoritative for the zone.
no-fetch-glue	Required, default disabled. Controls whether you want the DNS server, when composing a response to a query, to fetch missing glue records. Glue records are DNS A records that specify the address of a domain's authoritative name server. Normal DNS responses include NS records and their A records related to the name being queried.
no-recurse	Required, default disabled. Controls whether you want to disable forwarding client queries to other name servers when your DNS server is not authoritative for data being queried. If you disable recursive queries, you make your name server a noncaching server.
notify	Required, default enabled. Controls NOTIFY sending notification for zones for which you have not configured a specific behavior. For more information about NOTIFY, see the "NOTIFY" section later in this chapter.
round-robin	Required, default enabled. Controls whether you want round-robin cycling of equivalent records in responses to queries. Equivalent records are records of the same name and type. Because clients often only look at the first record of a set, enabling this feature can help balance loads and keep clients from forever trying to talk to an out-of-service host.
slave-mode	Required, default disabled. Controls whether you want this server to be a slave server, which is a server that relies entirely on forwarders for data that is not in its cache. This command has no effect unless you also specify the corresponding forwarders. You can override slave-mode for specific domains with the DNS exception method. For more information about the exception method, see the "DNS Methods" section later in this chapter.
update-relax- zone-name	Required, default disabled. Enables relaxation of the RFC 2136 restriction on the zone name record in dynamic updates. This feature allows updates to specify a zone name, which is any name within an authoritative zone, instead of the exact name of the zone.

Incremental Transfer

The incremental transfer feature (ixfr-enable) allows you to control how your DNS server handles incremental transfer. If you enable incremental transfer, you must set or accept the default value of the ixfr-expire-interval property.

Table 2-8 lists and describes the incremental transfer properties.

Table 2-8: Incremental Transfer Property

Property	Description
iixfr-expire-interval	Required, default 604800 seconds (7 days). Indicates the longest interval to allow a secondary zone to be maintained solely with incremental transfers. After this period, the server requests a full zone transfer. Validation: 0 <= x <= 2147483647

nrcmd> dns enable ixfr-enable
 

nrcmd> zone example.com disable ixfr
 

nrcmd> remote-dns create 128.103.1.1 set ixfr=false
 

For more information about setting incremental transfer on specific zones or remote DNS servers, see the "Zone" or "Remote-Dns" section later in this chapter.

NOTIFY

NOTIFY enables a Network Registrar DNS master server to inform its slaves that changes have been made to its zone. The changes are not communicated in the NOTIFY packet, instead the slaves initiate a zone transfer in response.

If you enable NOTIFY, you must set or accept the defaults for the properties listed in Table 2-9.

Table 2-9: NOTIFY Properties

Property	Description
notify-defer-cnt	Required, default 100. The maximum number of changes you want to accumulate during the notify-wait period. If this number is exceeded, Network Registrar sends notification before the notify-wait period has passed.
notify-min-interval	Required, default 2 seconds. The minimum interval required before sending notification of consecutive changes on the same zone to a particular server. Validation: 0 <= x <= 2147483647
notify-rcv-interval	Required, default 5 seconds. For secondary zones, the minimum amount of time between the completion of processing of one notification (serial number testing and/or zone transfer), and the start of processing of another notification. Validation: 0 <= x <= 2147483647
notify-send-stagger	Required, default 1 second. The interval to stagger notification of multiple servers of a particular change. Validation: 0 <= x <= 2147483647
notify-wait	Required, default 5 seconds. The period of time to delay, after an initial zone change, before sending change notification to other name servers. This property allows you to accumulate multiple changes, and limit the number of times the serial number advances. Validation: 0 <= x <= 2147483647

nrcmd> dns disable notify
 

nrcmd> zone example.com set refresh=30m
nrcmd> zone example.com disable notify
 

For more information about setting zone properties, see the "Zone" section later in this chapter.

DNS Properties

You can use the set, get, and unset commands to assign and retrieve values from the DNS server's name-value properties.

The syntax is:

dns get prop
dns set prop=val [prop=val...]
dns unset prop
dns show
 

Table 2-10 lists and describes the DNS properties.

Table 2-10: DNS Properties

Property	Description
local-port-num	Required, default 53. Specifies the UDP and TCP port number on which the DNS server listens for queries. Validation: [1, 65535]
max-cache-ttl	Required, default 7 days. Indicates the maximum amount of time that you want Network Registrar to retain cached information. Validation: 0 <= x <= 2147483647
mem-cache-size	Required, default 200 KB. Indicates the size of the in-memory record cache, in kilobytes. Validation: 0 <= x <= 2147483647
neg-cache-ttl	Required, default 10 minutes. Indicates how long information learned from other name servers about nonexistent names or data should be cached. Validation: 0 <= x <= 2147483647
remote-port-num	Required. Specifies the UDP and TCP port to which the DNS server sends queries to other servers. Validation: [1, 65535]

DNS Methods

The dns method commands allow you to add, list, or remove specific servers for dealing with root-hint servers, exception servers, and forwarding servers, and for flushing
the cache.

Root Hint Method

The root hint method allows you to specify the names and addresses of the root servers. After you specify these servers, Network Registrar queries them for their root-name server records, which in turn are used to resolve other names. These values do not need to be exact, but they need to be accurate enough for the Network Registrar DNS server to be able to retrieve the correct information.

