man.named.html revision ea94d370123a5892f6c47a97f21d1b28d44bb168
5cd4555ad444fd391002ae32450572054369fd42Rob Austein - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein - Copyright (C) 2000-2003 Internet Software Consortium.
3398334b3acda24b086957286288ca9852662b12Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews - purpose with or without fee is hereby granted, provided that the above
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - copyright notice and this permission notice appear in all copies.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews<!-- $Id$ -->
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
b5ad6dfea4cc3e7d1d322ac99f1e5a31096837c4Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<link rel="prev" href="man.named-checkzone.html" title="named-checkzone">
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<link rel="next" href="man.named-journalprint.html" title="named-journalprint">
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<table width="100%" summary="Navigation header">
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<tr><th colspan="3" align="center"><span class="application">named</span></th></tr>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<a accesskey="p" href="man.named-checkzone.html">Prev</a>�</td>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<th width="60%" align="center">Manual pages</th>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<td width="20%" align="right">�<a accesskey="n" href="man.named-journalprint.html">Next</a>
c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85Mark Andrews<a name="man.named"></a><div class="titlepage"></div>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p><span class="application">named</span> — Internet domain name server</p>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p><span><strong class="command">named</strong></span>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein is a Domain Name System (DNS) server,
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington part of the BIND 9 distribution from ISC. For more
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington information on the DNS, see RFCs 1033, 1034, and 1035.
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington When invoked without arguments, <span><strong class="command">named</strong></span>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington read the default configuration file
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington <code class="filename">/etc/named.conf</code>, read any initial
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews data, and listen for queries.
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington Use IPv4 only even if the host machine is capable of IPv6.
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews <code class="option">-4</code> and <code class="option">-6</code> are mutually
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington Use IPv6 only even if the host machine is capable of IPv4.
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington <code class="option">-4</code> and <code class="option">-6</code> are mutually
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington Use <em class="replaceable"><code>config-file</code></em> as the
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington configuration file instead of the default,
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington <code class="filename">/etc/named.conf</code>. To
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington ensure that reloading the configuration file continues
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington to work after the server has changed its working
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington directory due to to a possible
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington <code class="option">directory</code> option in the configuration
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein file, <em class="replaceable"><code>config-file</code></em> should be
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein an absolute pathname.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Debugging traces from <span><strong class="command">named</strong></span> become
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington more verbose as the debug level increases.
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<dt><span class="term">-E <em class="replaceable"><code>engine-name</code></em></span></dt>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington Use a crypto hardware (OpenSSL engine) for the crypto operations
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington it supports, for instance re-signing with private keys from
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington a secure key store. When compiled with PKCS#11 support
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington <em class="replaceable"><code>engine-name</code></em>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington defaults to pkcs11, the empty name resets it to no engine.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Run the server in the foreground (i.e. do not daemonize).
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington Run the server in the foreground and force all logging
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Turn on memory usage debugging flags. Possible flags are
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <em class="replaceable"><code>usage</code></em>,
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington <em class="replaceable"><code>trace</code></em>,
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington <em class="replaceable"><code>record</code></em>,
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews <em class="replaceable"><code>size</code></em>, and
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews <em class="replaceable"><code>mctx</code></em>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein These correspond to the ISC_MEM_DEBUGXXXX flags described in
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <code class="filename"><isc/mem.h></code>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Create <em class="replaceable"><code>#cpus</code></em> worker threads
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews to take advantage of multiple CPUs. If not specified,
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews <span><strong class="command">named</strong></span> will try to determine the
50105afc551903541608b11851d73278b23579a3Mark Andrews number of CPUs present and create one thread per CPU.
50105afc551903541608b11851d73278b23579a3Mark Andrews If it is unable to determine the number of CPUs, a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein single worker thread will be created.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Listen for queries on port <em class="replaceable"><code>port</code></em>. If not
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein specified, the default is port 53.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Write memory usage statistics to <code class="filename">stdout</code> on exit.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein This option is mainly of interest to BIND 9 developers
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington and may be removed or changed in a future release.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Allow <span><strong class="command">named</strong></span> to use up to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <em class="replaceable"><code>#max-socks</code></em> sockets.
bf7f253e306d0ced8ae24d7a0598773950da11f4Mark Andrews<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington This option should be unnecessary for the vast majority
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein The use of this option could even be harmful because the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein specified value may exceed the limitation of the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein underlying system API.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein It is therefore set only when the default configuration
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein causes exhaustion of file descriptors and the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein operational environment is known to support the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein specified number of sockets.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Note also that the actual maximum number is normally a little
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein fewer than the specified value because
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <span><strong class="command">named</strong></span> reserves some file descriptors
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein for its internal use.
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein to <em class="replaceable"><code>directory</code></em> after
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein processing the command line arguments, but before
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein reading the configuration file.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein This option should be used in conjunction with the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <code class="option">-u</code> option, as chrooting a process
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington running as root doesn't enhance security on most
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington systems; the way <code class="function">chroot(2)</code> is
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington defined allows a process with root privileges to
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington escape a chroot jail.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-U <em class="replaceable"><code>#listeners</code></em></span></dt>
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews Use <em class="replaceable"><code>#listeners</code></em>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein worker threads to listen for incoming UDP packets on each
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein address. If not specified, <span><strong class="command">named</strong></span> will
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington use all of the worker threads for this purpose; the
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington <code class="option">-U</code> option allows the number to be
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington decreased but not increased.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein to <em class="replaceable"><code>user</code></em> after completing
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein privileged operations, such as creating sockets that
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein listen on privileged ports.
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein On Linux, <span><strong class="command">named</strong></span> uses the kernel's
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein capability mechanism to drop all root privileges
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews except the ability to <code class="function">bind(2)</code> to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein privileged port and set process resource limits.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Unfortunately, this means that the <code class="option">-u</code>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein option only works when <span><strong class="command">named</strong></span> is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein later, since previous kernels did not allow privileges
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein to be retained after <code class="function">setuid(2)</code>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Report the version number and exit.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Report the version number and build options, and exit.
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<dt><span class="term">-x <em class="replaceable"><code>cache-file</code></em></span></dt>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews Load data from <em class="replaceable"><code>cache-file</code></em> into the
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews cache of the default view.
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews This option must not be used. It is only of interest
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews to BIND 9 developers and may be removed or changed in a
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews future release.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein In routine operation, signals should not be used to control
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein the nameserver; <span><strong class="command">rndc</strong></span> should be used
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Force a reload of the server.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">SIGINT, SIGTERM</span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Shut down the server.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein The result of sending any other signals to the server is undefined.
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington The <span><strong class="command">named</strong></span> configuration file is too complex
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington to describe in detail here. A complete description is provided
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein (file creation mode mask) from the parent process. If files
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington created by <span><strong class="command">named</strong></span>, such as journal files,
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington need to have custom permissions, the <code class="function">umask</code>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins should be set explicitly in the script used to start the
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins <span><strong class="command">named</strong></span> process.
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins The default configuration file.
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins<dt><span class="term"><code class="filename">/var/run/named/named.pid</code></span></dt>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins The default process-id file.
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins <span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>,
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins<p><span class="corpauthor">Internet Systems Consortium</span>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington<table width="100%" summary="Navigation footer">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<a accesskey="p" href="man.named-checkzone.html">Prev</a>�</td>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<td width="40%" align="right">�<a accesskey="n" href="man.named-journalprint.html">Next</a>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews<span class="application">named-checkzone</span>�</td>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews<td width="40%" align="right" valign="top">�<span class="application">named-journalprint</span>