lwresd.html revision d6fa26d0adaec6c910115be34fe7a5a5f402c14f
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj - Copyright (C) 2000, 2001, 2004, 2005, 2007-2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj - This Source Code Form is subject to the terms of the Mozilla Public
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj - License, v. 2.0. If a copy of the MPL was not distributed with this
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj - file, You can obtain one at http://mozilla.org/MPL/2.0/.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<p><span class="application">lwresd</span> — lightweight resolver daemon</p>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj is the daemon providing name lookup
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj services to clients that use the BIND 9 lightweight resolver
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj library. It is essentially a stripped-down, caching-only name
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj server that answers queries using the BIND 9 lightweight
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj resolver protocol rather than the DNS protocol.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj listens for resolver queries on a
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj UDP port on the IPv4 loopback interface, 127.0.0.1. This
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj means that <span class="command"><strong>lwresd</strong></span> can only be used by
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj processes running on the local machine. By default, UDP port
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj number 921 is used for lightweight resolver requests and
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj responses.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Incoming lightweight resolver requests are decoded by the
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj server which then resolves them using the DNS protocol. When
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj the DNS lookup completes, <span class="command"><strong>lwresd</strong></span> encodes
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj the answers in the lightweight resolver format and returns
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj them to the client that made the request.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj If <code class="filename">/etc/resolv.conf</code> contains any
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj <code class="option">nameserver</code> entries, <span class="command"><strong>lwresd</strong></span>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj sends recursive DNS queries to those servers. This is similar
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj to the use of forwarders in a caching name server. If no
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj <code class="option">nameserver</code> entries are present, or if
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj forwarding fails, <span class="command"><strong>lwresd</strong></span> resolves the
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj queries autonomously starting at the root name servers, using
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj a built-in list of root server hints.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Use IPv4 only even if the host machine is capable of IPv6.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj <code class="option">-4</code> and <code class="option">-6</code> are mutually
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj exclusive.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Use IPv6 only even if the host machine is capable of IPv4.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj <code class="option">-4</code> and <code class="option">-6</code> are mutually
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj exclusive.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Use <em class="replaceable"><code>config-file</code></em> as the
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj configuration file instead of the default,
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj <code class="option">-c</code> can not be used with <code class="option">-C</code>.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Use <em class="replaceable"><code>config-file</code></em> as the
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj configuration file instead of the default,
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj <code class="option">-C</code> can not be used with <code class="option">-c</code>.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Debugging traces from <span class="command"><strong>lwresd</strong></span> become
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj more verbose as the debug level increases.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Run the server in the foreground (i.e. do not daemonize).
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Run the server in the foreground and force all logging
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<dt><span class="term">-i <em class="replaceable"><code>pid-file</code></em></span></dt>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Use <em class="replaceable"><code>pid-file</code></em> as the
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj PID file instead of the default,
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj <code class="filename">/var/run/lwresd/lwresd.pid</code>.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Turn on memory usage debugging flags. Possible flags are
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj These correspond to the ISC_MEM_DEBUGXXXX flags described in
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Create <em class="replaceable"><code>#cpus</code></em> worker threads
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj to take advantage of multiple CPUs. If not specified,
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj <span class="command"><strong>lwresd</strong></span> will try to determine the
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj number of CPUs present and create one thread per CPU.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj If it is unable to determine the number of CPUs, a
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj single worker thread will be created.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<dt><span class="term">-P <em class="replaceable"><code>port</code></em></span></dt>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Listen for lightweight resolver queries on port
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj not specified, the default is port 921.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Send DNS lookups to port <em class="replaceable"><code>port</code></em>. If not
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj specified, the default is port 53. This provides a
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj way of testing the lightweight resolver daemon with a
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj name server that listens for queries on a non-standard
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj port number.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Write memory usage statistics to <code class="filename">stdout</code>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj This option is mainly of interest to BIND 9 developers
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj and may be removed or changed in a future release.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj to <em class="replaceable"><code>directory</code></em> after
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj processing the command line arguments, but before
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj reading the configuration file.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj This option should be used in conjunction with the
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj <code class="option">-u</code> option, as chrooting a process
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj running as root doesn't enhance security on most
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj systems; the way <code class="function">chroot(2)</code> is
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj defined allows a process with root privileges to
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj escape a chroot jail.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj to <em class="replaceable"><code>user</code></em> after completing
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj privileged operations, such as creating sockets that
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj listen on privileged ports.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj Report the version number and exit.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj The default configuration file.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<dt><span class="term"><code class="filename">/var/run/lwresd.pid</code></span></dt>
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj The default process-id file.
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
664a5ea1dff1ae974e2937d67d09de30f0c098e9robj <span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.