The syntax is:

dns addRootHint name addr [addr...]
dns removeRootHint name
dns listRootHints
 

DNS Methods Examples

nrcmd> DNS addRootHint a.root-servers.net 198.41.0.4
 

nrcmd> DNS removeRootHint a.root-servers.net
 

nrcmd> DNS listRootHints 
 

Exception Method

dns addException name addr [addr...]
dns removeException name
dns listExceptions
 

Exception Method Examples

nrcmd> DNS addException blue.com. 192.168.1.4
 

nrcmd> DNS removeException blue.com.
 

nrcmd> DNS listExceptions 
 

dns addForwarder addr [addr...]
dns removeForwarder addr
dns listForwarders
 

Forwarder Method Examples

nrcmd> DNS addForwarder 192.168.1.4
 

nrcmd> DNS removeForwarder 192.168.1.4
 

nrcmd> DNS listForwarders 
 

You can use the dns flushCache command to stop the disk cache file from growing, but the actual behavior depends on whether your DNS server is running or stopped.

dns flushCache

Exit

The exit command allows you to exit the current nrcmd program session. Network Registrar writes all your unsaved changes to the database. If Network Registrar is unable to save your changes, it displays the same error code as if you had used the save command.

The syntax is:

exit

Exit Command Example

To quit the Network Registrar command line interface when you are in interactive mode, type exit. For example, to quit, type:

nrcmd> exit

Export

The export command allows you to write the state of all the current leases or the contents of a DNS zone on a specific cluster to a file.

The syntax is:

export leases [file]
export zone zone name[{static | dynamic | both} [file]]
export zonenames [{forward | reverse | both} [file]]
export hostfile [file]

Export Leases

The export command, with the argument leases, writes the state of all the current leases to the output file. For a description of the file format, see the "Dump and Load File Formats" section in the "Codes and Formats" appendix.

For best results you should run the export command when the DHCP server is stopped. Although you can run the export command while the DHCP server is running without any negative effect on the server, if you do you might get some inconsistencies.

The syntax is:

export leases output-file 
 

The output-file is the name of output file or "-" for standard out.

nrcmd> export leases leaseOut 
 

Export Zone

The export command with the argument zone writes the specified DNS zone into a file in the BIND format.

export zone domain-name output-file arguments
 

• Domain-name is the name of the domain whose data you want to write to a file.

• Output-file is the name of the file to create for the DNS zone data.

• Argument can be either static or dynamic.

nrcmd> export zone Example.com hosts.local static

Export Zone Name

The export command with the argument zonenames exports the names of the zones in the server. You can specify forward, reverse, or both to cause the command to export the forward zones, reverse zones, or all the zones, respectively.

export zonenames {forward | reverse | both} output-file

Export Hostfile

The export command with the argument hostfile creates a hostfile, in UNIX hostfile format, from all the zones in the server. It ignores reverse zones. It creates hostfile records from A records, CNAME records, and HINFO records. The hostfile record consists of the IP Address, the FQDN, aliases created from the A records and CNAME records, and comments created from HINFO records.

export hostfile output-file

Extension

The extension command allows you to configure and integrate user-written DHCP extensions into the DHCP server.

Step 3 Attach the configured extension to one or more DHCP extension points using the dhcp attachExtension command.

For more information about the command, see the "DHCP Extension Commands" section earlier in this chapter. For more information about choosing extensions points and writing extensions, see the "Using Extension Points" chapter.

Step 4 Reload the server.

The syntax is:

extension name create lang file entry [prop=val...]
extension name delete 
extension list

Extension Command Example

To configure a Tcl extension, type:

nrcmd> extension mytclext create mytclfile.tcl mytclentry
 

The following is a sample:

proc mytclentry{request response environ}{
	$environ log LOG_INFO "helloworld"
{

Extension Properties

You can use the set, get, and unset commands to assign and retrieve values from the extension's properties.

The syntax is:

extension name get prop
extension name set prop=val
extension name unset prop 
extension name show
 

Table 2-11 lists and describes the extension properties.

Table 2-11: Extension Properties

Property	Description
entry	Required (set by create), default <none>. The name of the entry point for the module. This function is called from any extension point to which this module is bound. The arguments for this function are server-implementation specific.
file	Required (set by create), default <none>. This filename is relative to the directory extensions in the installation. It cannot be a absolute pathname, nor can it contain any sequence of two dots (..).
init-args	Optional, default <none>. The arguments that should be passed to the init-entry point function. For more information about how the DHCP server parses this information, see the "Init-Entry Entry Point" section in the "Using Extension Points" chapter.
init-entry	Optional, default <none>. The name of the init-entry point. If you set it, Network Registrar calls this function when the server loads the module and when the server shuts down. For more information about this entry point, see the "Init-Entry Entry Point" section in the "Using Extension Points" chapter.
lang	Required (set by create), default <none>. The language in which the extension or module is implemented. Tcl indicates that the module is a Tcl extension (tcl7.5). Dex indicates that the module is a shared object with C calling interfaces.
name	Required (set by create), default <none>. The name of the extension or module. Network Registrar uses this name to assign extensions or modules to extension points. Changing this property renames the extension.

Force-Lock

The nrcmd program uses the same locking mechanism as Network Registrar. When you execute a command, the program attempts to get an exclusive lock for the cluster to which it is connected. If the program is unable to get an exclusive lock, it displays a warning. You can only issue the following commands: client, lease, zone add, help, and force-lock.

The force-lock command obtains an exclusive lock. Use this command with caution, because running more than one program that updates the Network Registrar database can cause database corruption.

Force-Lock Command Example

To force an exclusive lock, type:

nrcmd> force-lock

Help

You can use the help command to display the nrcmd program's online help.

• If you type the help command without any arguments, Network Registrar displays a list of all the commands.

• If you specify the help command with an argument, Network Registrar displays the man page for the command of that name.

help 
help cmd [section...]

Help Command Examples

To print the list of commands, type:

-> help 
100 Ok
 

To print the contents of the help man page, type:

-> help help
100 Ok
 

To print the contents of the help command's synopsis, type:

-> help help synopsis
    100 Ok
    SYNOPSIS
    help 
    help cmd [section...]

Import

The import command allows you to import lease information into the DHCP server configuration or import the contents of a BIND named.boot file into the DNS server configuration.

Import Leases

Before you can import leases, you must perform several configuration steps:

Step 1 Configure scopes in the DHCP server for the leases that you plan to import.

For more information, see the "Scope" section later in this chapter.

