named.html revision ea94d370123a5892f6c47a97f21d1b28d44bb168
297be3708069ef31814d6d75c0d71a50a78feb03Mark Andrews - Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Permission to use, copy, modify, and/or distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="man.named"></a><div class="titlepage"></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span class="application">named</span> — Internet domain name server</p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span><strong class="command">named</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is a Domain Name System (DNS) server,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein part of the BIND 9 distribution from ISC. For more
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein information on the DNS, see RFCs 1033, 1034, and 1035.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When invoked without arguments, <span><strong class="command">named</strong></span>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews read the default configuration file
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">/etc/named.conf</code>, read any initial
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein data, and listen for queries.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Use IPv4 only even if the host machine is capable of IPv6.
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater <code class="option">-4</code> and <code class="option">-6</code> are mutually
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Use IPv6 only even if the host machine is capable of IPv4.
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater <code class="option">-4</code> and <code class="option">-6</code> are mutually
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater Use <em class="replaceable"><code>config-file</code></em> as the
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater configuration file instead of the default,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">/etc/named.conf</code>. To
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater ensure that reloading the configuration file continues
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater to work after the server has changed its working
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater directory due to to a possible
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater <code class="option">directory</code> option in the configuration
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein file, <em class="replaceable"><code>config-file</code></em> should be
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater an absolute pathname.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
c6d486af36165da7eb970354981d145249e342e4Mark Andrews Debugging traces from <span><strong class="command">named</strong></span> become
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein more verbose as the debug level increases.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-E <em class="replaceable"><code>engine-name</code></em></span></dt>
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater Use a crypto hardware (OpenSSL engine) for the crypto operations
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein it supports, for instance re-signing with private keys from
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a secure key store. When compiled with PKCS#11 support
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater <em class="replaceable"><code>engine-name</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein defaults to pkcs11, the empty name resets it to no engine.
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater Run the server in the foreground (i.e. do not daemonize).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Run the server in the foreground and force all logging
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Turn on memory usage debugging flags. Possible flags are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="replaceable"><code>usage</code></em>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="replaceable"><code>trace</code></em>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="replaceable"><code>record</code></em>,
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <em class="replaceable"><code>size</code></em>, and
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <em class="replaceable"><code>mctx</code></em>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein These correspond to the ISC_MEM_DEBUGXXXX flags described in
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <code class="filename"><isc/mem.h></code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews Create <em class="replaceable"><code>#cpus</code></em> worker threads
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to take advantage of multiple CPUs. If not specified,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">named</strong></span> will try to determine the
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews number of CPUs present and create one thread per CPU.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein If it is unable to determine the number of CPUs, a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein single worker thread will be created.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Listen for queries on port <em class="replaceable"><code>port</code></em>. If not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein specified, the default is port 53.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Write memory usage statistics to <code class="filename">stdout</code> on exit.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This option is mainly of interest to BIND 9 developers
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and may be removed or changed in a future release.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Allow <span><strong class="command">named</strong></span> to use up to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="replaceable"><code>#max-socks</code></em> sockets.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This option should be unnecessary for the vast majority
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The use of this option could even be harmful because the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein specified value may exceed the limitation of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein underlying system API.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein It is therefore set only when the default configuration
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein causes exhaustion of file descriptors and the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein operational environment is known to support the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein specified number of sockets.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Note also that the actual maximum number is normally a little
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein fewer than the specified value because
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">named</strong></span> reserves some file descriptors
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for its internal use.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews to <em class="replaceable"><code>directory</code></em> after
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews processing the command line arguments, but before
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews reading the configuration file.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews This option should be used in conjunction with the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <code class="option">-u</code> option, as chrooting a process
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews running as root doesn't enhance security on most
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews systems; the way <code class="function">chroot(2)</code> is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews defined allows a process with root privileges to
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews escape a chroot jail.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-U <em class="replaceable"><code>#listeners</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Use <em class="replaceable"><code>#listeners</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein worker threads to listen for incoming UDP packets on each
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein address. If not specified, <span><strong class="command">named</strong></span> will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein use all of the worker threads for this purpose; the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">-U</code> option allows the number to be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein decreased but not increased.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to <em class="replaceable"><code>user</code></em> after completing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein privileged operations, such as creating sockets that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein listen on privileged ports.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein On Linux, <span><strong class="command">named</strong></span> uses the kernel's
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein capability mechanism to drop all root privileges
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein except the ability to <code class="function">bind(2)</code> to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein privileged port and set process resource limits.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Unfortunately, this means that the <code class="option">-u</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein option only works when <span><strong class="command">named</strong></span> is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein later, since previous kernels did not allow privileges
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to be retained after <code class="function">setuid(2)</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Report the version number and exit.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Report the version number and build options, and exit.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-x <em class="replaceable"><code>cache-file</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Load data from <em class="replaceable"><code>cache-file</code></em> into the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein cache of the default view.
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews This option must not be used. It is only of interest
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews to BIND 9 developers and may be removed or changed in a
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews future release.
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews In routine operation, signals should not be used to control
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews the nameserver; <span><strong class="command">rndc</strong></span> should be used
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Force a reload of the server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">SIGINT, SIGTERM</span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Shut down the server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The result of sending any other signals to the server is undefined.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The <span><strong class="command">named</strong></span> configuration file is too complex
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to describe in detail here. A complete description is provided
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (file creation mode mask) from the parent process. If files
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein created by <span><strong class="command">named</strong></span>, such as journal files,
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews need to have custom permissions, the <code class="function">umask</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein should be set explicitly in the script used to start the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">named</strong></span> process.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The default configuration file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><code class="filename">/var/run/named/named.pid</code></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The default process-id file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews <span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>,
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span class="corpauthor">Internet Systems Consortium</span>