40N/A<!
DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 40N/A [<!ENTITY mdash "—">]>
40N/A - Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") 40N/A - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. 40N/A - Permission to use, copy, modify, and/or distribute this software for any 40N/A - purpose with or without fee is hereby granted, provided that the above 40N/A - copyright notice and this permission notice appear in all copies. 40N/A - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 40N/A - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 40N/A - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 40N/A - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 40N/A - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 40N/A - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 40N/A - PERFORMANCE OF THIS SOFTWARE. 40N/A <
date>May 21, 2009</
date>
40N/A <
refentrytitle><
application>named</
application></
refentrytitle>
40N/A <
manvolnum>8</
manvolnum>
40N/A <
refmiscinfo>BIND9</
refmiscinfo>
40N/A <
refname><
application>named</
application></
refname>
40N/A <
refpurpose>Internet domain name server</
refpurpose>
40N/A <
holder>Internet Systems Consortium, Inc. ("ISC")</
holder>
40N/A <
holder>Internet Software Consortium.</
holder>
40N/A <
command>named</
command>
40N/A <
arg><
option>-4</
option></
arg>
40N/A <
arg><
option>-6</
option></
arg>
40N/A <
arg><
option>-c <
replaceable class="parameter">config-file</
replaceable></
option></
arg>
40N/A <
arg><
option>-d <
replaceable class="parameter">debug-level</
replaceable></
option></
arg>
40N/A <
arg><
option>-D <
replaceable class="parameter">string</
replaceable></
option></
arg>
40N/A <
arg><
option>-E <
replaceable class="parameter">engine-name</
replaceable></
option></
arg>
40N/A <
arg><
option>-f</
option></
arg>
40N/A <
arg><
option>-g</
option></
arg>
40N/A <
arg><
option>-m <
replaceable class="parameter">flag</
replaceable></
option></
arg>
40N/A <
arg><
option>-n <
replaceable class="parameter">#cpus</
replaceable></
option></
arg>
40N/A <
arg><
option>-p <
replaceable class="parameter">port</
replaceable></
option></
arg>
40N/A <
arg><
option>-s</
option></
arg>
40N/A <
arg><
option>-S <
replaceable class="parameter">#max-socks</
replaceable></
option></
arg>
40N/A <
arg><
option>-t <
replaceable class="parameter">directory</
replaceable></
option></
arg>
40N/A <
arg><
option>-U <
replaceable class="parameter">#listeners</
replaceable></
option></
arg>
40N/A <
arg><
option>-u <
replaceable class="parameter">user</
replaceable></
option></
arg>
40N/A <
arg><
option>-v</
option></
arg>
40N/A <
arg><
option>-V</
option></
arg>
40N/A <
arg><
option>-x <
replaceable class="parameter">cache-file</
replaceable></
option></
arg>
40N/A <
title>DESCRIPTION</
title>
40N/A <
para><
command>named</
command>
40N/A is a Domain Name System (DNS) server,
40N/A part of the BIND 9 distribution from ISC. For more
40N/A information on the DNS, see RFCs 1033, 1034, and 1035.
40N/A When invoked without arguments, <
command>named</
command>
40N/A read the default configuration file
data, and listen for queries.
Use IPv4 only even if the host machine is capable of IPv6.
<
option>-4</
option> and <
option>-6</
option> are mutually
Use IPv6 only even if the host machine is capable of IPv4.
<
option>-4</
option> and <
option>-6</
option> are mutually
<
term>-c <
replaceable class="parameter">config-file</
replaceable></
term>
Use <
replaceable class="parameter">config-file</
replaceable> as the
configuration file instead of the default,
ensure that reloading the configuration file continues
to work after the server has changed its working
directory due to to a possible
<
option>directory</
option> option in the configuration
file, <
replaceable class="parameter">config-file</
replaceable> should be
<
term>-d <
replaceable class="parameter">debug-level</
replaceable></
term>
Set the daemon's debug level to <
replaceable class="parameter">debug-level</
replaceable>.
Debugging traces from <
command>named</
command> become
more verbose as the debug level increases.
<
term>-D <
replaceable class="parameter">string</
replaceable></
term>
Specifies a string that is used to identify a instance of
<
command>named</
command> in a process listing. The contents
of <
replaceable class="parameter">string</
replaceable> are
<
term>-E <
replaceable class="parameter">engine-name</
replaceable></
term>
When applicable, specifies the hardware to use for
cryptographic operations, such as a secure key store used
When BIND is built with OpenSSL PKCS#11 support, this defaults
to the string "pkcs11", which identifies an OpenSSL engine
that can drive a cryptographic accelerator or hardware service
module. When BIND is built with native PKCS#11 cryptography
(--enable-native-pkcs11), it defaults to the path of the PKCS#11
provider library specified via "--with-pkcs11".
Run the server in the foreground (
i.e. do not daemonize).