Step 2 If the host names for the leases are to be dynamically entered into DNS as part of the import, configure zones in the DNS server to allow dynamic updates.

For more information, see the "Zone" section later in this chapter.

Step 3 Set the DHCP server to import mode so that it will not respond to other lease requests during the lease importing.

For more information, see the "DHCP" section earlier in this chapter.

After you have imported the leases, take the DHCP server out of import mode so that it can respond to other lease requests.

The syntax is:

import leases file

Example

nrcmd> import leases LeaseIn
 

Import Named.boot Files

BIND uses a boot file, called named.boot, to point the server to it database files. You can import your entire BIND configuration by using the import command.

The syntax is:

import named.boot file 

Import Named.boot Files Example

nrcmd> import named.boot /etc/named.boot
 

nrcmd> import named.boot c:/etc/named.boot
 

Table 2-12 lists and describes all the boot file directives that are supported by the BIND 4.9.6 distribution and the corresponding nrcmd syntax that is generated. Directives that Network Registrar does not support are marked with the word unsupported, and the directives that require no action from Network Registrar are marked with the word none.

Table 2-12: BIND to Nrcmd

BIND	Nrcmd
directory new-directory	None---Supported within the named.boot file parser
include file	None---Supported within the named.boot file parser
primary domain-name-of-zone file	zone create domain-name-of-zone primary file=file
secondary domain-name-of-zone ip-addr-list [backup-file]	zone create domain-name-of-zone secondary ip-addr [,ip-addr...]
forwarders ip-addr-list	dns addForwarder ip-addr [,ip-addr...]
slave	dns enable slave-mode
tcplist ip-addr-or-network-list	zone domain-name-of-zone enable restrict-xfer zone domain-name-of-zone set restricted-set= ip-addr [,ip-addr...]
xfernets ip-addr-or-network-list	zone domain-name-of-zone enable restrict-xfer zone domain-name-of-zone set restricted-set=ip-addr[,ip-addr...]
max-fetch number	dns set xfer-client-concurrent-limit=number
domain local-domain-name	Unsupported
cache domain-name file	Unsupported
sortlist network-list	Unsupported
stub domain ip-addr-list [backup-file]	Unsupported
Bogusns ip-addr-list	Unsupported
check-names primary/secondary/response fail/warn/ignore	Unsupported
options forward-only	Dns enable slave-mode
options no-recursion	Dns enable no-recurse
options no-fetch-glue	Dns enable no-fetch-glue
options fake-iquery	None---Network Registrar only supports fake iquery
options query-log	Unsupported
limit transfers-in number	dns set xfer-client-concurrent-limit=number
limit transfers-per-ns number	Unsupported
limit datasize number	Unsupported
limit files number	Unsupported

Ldap

The ldap command allows you to associate remote LDAP servers with Network Registrar and set their attributes.

ldap name create hostname [prop=val]
ldap name delete
ldap list 

LDAP Command Examples

To create an LDAP server object myserver with a host name of myserver.american.com, type:

nrcmd> ldap myserver create myserver.american.com
 

To delete an ldap server object myserver, type:

nrcmd> ldap myserver delete
 

To list the ldap server objects, type:

nrcmd> ldap list

LDAP Features

Use the enable, disable, or test commands to enable, disable, or determine whether the feature has been set. After you enable a feature, you can set its properties.

The syntax is:

ldap name disable feature
ldap name enable feature
ldap name test feature
 

Table 2-13 lists and describes the LDAP features.
Table 2-13: LDAP Features

Feature	Description
limit-requests	Optional, default false. Enables you to limit the number of outstanding queries to the LDAP server. If you enable this feature you can set the maxprequest property.
can-query	Optional, default false. Enables you to refine queries to the LDAP server.
can-update	Optional, default false. Enables you to specify the types of updates to the LDAP server.

LDAP Properties

You can use the set, get, and unset commands to assign and retrieve values from the LDAP server's properties.

The syntax is:

ldap name get prop
ldap name set [prop=val]
ldap name unset property
 

Table 2-14 lists and describes the LDAP properties.

Table 2-14: LDAP Properties

Property	Description
connections	The number of connections that the server should make to a particular LDAP server. This is primarily a performance-tuning parameter. In some cases, more than one connection can improve overall throughput.
dn-attribute	If the dn (distinguished name) of the LDAP object to update can be constructed from one of the lease attributes, the specified dn-attribute is formatted using the dn-format string to construct the object filter that specifies the LDAP server to be modified.
dn-format	Formats the dn-attribute. A %s is required and is replaced with the value of the dn-attribute.
flags	There is a setting called "keep all state" that is controlled by the flags attribute. If the DHCP server is writing lease state into LDAP and this is set, the server will not remove lease data when a lease expires (or is released).
hostname	The host name of the server to connect to. Network Registrar needs the host name for LDAP servers.
max-referrals	The limit on the number of LDAP referrals Network Registrar will follow when querying. A value of zero means "don't follow referrals."
maxrequests	Limits any single LDAP connection to this number of outstanding queries. You may choose to limit the number of outstanding queries to improve performance. The DHCP server uses this configuration information when preparing client-entry queries.
password	The password of a user with access to the parts of the directory that DHCP will use. (LDAP servers can be configured to allow anonymous access, so this is optional).
port	The port to connect to. (There is a default.)
preference	A positive integer. LDAP servers can be used in preference order: 1 is the highest preference value.
referral-attr	The name of the LDAP attribute that may indicate that an LDAP response is a referral. The referral may or may not contain the dn to query for. If the dn is present (the current server assumes this), it is used as the search path along with a wildcard search scope in the query that follows the referral. If not, the search path is built by formatting the data in the referral attribute with the referral filter, and the existing search scope is used.
referral-filter	If the referral attribute does not contain a dn, the referral-attribute's data is formatted with this filter expression to build a search path, and the existing search scope for the LDAP server is used.
search-filter	The filter to be applied in the query. A %s is required and is replaced by the value of the dn attribute.
search-path	The name of an object in the directory to use as a query's starting-point. The path and the scope together control the portion of the directory that are searched.
search-scope	The scope can be SUBTREE (all children of the search path will be searched), ONELEVEL (only one the immediate children of the base object will be searched), or BASE (only the base object will be searched).
update-search- attribute	If the LDAP object's dn cannot be determined directly, the DHCP server must issue a query to retrieve the dn. In that case, the DHCP server uses these parameters to extract the data from a lease attribute (specified by the search-attribute, and format it using the search-filter expression).
update-search-filter	Formats the update-search-attribute. A %s is required and is replaced with the value of the dn-attribute.
update-search-path	The search filter (built using either the dn attribute or the search attribute) is used along with the path and scope to specify the LDAP object that should be updated.
update-search-scope	The search scope is used to specify the LDAP object that should be updated.
username	The distinguished name of an object with access to the parts of the directory that DHCP will use. (Because you can configure LDAP servers to allow anonymous access, this property is optional.)

