named.html revision 8ec3c085233cedb22b05da36e2773c8f357a7e45
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington - Permission to use, copy, modify, and/or distribute this software for any
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington - purpose with or without fee is hereby granted, provided that the above
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington - copyright notice and this permission notice appear in all copies.
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews<!-- $Id: named.html,v 1.33 2009/10/06 01:14:41 tbox Exp $ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews<a name="man.named"></a><div class="titlepage"></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span class="application">named</span> — Internet domain name server</p>
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span><strong class="command">named</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is a Domain Name System (DNS) server,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein part of the BIND 9 distribution from ISC. For more
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein information on the DNS, see RFCs 1033, 1034, and 1035.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When invoked without arguments, <span><strong class="command">named</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein read the default configuration file
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">/etc/named.conf</code>, read any initial
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews data, and listen for queries.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Use IPv4 only even if the host machine is capable of IPv6.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">-4</code> and <code class="option">-6</code> are mutually
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Use IPv6 only even if the host machine is capable of IPv4.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">-4</code> and <code class="option">-6</code> are mutually
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Use <em class="replaceable"><code>config-file</code></em> as the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein configuration file instead of the default,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">/etc/named.conf</code>. To
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ensure that reloading the configuration file continues
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to work after the server has changed its working
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein directory due to to a possible
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">directory</code> option in the configuration
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein file, <em class="replaceable"><code>config-file</code></em> should be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein an absolute pathname.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Debugging traces from <span><strong class="command">named</strong></span> become
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein more verbose as the debug level increases.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-E <em class="replaceable"><code>engine-name</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Use a crypto hardware (OpenSSL engine) for the crypto operations
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein it supports, for instance re-signing with private keys from
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a secure key store. When compiled with PKCS#11 support
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="replaceable"><code>engine-name</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein defaults to pkcs11, the empty name resets it to no engine.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Run the server in the foreground (i.e. do not daemonize).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Run the server in the foreground and force all logging
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Turn on memory usage debugging flags. Possible flags are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="replaceable"><code>usage</code></em>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="replaceable"><code>trace</code></em>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="replaceable"><code>record</code></em>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="replaceable"><code>size</code></em>, and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein These correspond to the ISC_MEM_DEBUGXXXX flags described in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename"><isc/mem.h></code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Create <em class="replaceable"><code>#cpus</code></em> worker threads
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to take advantage of multiple CPUs. If not specified,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">named</strong></span> will try to determine the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein number of CPUs present and create one thread per CPU.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein If it is unable to determine the number of CPUs, a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein single worker thread will be created.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Listen for queries on port <em class="replaceable"><code>port</code></em>. If not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein specified, the default is port 53.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Write memory usage statistics to <code class="filename">stdout</code> on exit.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews This option is mainly of interest to BIND 9 developers
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews and may be removed or changed in a future release.
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews Allow <span><strong class="command">named</strong></span> to use up to
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews <em class="replaceable"><code>#max-socks</code></em> sockets.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This option should be unnecessary for the vast majority
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The use of this option could even be harmful because the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein specified value may exceed the limitation of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein underlying system API.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein It is therefore set only when the default configuration
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein causes exhaustion of file descriptors and the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein operational environment is known to support the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein specified number of sockets.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Note also that the actual maximum number is normally a little
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein fewer than the specified value because
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">named</strong></span> reserves some file descriptors
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for its internal use.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to <em class="replaceable"><code>directory</code></em> after
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein processing the command line arguments, but before
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein reading the configuration file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This option should be used in conjunction with the
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews <code class="option">-u</code> option, as chrooting a process
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews running as root doesn't enhance security on most
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews systems; the way <code class="function">chroot(2)</code> is
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews defined allows a process with root privileges to
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews escape a chroot jail.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to <em class="replaceable"><code>user</code></em> after completing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein privileged operations, such as creating sockets that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein listen on privileged ports.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein On Linux, <span><strong class="command">named</strong></span> uses the kernel's
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein capability mechanism to drop all root privileges
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein except the ability to <code class="function">bind(2)</code> to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein privileged port and set process resource limits.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Unfortunately, this means that the <code class="option">-u</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein option only works when <span><strong class="command">named</strong></span> is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein later, since previous kernels did not allow privileges
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to be retained after <code class="function">setuid(2)</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Report the version number and exit.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Report the version number and build options, and exit.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-x <em class="replaceable"><code>cache-file</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Load data from <em class="replaceable"><code>cache-file</code></em> into the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein cache of the default view.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This option must not be used. It is only of interest
94fc951a9b5679def2a05387a5c251f5cb8eb9c9Mark Andrews to BIND 9 developers and may be removed or changed in a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein future release.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein In routine operation, signals should not be used to control
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the nameserver; <span><strong class="command">rndc</strong></span> should be used
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Force a reload of the server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">SIGINT, SIGTERM</span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Shut down the server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The result of sending any other signals to the server is undefined.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The <span><strong class="command">named</strong></span> configuration file is too complex
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to describe in detail here. A complete description is provided
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (file creation mode mask) from the parent process. If files