lwresd.html revision b0e8629055a766d4555a005a283c2889a5974945
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - Copyright (C) 2000, 2001 Internet Software Consortium.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - Permission to use, copy, modify, and distribute this software for any
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - purpose with or without fee is hereby granted, provided that the above
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - copyright notice and this permission notice appear in all copies.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
0662ed52e814f8f08ef0e09956413a792584eddffuankg - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - PERFORMANCE OF THIS SOFTWARE.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<!-- $Id: lwresd.html,v 1.21 2007/01/30 00:24:59 marka Exp $ -->
70953fb44a7140fe206c3a5f011e24209c8c5c6abnicholes<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
16b55a35cff91315d261d1baa776138af465c4e4fuankg<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<a name="id2476275"></a><div class="titlepage"></div>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<p><span class="application">lwresd</span> — lightweight resolver daemon</p>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>]</p></div>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<p><span><strong class="command">lwresd</strong></span>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes is the daemon providing name lookup
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes services to clients that use the BIND 9 lightweight resolver
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes library. It is essentially a stripped-down, caching-only name
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes server that answers queries using the BIND 9 lightweight
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes resolver protocol rather than the DNS protocol.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<p><span><strong class="command">lwresd</strong></span>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes listens for resolver queries on a
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes UDP port on the IPv4 loopback interface, 127.0.0.1. This
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes means that <span><strong class="command">lwresd</strong></span> can only be used by
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes processes running on the local machine. By default UDP port
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes number 921 is used for lightweight resolver requests and
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Incoming lightweight resolver requests are decoded by the
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes server which then resolves them using the DNS protocol. When
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes the DNS lookup completes, <span><strong class="command">lwresd</strong></span> encodes
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes the answers in the lightweight resolver format and returns
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes them to the client that made the request.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes If <code class="filename">/etc/resolv.conf</code> contains any
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <code class="option">nameserver</code> entries, <span><strong class="command">lwresd</strong></span>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes sends recursive DNS queries to those servers. This is similar
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes to the use of forwarders in a caching name server. If no
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <code class="option">nameserver</code> entries are present, or if
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes forwarding fails, <span><strong class="command">lwresd</strong></span> resolves the
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes queries autonomously starting at the root name servers, using
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes a built-in list of root server hints.
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg<dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Use <em class="replaceable"><code>config-file</code></em> as the
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes configuration file instead of the default,
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Debugging traces from <span><strong class="command">lwresd</strong></span> become
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes more verbose as the debug level increases.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Run the server in the foreground (i.e. do not daemonize).
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Run the server in the foreground and force all logging
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Create <em class="replaceable"><code>#cpus</code></em> worker threads
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes to take advantage of multiple CPUs. If not specified,
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg <span><strong class="command">lwresd</strong></span> will try to determine the
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes number of CPUs present and create one thread per CPU.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes If it is unable to determine the number of CPUs, a
0a39e7683f6611d66c55712f50bb240428d832a1bnicholes single worker thread will be created.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<dt><span class="term">-P <em class="replaceable"><code>port</code></em></span></dt>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Listen for lightweight resolver queries on port
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <em class="replaceable"><code>port</code></em>. If
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes not specified, the default is port 921.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
0662ed52e814f8f08ef0e09956413a792584eddffuankg Send DNS lookups to port <em class="replaceable"><code>port</code></em>. If not
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes specified, the default is port 53. This provides a
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg way of testing the lightweight resolver daemon with a
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes name server that listens for queries on a non-standard
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes port number.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Write memory usage statistics to <code class="filename">stdout</code>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes This option is mainly of interest to BIND 9 developers
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes and may be removed or changed in a future release.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes to <em class="replaceable"><code>directory</code></em> after
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes processing the command line arguments, but before
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes reading the configuration file.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes This option should be used in conjunction with the
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg <code class="option">-u</code> option, as chrooting a process
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes running as root doesn't enhance security on most
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes systems; the way <code class="function">chroot()</code> is
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes defined allows a process with root privileges to
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg escape a chroot jail.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes to <em class="replaceable"><code>user</code></em> after completing
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes privileged operations, such as creating sockets that
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes listen on privileged ports.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Report the version number and exit.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes The default configuration file.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<dt><span class="term"><code class="filename">/var/run/lwresd.pid</code></span></dt>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes The default process-id file.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<p><span class="corpauthor">Internet Systems Consortium</span>