LDAP Dictionaries

You can use the setEntry, getEntry, and unsetEntry commands to set, query, and clear elements of the various dictionary properties in the LDAP server configuration. These dictionary properties provide a convenient mapping from strings keys to string values.

ldap name setEntry prop key=value
ldap name getEntry prop key=value
ldap name unsetEntry prop key
 

Table 2-15 lists and describes the LDAP dictionary properties.

Table 2-15: LDAP Dictionary Properties

Properties	Description
env-dictionary	Controls whether additional LDAP attributes are retrieved along with client-entry attributes. If any of these are present in a query's results, their values are made available to scripts through the request's environment dictionary. The LDAP value is keyed by the value in the LDAP query env-dictionary.
query-dictionary	Controls the mapping between the names of LDAP attributes and client-entry attributes. The server will attempt to retrieve all of the LDAP attributes specified in the dictionary. When a query succeeds, the values for any LDAP attributes that it returns are set in the corresponding client-entry attributes.
update-dictionary	The dictionary that maps LDAP attributes to DHCP lease attributes. When an LDAP object is modified, each LDAP attribute that is present in this dictionary is set to the value of its corresponding DHCP lease attribute.

nrcmd> ldap dirserver setEntry query-dictionary sn=host-name
 

nrcmd> ldap myserver setEntry query-dictionary givenname=client-class-name
 

nrcmd> ldap myserver setEntry query-dictionary localityname=domain-name

Lease

The lease command allows you to view and manipulate the current DHCP leases in the cluster.

lease list 
lease withMACaddr mac address
lease name show
lease name activate 
lease name deactivate
lease name force-available
lease name macaddr
 

Table 2-16 lists and describes the lease command actions.

Table 2-16: Lease Command Actions

Action	Description
activate	Removes the deactivate flag from the lease, but does not change the status of a lease marked as unavailable.
deactivate	Prevents the lease from being given out or renewed, but does not change the state of the lease.
force-available	Makes a currently held lease available, even a lease marked as unavailable. Because using the force-available action may compromise the integrity of your IP address allocations, make sure that before you use the command the client holding the lease has stopped using the lease.
macaddr	Displays the most recent MAC address associated with this lease. If no MAC address was ever associated with this lease (or if the lease has become unavailable), then Network Registrar displays the error message, "302 Not Found."
show	Displays the lease attributes for a specific address.

nrcmd> lease 192.168.1.9 activate 

Lease Command Properties

You can use get to display the values from the lease properties. These properties are read-only.

The syntax is:

lease name get prop
 

Table 2-17 lists and describes the lease command properties.

Table 2-17: Lease Command Properties

Properties	Description
address	The IP address of this lease.
client-dns-name	The DHCP server attempted (possibly successfully) to enter this name into the DNS server for this client. It is related to the client-host-name, but may not be identical due to name collisions in the DNS server database.
client-domain-name	The domain name specified (if any) into which to put the client's DNS name.
client-flags	A variety of flags relating to the client. For more information about these flags, see the following section, "Client Flags."
client-host-name	The DNS name that the client requested the DHCP server place into the DNS server.
client-id	The client-id specified by the client, or one synthesized by the DHCP server for this client (if client-id-created-from-mac-address is set in the client-flags).
client-last-transaction-time	The time at which the client most recently contacted the DHCP server.
client-mac-addr	The MAC address which the client presented to the DHCP server.
expiration	The time at which the lease will expire.
flags	Flags for the lease are either reserved or deactivated. The lease is reserved for some MAC address or the lease is deactivated, which means that it should not be used. Any clients that are using deactivated leases will be NAKed on their next renewal.
start-time-of-state	The time at which the state last changed to its current value. You can use this property to determine when the lease was made unavailable.
state	The current state of the lease.

Client Flags

You can use the following client flags:

• client-id-created-from-mac-address---The client-id was created for internal use from the client-supplied MAC address. If this is true, the server will not report it.

• client-dns-name-up-to-date---The client-dns-name (A record) is current in the DNS server database.

• reverse-dns-up-to-date---The reverse (PTR record) DNS entry is current in the DNS database.

• dns-update-pending---A DNS operation is pending for this client.

States

The lease can be in any of the following states:

• Available---The lease is not currently leased by any client. Any client information is from the most recent client-to-lease or be-offered this lease.

• Offered---The lease is offered to the associated client. In many cases, the database is not written with information concerning offering a lease to a client, because there is no requirement to update stable storage with this information.

• Leased---The lease is currently leased to the client whose information appears in the lease.

• Expired---The client has not renewed the lease, and it expired. Upon expiration the DHCP server scheduled removal of the client's DNS information.

• Unavailable---The lease is unavailable. It was made unavailable because of some conflict. A ping attempt might have shown that the IP address was already in use by another client, or the DHCP server might have noticed another DHCP server handing out this lease.

License

The license command allows you to specify the license key for a cluster, or to view the license key or the license's expiration date.

license set prop=val
license get prop
 

Table 2-18 lists and describes the license command properties.

