bin/named/named.docbook

	named.docbook revision 0f78f780648806bcb3e374b7dafac73e6c558ea8
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
19c7b1a0293498a3e36692c59646ed6e15ffc8d0Tinderbox User               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt           [<!ENTITY mdash "&#8212;">]>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<!--
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt -
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt - Permission to use, copy, modify, and distribute this software for any
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt - purpose with or without fee is hereby granted, provided that the above
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt - copyright notice and this permission notice appear in all copies.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt -
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - PERFORMANCE OF THIS SOFTWARE.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt-->
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<!-- $Id: named.docbook,v 1.17 2007/05/16 01:42:26 marka Exp $ -->
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt<refentry id="man.named">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refentryinfo>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <date>June 30, 2000</date>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt  </refentryinfo>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt  <refmeta>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    <refentrytitle><application>named</application></refentrytitle>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    <manvolnum>8</manvolnum>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    <refmiscinfo>BIND9</refmiscinfo>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt  </refmeta>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt  <refnamediv>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    <refname><application>named</application></refname>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    <refpurpose>Internet domain name server</refpurpose>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt  </refnamediv>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt  <docinfo>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    <copyright>
f9aef05653eeb454c489d5bd2bde6daab774ad4aTinderbox User      <year>2004</year>
f70a10508f030b097a9b8afe907a06f9a1e2c4d4Tinderbox User      <year>2005</year>
19c7b1a0293498a3e36692c59646ed6e15ffc8d0Tinderbox User      <year>2006</year>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <year>2007</year>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    </copyright>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    <copyright>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <year>2000</year>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <year>2001</year>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <year>2003</year>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <holder>Internet Software Consortium.</holder>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    </copyright>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </docinfo>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsynopsisdiv>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <cmdsynopsis>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <command>named</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg><option>-4</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg><option>-6</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <arg><option>-f</option></arg>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <arg><option>-g</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <arg><option>-s</option></arg>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <arg><option>-v</option></arg>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <arg><option>-x <replaceable class="parameter">cache-file</replaceable></option></arg>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    </cmdsynopsis>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt  </refsynopsisdiv>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt  <refsect1>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    <title>DESCRIPTION</title>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    <para><command>named</command>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      is a Domain Name System (DNS) server,
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      part of the BIND 9 distribution from ISC.  For more
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      information on the DNS, see RFCs 1033, 1034, and 1035.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    </para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    <para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      When invoked without arguments, <command>named</command>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      will
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      read the default configuration file
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <filename>/etc/named.conf</filename>, read any initial
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      data, and listen for queries.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    </para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt  </refsect1>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsect1>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt    <title>OPTIONS</title>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <variablelist>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <term>-4</term>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt        <listitem>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt          <para>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt            Use IPv4 only even if the host machine is capable of IPv6.
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt            <option>-4</option> and <option>-6</option> are mutually
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt            exclusive.
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt          </para>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt        </listitem>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt      </varlistentry>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt      <varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <term>-6</term>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          <para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            Use IPv6 only even if the host machine is capable of IPv4.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            <option>-4</option> and <option>-6</option> are mutually
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            exclusive.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          </para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        </listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      </varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <term>-c <replaceable class="parameter">config-file</replaceable></term>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          <para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            Use <replaceable class="parameter">config-file</replaceable> as the
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt            configuration file instead of the default,
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            <filename>/etc/named.conf</filename>.  To
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            ensure that reloading the configuration file continues
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt            to work after the server has changed its working
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt            directory due to to a possible
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt            <option>directory</option> option in the configuration
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt            file, <replaceable class="parameter">config-file</replaceable> should be
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt            an absolute pathname.
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt          </para>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt        </listitem>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt      </varlistentry>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <term>-d <replaceable class="parameter">debug-level</replaceable></term>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          <para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            Set the daemon's debug level to <replaceable class="parameter">debug-level</replaceable>.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            Debugging traces from <command>named</command> become
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            more verbose as the debug level increases.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          </para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        </listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      </varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <term>-f</term>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          <para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            Run the server in the foreground (i.e. do not daemonize).
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          </para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        </listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      </varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <term>-g</term>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          <para>
821350367e2c7313c02eb275e8e05d5193b47cfdJeremy C. Reed            Run the server in the foreground and force all logging
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            to <filename>stderr</filename>.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          </para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        </listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      </varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <term>-m <replaceable class="parameter">flag</replaceable></term>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          <para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        Turn on memory usage debugging flags.  Possible flags are
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <replaceable class="parameter">usage</replaceable>,
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <replaceable class="parameter">trace</replaceable>,
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <replaceable class="parameter">record</replaceable>,
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <replaceable class="parameter">size</replaceable>, and
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <replaceable class="parameter">mctx</replaceable>.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        These correspond to the ISC_MEM_DEBUGXXXX flags described in
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <filename>&lt;isc/mem.h&gt;</filename>.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          </para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        </listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      </varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <term>-n <replaceable class="parameter">#cpus</replaceable></term>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          <para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            Create <replaceable class="parameter">#cpus</replaceable> worker threads
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            to take advantage of multiple CPUs.  If not specified,
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            <command>named</command> will try to determine the
821350367e2c7313c02eb275e8e05d5193b47cfdJeremy C. Reed            number of CPUs present and create one thread per CPU.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            If it is unable to determine the number of CPUs, a
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            single worker thread will be created.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          </para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        </listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      </varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <term>-p <replaceable class="parameter">port</replaceable></term>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          <para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            Listen for queries on port <replaceable class="parameter">port</replaceable>.  If not
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            specified, the default is port 53.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          </para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        </listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      </varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <term>-s</term>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          <para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            Write memory usage statistics to <filename>stdout</filename> on exit.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          </para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          <note>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            <para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt              This option is mainly of interest to BIND 9 developers
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt              and may be removed or changed in a future release.
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt            </para>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt          </note>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt        </listitem>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt      </varlistentry>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt      <varlistentry>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt        <term>-t <replaceable class="parameter">directory</replaceable></term>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt        <listitem>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt          <para>Chroot
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt        to <replaceable class="parameter">directory</replaceable> after
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt            processing the command line arguments, but before
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt            reading the configuration file.
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt          </para>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt          <warning>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt            <para>
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt              This option should be used in conjunction with the
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt              <option>-u</option> option, as chrooting a process
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt              running as root doesn't enhance security on most
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt              systems; the way <function>chroot(2)</function> is
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt              defined allows a process with root privileges to
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt              escape a chroot jail.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            </para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          </warning>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        </listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      </varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      <varlistentry>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <term>-u <replaceable class="parameter">user</replaceable></term>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        <listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          <para>Setuid
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt        to <replaceable class="parameter">user</replaceable> after completing
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            privileged operations, such as creating sockets that
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            listen on privileged ports.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          </para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <note>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            <para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt              On Linux, <command>named</command> uses the kernel's
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt                    capability mechanism to drop all root privileges
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt              except the ability to <function>bind(2)</function> to
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt              a
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt              privileged port and set process resource limits.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt              Unfortunately, this means that the <option>-u</option>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt              option only works when <command>named</command> is
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt              run
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt              on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt              later, since previous kernels did not allow privileges
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt              to be retained after <function>setuid(2)</function>.
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt            </para>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt          </note>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        </listitem>
831f59eb43b56642b00f82e07722836d2f9593abEvan Hunt      </varlistentry>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt
      <varlistentry>
        <term>-v</term>
        <listitem>
          <para>
            Report the version number and exit.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-x <replaceable class="parameter">cache-file</replaceable></term>
        <listitem>
          <para>
            Load data from <replaceable class="parameter">cache-file</replaceable> into the
            cache of the default view.
          </para>
          <warning>
            <para>
              This option must not be used.  It is only of interest
              to BIND 9 developers and may be removed or changed in a
              future release.
            </para>
          </warning>
        </listitem>
      </varlistentry>