Run the server in the foreground and force all logging
to <
filename>stderr</
filename>.
<
term>-m <
replaceable class="parameter">flag</
replaceable></
term>
Turn on memory usage debugging flags. Possible flags are
<
replaceable class="parameter">usage</
replaceable>,
<
replaceable class="parameter">trace</
replaceable>,
<
replaceable class="parameter">record</
replaceable>,
<
replaceable class="parameter">size</
replaceable>, and
<
replaceable class="parameter">mctx</
replaceable>.
These correspond to the ISC_MEM_DEBUGXXXX flags described in
<
term>-n <
replaceable class="parameter">#cpus</
replaceable></
term>
Create <
replaceable class="parameter">#cpus</
replaceable> worker threads
to take advantage of multiple CPUs. If not specified,
<
command>named</
command> will try to determine the
number of CPUs present and create one thread per CPU.
If it is unable to determine the number of CPUs, a
single worker thread will be created.
<
term>-p <
replaceable class="parameter">port</
replaceable></
term>
Listen for queries on port <
replaceable class="parameter">port</
replaceable>. If not
specified, the default is port 53.
Write memory usage statistics to <
filename>stdout</
filename> on exit.
This option is mainly of interest to BIND 9 developers
and may be removed or changed in a future release.
<
term>-S <
replaceable class="parameter">#max-socks</
replaceable></
term>
Allow <
command>named</
command> to use up to
<
replaceable class="parameter">#max-socks</
replaceable> sockets.
This option should be unnecessary for the vast majority
The use of this option could even be harmful because the
specified value may exceed the limitation of the
It is therefore set only when the default configuration
causes exhaustion of file descriptors and the
operational environment is known to support the
specified number of sockets.
Note also that the actual maximum number is normally a little
fewer than the specified value because
<
command>named</
command> reserves some file descriptors
<
term>-t <
replaceable class="parameter">directory</
replaceable></
term>
to <
replaceable class="parameter">directory</
replaceable> after
processing the command line arguments, but before
reading the configuration file.
This option should be used in conjunction with the
<
option>-u</
option> option, as chrooting a process
running as root doesn't enhance security on most
systems; the way <
function>chroot(2)</
function> is
defined allows a process with root privileges to
<
term>-U <
replaceable class="parameter">#listeners</
replaceable></
term>
Use <
replaceable class="parameter">#listeners</
replaceable>
worker threads to listen for incoming UDP packets on each
address. If not specified, <
command>named</
command> will
use the number of detected CPUs. If <
option>-n</
option>
has been set to a higher value than the number of CPUs,
then <
option>-U</
option> may be increased as high as that
<
term>-u <
replaceable class="parameter">user</
replaceable></
term>
to <
replaceable class="parameter">user</
replaceable> after completing
privileged operations, such as creating sockets that
listen on privileged ports.
On Linux, <
command>named</
command> uses the kernel's
capability mechanism to drop all root privileges
except the ability to <
function>bind(2)</
function> to
privileged port and set process resource limits.
Unfortunately, this means that the <
option>-u</
option>
option only works when <
command>named</
command> is
on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
later, since previous kernels did not allow privileges
to be retained after <
function>setuid(2)</
function>.
Report the version number and exit.
Report the version number and build options, and exit.
<
term>-x <
replaceable class="parameter">cache-file</
replaceable></
term>
Load data from <
replaceable class="parameter">cache-file</
replaceable> into the
cache of the default view.
This option must not be used. It is only of interest
to BIND 9 developers and may be removed or changed in a
In routine operation, signals should not be used to control
the nameserver; <
command>rndc</
command> should be used
Force a reload of the server.
<
term>SIGINT, SIGTERM</
term>
The result of sending any other signals to the server is undefined.
<
title>CONFIGURATION</
title>
The <
command>named</
command> configuration file is too complex
to describe in detail here. A complete description is provided
<
citetitle>BIND 9 Administrator Reference Manual</
citetitle>.
<
command>named</
command> inherits the <
function>umask</
function>
(file creation mode mask) from the parent process. If files
created by <
command>named</
command>, such as journal files,
need to have custom permissions, the <
function>umask</
function>
should be set explicitly in the script used to start the
<
command>named</
command> process.
The default configuration file.
The default process-id file.
<
para><
citetitle>RFC 1033</
citetitle>,
<
citetitle>RFC 1034</
citetitle>,
<
citetitle>RFC 1035</
citetitle>,
<
refentrytitle>named-checkconf</
refentrytitle>
<
refentrytitle>named-checkzone</
refentrytitle>
<
refentrytitle>rndc</
refentrytitle>
<
refentrytitle>lwresd</
refentrytitle>
<
citetitle>BIND 9 Administrator Reference Manual</
citetitle>.
<
para><
corpauthor>Internet Systems Consortium</
corpauthor>