Table 2-18: License Command Properties

Properties	Description
expiration	The expiration date of the license. The date is read-only.
key	The license key

Licence Command Example

To set the license, you must run nrcmd in interactive mode, then exit and rerun nrcmd. To set the license to key 1234 abcd 5678 efgh, type:

nrcmd -C cluster1 -N admin -P changeme
nrcmd> license set key=1234-abcd-5678-efgh
100 Ok
nrcmd> exit

Listaddr

The listaddr command provides the address utilization reporting functionality of the listaddr.bat command available in earlier versions of Network Registrar. Because the output from this command was designed for analysis tools such as spreadsheets, the formatting is not ideal for end users.

The output for the listaddr command is a series of eight-column, comma-separated rows. There is one row for each known address. (This means that the total output can be quite verbose.) A column may be empty if the usage of that column does not apply to the address. Table 2-19 lists and describes the meanings of the column.

Table 2-19: listaddr Output

Column	Description
1	IP address in unsigned hexadecimal format.
2	IP address in the canonical dotted format.
4	DNS name of host, for assigned addresses only.
5	State of the address. This field is blank for any address other than those assigned through DHCP leases. The values for such addresses are: Available, Unavailable, Leased, Expired, Deactivated.
3	Type of the address. These types are defined as follows: STATIC---Assigned to a host through DNS. DYNAMIC---Assigned to a host through a DHCP lease. UNALLOCATED---The address is in the range of a DHCP scope, but is not in use. RESERVED---The address is reserved for a host through DHCP.
6	Native host name, for addresses assigned through a DHCP lease. This is usually the Windows or UNIX name for the host.
7	MAC address, for addresses assigned through a DHCP lease.
8	Expiration time, for DHCP dynamic addresses

listaddr

nrcmd> listaddr 

Policy

The policy command allows you to configure DHCP policy configurations. A policy is a collection of DHCP option values that can be associated with a range of addresses in a scope, or with a specific client or client-class configuration.

policy name create [prop=val]
policy name delete 
policy list 

Policy Command Example

To create the policy CompanyB, type:

nrcmd> policy CompanyB create 

Policy Features

You can enable, disable, or determine whether the feature has been set. You use the enable, disable, or test commands.

The syntax is:

policy name enable feature
policy name delete feature
policy name test
 

Table 2-20 lists and describes the policy features.

Table 2-20: Policy Features

Property	Description
permanent-leases	Optional, default false. Specifies that leases for this scope should be permanently granted to requesting clients.
split-lease-times	Optional, default false. Controls whether the server uses the value of its lease time (server-lease-time) to determine the length of the lease. The DHCP server offers clients lease times that reflect the configured lease-time option from the appropriate policy.

Policy Properties

You can use the set and get commands to assign and retrieve values from the policy's properties.

The syntax is:

policy name get property
policy name set property=value
 

Table 2-21 lists and describes the policy properties.

Table 2-21: Policy Properties

Property	Description
allow-lease-time-override	Optional, default true. Clients may request a specific lease time. The server will not honor those requested lease times if this attribute is false. The server will not honor a client's lease time if the time is longer than the server's normal lease time.
bootp-reply-options	Optional, default <none>. A list of the names of options that should be returned in any replies to BOOTP clients. The options themselves do not have to have been configured in the same policy as the reply-options list; the server will search the hierarchy of policies for each option named in the list. For a description of the options and fields, see the "Configuring a BOOTP Packet" section in the "Configuring Network Registrar" chapter.
dhcp-reply-options	Optional, default <none>. A list of the names of options that should be returned in any replies to DHCP clients. The options themselves do not have to have been configured in the same policy as the reply-options list; the server will search the hierarchy of policies for each option named in the list.
grace-period	Optional, default 5 minutes. The length of time between the expiration of a lease and the time it is made available for reassignment.
offer-timeout	Optional, default 2 minutes. If the server offers a lease to a client, but the offer is not accepted, the server will wait the specified number of minutes before making the lease available again.
packet-file-name	Optional, default <none>. The name of a boot file to be used in a client's boot process. The server returns this filename in the file field of its replies. The packet-file-name cannot be longer than 128 characters.
packet-server-name	Optional, default <none>. The host name of a server to use in a client's boot process. The server returns this filename in the 'sname' field of its replies. The packet-server-name field cannot be longer than 64 characters.
packet-siaddr	Optional, default <none>. The IP address of the next server in a client's boot process. For example, this might be the address of a TFTP server used by BOOTP clients. The server returns this address in the siaddr field of its reply.
server-lease-time	Optional, default <none>. The time that the server believes the lease is valid. It may be useful to have the server consider leases leased for a longer period than the client in order to get more frequent client communication along with the stability of long lease times.

nrcmd> policy 168.1-net grace-period 3d

Policy Option Method Commands

You can set individual option values with the setOption command, unset option values with the unsetOption command, and view option values with the getOption and listOptions commands. When you set an option value, the DNS server replaces any existing value or creates a new one, as needed, for the given option name.

The syntax is:

policy name listOptions
policy name setOption optname value
policy name getOption optname
policy name unsetOption optname
 

Table 2-22 lists and describes the policy options.

Table 2-22: Policy Options

Property	Description
listOptions	Lists the options in the named policy.
setOption	Sets the option name and value to the specified policy. The format is optname value. For example, dhcp-lease-time 3600.
getOption	Gets the value of the named option.
unsetOption	Removes the named option from the specified policy.

nrcmd> policy 168.1-net setOption dhcp-lease-time 608400
 

nrcmd> policy 168.1-net listOptions

Policy Lease Time Method Commands

You can use the setLeaseTime command to set the values of lease times and the getLeaseTime command to display the value of a lease time.

policy name setLeaseTime value
policy name getLeaseTime
 

Lease Times

A policy contains two lease times: the client lease time and the server lease time.