    </variablelist>

  </refsect1>

  <refsect1>
    <title>SIGNALS</title>
    <para>
      In routine operation, signals should not be used to control
      the nameserver; <command>rndc</command> should be used
      instead.
    </para>

    <variablelist>

      <varlistentry>
        <term>SIGHUP</term>
        <listitem>
          <para>
            Force a reload of the server.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>SIGINT, SIGTERM</term>
        <listitem>
          <para>
            Shut down the server.
          </para>
        </listitem>
      </varlistentry>

    </variablelist>

    <para>
      The result of sending any other signals to the server is undefined.
    </para>

  </refsect1>

  <refsect1>
    <title>CONFIGURATION</title>
    <para>
      The <command>named</command> configuration file is too complex
      to describe in detail here.  A complete description is provided
      in the
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
    </para>
  </refsect1>

  <refsect1>
    <title>FILES</title>

    <variablelist>

      <varlistentry>
        <term><filename>/etc/named.conf</filename></term>
        <listitem>
          <para>
            The default configuration file.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><filename>/var/run/named.pid</filename></term>
        <listitem>
          <para>
            The default process-id file.
          </para>
        </listitem>
      </varlistentry>

    </variablelist>

  </refsect1>

  <refsect1>
    <title>SEE ALSO</title>
    <para><citetitle>RFC 1033</citetitle>,
      <citetitle>RFC 1034</citetitle>,
      <citetitle>RFC 1035</citetitle>,
      <citerefentry>
        <refentrytitle>rndc</refentrytitle>
    <manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>lwresd</refentrytitle>
    <manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
    <refentrytitle>named.conf</refentrytitle>
    <manvolnum>5</manvolnum>
      </citerefentry>,
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
    </para>
  </refsect1>

  <refsect1>
    <title>AUTHOR</title>
    <para><corpauthor>Internet Systems Consortium</corpauthor>
    </para>
  </refsect1>

</refentry><!--
 - Local variables:
 - mode: sgml
 - End:
-->