Remote-Dns

The remote-dns command allows you to control the behavior of the DNS server when it is communicating with other DNS servers. You can use it to either control incremental transfer or to send multiple records per TCP packet.

remote-dns create addr [/maskbits] [prop=val]
remote-dns name delete 
remote-dns list 
 

Table 2-23 lists and describes the remote-dns properties.

Table 2-23: Remote-dns Properties

Property	Description
addr	The address of the server or network to which this information applies.
maskbits	The number of bits in the addr attribute that are significant.

Remote-dns Command Example

To create the remote server description 128.103.1.1 with the net mask of 255.255.255.255, type:

nrcmd> remote-dns create 128.103.1.1/32 
 

Each net mask octet is composed of 8 bits. In the example above all 32 bits are significant, and the netmask is 32. If just the first three octets were significant, the net mask would be 24.

Remote-dns Features

You can enable, disable, or determine whether the feature has been set using the enable, disable, or get commands.

remote-dns name disable feature
remote-dns name enable feature
remote-dns name get feature
 

Table 2-24 lists and describes the remote DNS server description features.

Table 2-24: Remote-dns Features

Property	Description
ixfr	Optional, default false. Indicates whether or not a foreign server supports incremental transfer and should be queried for incremental (IXFR) before full (AXFR) when asking for zone transfers. Although setting ixfr to true is generally harmless, doing so may result in additional transactions to accomplish a zone transfer.
multirec	Optional, default false. Indicates whether or not a remote server can be sent zone transfers (AXFR) with multiple records in one TCP packet. Older DNS servers will crash when receiving such transfers, despite being allowed by the protocol.

Remote-dns Features Examples

When you enable or disable incremental transfer, Network Registrar looks for the most specific match, that is, it matches the machine with the longest mask. You can use this feature to specify a group of servers with a single command.

To enable all DNS servers on this network to perform incremental transfer, type:

nrcmd> remote-dns create 128.103.1.0/16 ixfr=true
 

To disable all DNS servers 128.103.1.1/32 from performing incremental transfers, type:

nrcmd> remote-dns create 128.103.1.1/32 ixfr=false

Save

The save command allows you to validate and save your changes to the database.

save 

Validation

The nrcmd program performs validation when you create objects or modify their properties. It checks that you have supplied the required properties and that their values are valid. The program also checks the validity of property values when you set them.

When you enter the save command, Network Registrar performs three levels of validation:

• Checks that no other modifications have been made to these objects because they were read from the database.

• Checks that all affected references are still valid.

• Ensures that the proposed modifications would result in a valid server configuration.

Error Codes

Table 2-25 lists and describes the save command error codes class status.

Table 2-25: Save Error Codes

Error Code	Description
100 OK	Indicates a successful save.
3xx	Indicates an error in processing the command.
4xx	Indicates an error in communicating with the cluster database server.
5xx	Indicates an internal error in the program.

For more information about error codes, see the "Error Codes" appendix.

Scope

The scope command allows you to create and edit DHCP scopes.

scope name create addr mask [prop=val]
scope name delete 
scope list 

Scope Command Examples

To create, delete, or list scopes, type:

nrcmd> scope testScope create 192.168.1.0 255.255.255.0
nrcmd> scope testScope delete 
nrcmd> scope list

Scope Features

The scope features allow you to enable, disable, or determine whether the feature has been set. You use the enable, disable, or get commands. The get command displays the value of the feature.

The syntax is:

scope name disable feature
scope name enable feature
scope name get feature
 

Table 2-26 lists and describes the scope features.

Table 2-26: Scope Features

Feature	Description
bootp	Optional, default disabled. Controls whether the server accepts BOOTP requests. If you want clients to always receive the same addresses, you need to reserve IP addresses for all your BOOTP clients. For information about how to reserve address, see the "Scope Method Commands" section later in this chapter.
dhcp	Optional, default enabled. Controls whether the DHCP server will accept DHCP requests for this scope. You would only disable DHCP for a scope to cause the scope to be used for BOOTP exclusively, or to temporarily deactivate a scope.
dynamic-bootp	Optional, default disabled. Controls whether the server will accept dynamic BOOTP requests for this scope. Dynamic BOOTP requests are BOOTP requests that do not match a reservation, but can be satisfied from the available lease pool. To use this feature, you must also enable bootp.
dynamic-dns	Optional, default disabled. Controls whether the DHCP server should attempt to update a DNS server with the name and address information from leases that are granted to requesting clients.
ping-clients	Optional, default disabled. Controls whether the server should attempt to ping an address.
synthesize-name	Optional, default disabled. Controls whether the DHCP server automatically creates DNS host names for DHCP clients who do not provide names. The server can synthesize unique names for clients based on the synthetic-name-stem property.
update-dns-first	Optional, default disabled. Controls whether the DHCP server is updated before the lease is granted.

nrcmd> scope testScope enable dynamic-dns
 

nrcmd> scope testScope disable dynamic-bootp

Scope Properties

You can use the set and get commands to assign and retrieve values from the scope command properties.

The syntax is:

scope name set prop=val
scope name get prop=val [prop=val...]
scope name show
 

Table 2-27 lists and describes the scope command properties.

Table 2-27: Scope Properties

Property	Description
addr	Optional, default <none>. The address of the subnet for which this scope contains addresses. (Read-only.)
deactivated	Optional, default <none>. A scope that does not extend leases to clients. It treats all of the addresses in its ranges as if they were individually deactivated.
dns-rev-server-addr	Optional, default <none>. The address of the reverse DNS server for the zone into which the server should add PTR records.
dns-reverse-zone-name	Optional, default <none>. The name of the inverse (in.addr.arpa) zone that is updated with PTR and TXT records.
dns-server-addr	Optional, default <none>. The IP address of the primary DNS server on which the forward zone resides.
dns-zone-name	Optional, default <none>. The name of the DNS zone to which a DHCP client's host name should be added (A record).
mask	Optional, default <none>. The mask associated with the scope's network address. (Read-only.)
ping-timeout	Optional, default <none>. The number of milliseconds the DHCP server should wait for ping responses. If you make this value too large, you will slow down the lease offering processes. If you make this value too small, you will reduce the effectiveness of pinging addresses before offering them.
policy	Optional, default <none>. The name of the policy associated with this scope.
primary-addr	Optional, default <none>. The IP address of the primary scope for this (secondary) scope.
primary-mask	Optional, default <none>. The subnet mask of this scope's primary scope (if this is a secondary scope).
primary-scope	Optional, default <none>. The primary scope for this (secondary) scope. Use the distinguished name none to indicate no primary scope. You need to specify a primary scope if you have multiple logical subnets on the same physical network segment, and if you allow DHCP to offer addresses from any of the subnets.
renew-only	Optional, default <none>. Controls whether to allow existing clients to reacquire their leases, but not to offer any leases to new clients. A renew-only scope will not change the client associated with any of its leases, other than to allow a client currently using an available IP address to continue to use it.
selection-tags	Optional, default <none>. The list of selection criteria associated with a scope. The scope compares a client's selection criteria to this list in order to determine whether the client can obtain a lease from the scope.
synthetic-name-stem	Optional, default <none>. The prefix of the default host name to use if clients do not supply host names.
update-dns-for-bootp	Optional, default <none>. If the server is replying to a BOOTP request, and is offering a lease from a scope that is configured to perform DNS updates, it will check this property before beginning the DNS update. This property allows you to prevent DNS updates for BOOTP clients, while allowing updates for DHCP clients.

nrcmd> scope testScope set netmask=255.255.255.0
 

nrcmd> scope testScope set dns-reverse-zone-name=10.in-addr.arpa.
 

nrcmd> scope testScope get dns-host-bytes=100

Scope Method Commands

The scope method commands allow you to add, remove, show, and list ranges and reservations.

Ranges

You can specify the start and end values as host numbers or IP addresses. The start and end values must fall within the network addresses as defined by the scope's addr and the network mask attributes.

• If adding addresses to a scope creates a continuous set of addresses, Network Registrar merges the current list of ranges, if possible.

• If deleting a range of addresses creates a discontinuous set of addresses, Network Registrar modifies or splits the existing ranges, if necessary.

The syntax is:

scope name addRange start end
scope name listLeases filter
scope name listRanges 
scope name removeRange start end
 

Table 2-28 lists and describes the scope range methods.

Table 2-28: Scope Range Methods

Method	Description
addRange	Adds a range of addresses to the named scope.
listLeases	Lists the leases in the named scope.
listRanges	Lists the available addresses in the named scope.
removeRange	Removes the range of available addresses in the named scope.

nrcmd> scope testScope AddRange 192.168.1.10 192.168.1.20
 

nrcmd> scope testScope removeRange 192.168.1.10 192.168.1.15

Scope Reservations

scope name addReservation ipaddr macaddr
scope name listReservations 
scope name removeReservation {ipaddr|macaddr}
 

Table 2-29 lists and describes the scope reservation methods.

Table 2-29: Scope Reservation Methods

Method	Description
addReservation	Adds the reservation to the named scope.
listReservations	Lists the reservations in the named scope.
removeReservation	Deletes a reservation from the named scope.

nrcmd> scope testScope AddReservation 192.168.1.10 1,6,00:a0:24:2e:9c:20
 

nrcmd> scope testScope removeReservation 192.168.1.10 

Scope-selection-tag

The scope-selection-tag command allows you to define tags that are added to the scope selection tag list. After you have defined scope selection tags, you can associate them with scopes, clients, and client-classes.

scope-selection-tag name create 
scope-selection-tag name delete 
scope-selection-tag list 

Scope-Selection-Tag Examples

To create the scope selection tag internal, type:

nrcmd> scope-selection-tag internal create
 

To delete the scope selection tag internal, type:

nrcmd> scope-selection-tag internal delete
 

To list the scope selection tags, type:

nrcmd> scope-selection-tag list

Number of Scope Selection Tags

Network Registrar limits you to a total of 30 scope selection tags. When the DHCP server configures itself, it checks the number of scope selection tags defined for any network. A network in this context is the aggregation of all of the scopes that are related to a particular subnet. This includes all of the scopes that belong together (because they share a common network number and subnet mask) and all of the scopes that are related to one of these through the use of the primary scope reference. Within all of the scopes that make up a network, there can be no more than 30 scope selection tags.

When the DHCP server reads a client entry (from the local database or from LDAP), the server checks its scope selection inclusion and exclusion criteria against the scope selection tags defined for the scopes on this network. If the client entry references tags that are not present in any scope in the network, then how the server handles the tags depends on whether the reference is to included or excluded tags. If the reference is for excluded tags, then the tag will have no effect. If the reference is for included tags, then the server determines that there is no acceptable scope on that network for this client.

Server

The server command allows you to affect the behavior of the server. After you have used the server command or any other time you have changed the server's configuration, reload the server. Use the server command or the Network Registrar GUI to reload the server.

Server Commands

The syntax is:

server {DNS|DHCP} cmd
 

Table 2-30 lists and describes the arguments to the server commands.

Table 2-30: Server Command Arguments

Argument	Description
reload	Causes the specified server to be stopped and then immediately restarted. When the server restarts it rereads all of its configuration information and its previously saved state information and then begins operating.
start	Starts the specified server, either DNS or DHCP.
stop	Stops the specified server, either DNS or DHCP.
getHealth	Gets the specified server's current health.
getStats	Gets the specified server's current statistics.
setDebug	Sets the debugging level and the location of the debug messages. You can specify either MLOG or WINDOW as locations. The default location is MLOG.
unsetDebug	Turns off debugging output.

nrcmd> server DNS stop
 

nrcmd> server DHCP start
 

nrcmd> server DHCP getHealth
 

Server Features

The server command features allow you to enable or disable a feature. You use the enable or disable commands to affect the following feature.

The syntax is:

server {DNS|DHCP} enable feature
server {DNS|DHCP} disable feature
 

Table 2-31 lists and describes the server argument.

Table 2-31: Server Command Argument

Argument	Description
start-on-reboot	Controls whether the server is started by the AIC server agent when you reboot. You might want to disable this feature for clusters that want to provide a single protocol service. By default, both the DNS and DHCP servers are enabled.

nrcmd> server DNS disable start-on-reboot

Server Properties

Table 2-32 lists and describes the server properties.

Table 2-32: Server Properties

Property	Description
version	The version string for the server. This property is useful when describing version information to Technical Support.

Session

The session command allows you to set session control parameters on your nrcmd program session. You can control the visibility level that determines which properties are displayed, and the default output format.

session set prop=val
session get prop
session show
 

Table 2-33 lists and describes the session command arguments.

Table 2-33: Session Command Arguments

Argument	Description
default-format	An enumerated string that can have the following values: script---Displays the objects suitable for script processing, that is, one object per output line. cluster---Displays the name of the current cluster. This is a read-only property. user---Displays the name of the current user. This is a read-only property.
visibility	Controls which properties are displayed. The default visibility is 5.

Session Command Example

To set the output so that it is suitable for script processing, type:

nrcmd> session set default-format=script

Zone

The zone command allows you to create and edit DNS zones.

zone name create primary file=BINDfile
zone name create primary ns person [prop=val]
zone name create secondary addr [prop=val]
zone name delete 
zone list 

Zone Command Examples

To create a zone, type:

nrcmd> zone QuickExample.com create primary file=host.local

nrcmd> zone test.org create primary ns andy
 

nrcmd> zone test.org. addRR ns A 24.10.2.2

Zone Feature Commands

You can enable, disable, or determine the feature that has been set with the enable, disable, or test commands.

The syntax is:

zone name disable feature
zone name enable feature
zone name test
 

Table 2-34 lists and describes the zone features.

Table 2-34: Zone Features

Feature	Description
dynamic	Required, default enabled (Primary server only.) Enables or disables RFC 2136 dynamic updates to the zone. The most typical source of these updates is a DHCP server.
restrict-xfer	Required, default disabled. Restricts zone transfers to a specific set of hosts. If you restrict zone transfers, you need to use the restricted-set property to list the servers that are allowed to perform zone transfers.
ixfr	Optional, default< none>. Enables requesting incremental transfer for this zone. When set, (to either to true or false) it overrides the global ixfr-enable value for this zone.
notify	Optional, default <none>. Enables the notification of other authoritative servers when this zone changes. When set, (to either true or false) it overrides the global notify value for this zone.

Zone Properties

You can use the set and get commands to assign and retrieve values from the zone's properties. These properties depend on the type of zone that you are creating.

The syntax is:

zone name set prop=val [prop=val...]
zone name get property
 

Table 2-35 lists and describes the primary zone create properties.

Table 2-35: Primary Zone Create Properties

Property	Description
auth-servers	(Secondary-only.) The list of servers from which Network Registrar will transfer data for this zone.
dynupdate-set	The set of IP addresses from which dynamic updates will be accepted, when you have enabled the dynamic feature. The nrcmd program treats addresses with zeroes in the least significant octets as network numbers, with implicit masks in octet multiples.
expire	Optional, default: 604800) The expire interval, in seconds, of the zone. The length of time a secondary can continue to serve zone data without confirmation that it is still current. Validation: refresh < x < 2147483647
minttl	Optional, default: 86400) The minimum TTL value to expose in resource records for this zone. Records with lower TTL values will be published with this value. Validation: 0 <= x <= 2147483647
notify-set	An optional list of additional servers to notify when this zone changes. All servers listed in NS records for the zone with the exception of the server described by the ns property of the zone (the mname field of the SOA record) will receive notifications. Servers listed in the notify-list will also be notified.
ns	Required, default: <none>).The fully qualified domain name of the primary for this zone. This host is the original or primary source of data for this zone.
person	Required, default: <none>). A domain name which specifies the mailbox of the person responsible for this zone. The first label is a user or mail alias, the rest of the labels are a mail destination. A mailbox of hostmaster@test.com would be represented as hostmaster.test.com.
refresh	Optional, default: 10800. The refresh interval, in seconds, of the zone. Used by secondaries as the period of polling for zone changes. Validation: 1 <= x <= 2147483647
restricted-set	The set of IP addresses that may request zone transfers when you have enabled the restrict-xfer feature.
retry	Optional, default: 3600. The retry interval, in seconds, of the zone. Used by secondaries as the period of retrying when polling for changes, or attempting zone transfer encounters errors. Validation: < (expire - refresh)
serial	Optional, default: 1. The current serial number of the zone. Maintained automatically by the DNS server. Validation: 0 <= x <= 4294967295

zone name addHost hostname addr [alias...]
zone name removeHost name
zone name listHosts 
 

Table 2-36 lists and describes the host properties.

Table 2-36: Host Properties

Property	Description
name	The host's domain name.
addr	The list of addresses assigned to the host.
aliases	An optional list of alias domain names for this host.

nrcmd> zone QuickExample.com addHost bethpc 192.168.1.10

Zone Resource Record Method Commands

You use the following commands to add, remove, and list the resource records in the zone.

The syntax is:

zone name addRR name [ttl] [class]type data
zone name removeRR name type data
zone name listRR {all|static|dynamic}
 

Table 2-37 lists and describes the resource record properties.

Table 2-37: Resource Record Properties

Property	Description
name	The resource record's domain name (owner name).
type	The type of resource record, such as PTR or A.
class	The class of resource record, which is always IN (for Internet) in DNS.
ttl	The resource record time to live (in seconds). The length of time the record the client may cache the resource record.

nrcmd> zone QuickExample.com addRR ns green

Posted: Thu Jul 13 11:14:37 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.