man.named.html revision 163af735c2082a024167be111d27bd5b5ff4f462
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<!--
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher - Copyright (C) 2000-2003 Internet Software Consortium.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher -
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher - Permission to use, copy, modify, and/or distribute this software for any
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher - purpose with or without fee is hereby granted, provided that the above
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher - copyright notice and this permission notice appear in all copies.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher -
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher - PERFORMANCE OF THIS SOFTWARE.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher-->
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<!-- $Id: man.named.html,v 1.132 2009/08/27 01:14:39 tbox Exp $ -->
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<html>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<head>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<title>named</title>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<link rel="prev" href="man.named-checkzone.html" title="named-checkzone">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<link rel="next" href="man.nsupdate.html" title="nsupdate">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</head>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="navheader">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<table width="100%" summary="Navigation header">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<tr><th colspan="3" align="center"><span class="application">named</span></th></tr>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<tr>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<td width="20%" align="left">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<a accesskey="p" href="man.named-checkzone.html">Prev</a>�</td>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<th width="60%" align="center">Manual pages</th>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<td width="20%" align="right">�<a accesskey="n" href="man.nsupdate.html">Next</a>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</td>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</tr>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</table>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<hr>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="refentry" lang="en">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<a name="man.named"></a><div class="titlepage"></div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="refnamediv">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<h2>Name</h2>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p><span class="application">named</span> &#8212; Internet domain name server</p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="refsynopsisdiv">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<h2>Synopsis</h2>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="refsect1" lang="en">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<a name="id2612583"></a><h2>DESCRIPTION</h2>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p><span><strong class="command">named</strong></span>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher is a Domain Name System (DNS) server,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher part of the BIND 9 distribution from ISC. For more
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher information on the DNS, see RFCs 1033, 1034, and 1035.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher When invoked without arguments, <span><strong class="command">named</strong></span>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher will
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher read the default configuration file
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <code class="filename">/etc/named.conf</code>, read any initial
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher data, and listen for queries.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="refsect1" lang="en">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<a name="id2612614"></a><h2>OPTIONS</h2>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="variablelist"><dl>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-4</span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Use IPv4 only even if the host machine is capable of IPv6.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <code class="option">-4</code> and <code class="option">-6</code> are mutually
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher exclusive.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-6</span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Use IPv6 only even if the host machine is capable of IPv4.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <code class="option">-4</code> and <code class="option">-6</code> are mutually
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher exclusive.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Use <em class="replaceable"><code>config-file</code></em> as the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher configuration file instead of the default,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <code class="filename">/etc/named.conf</code>. To
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher ensure that reloading the configuration file continues
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher to work after the server has changed its working
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher directory due to to a possible
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <code class="option">directory</code> option in the configuration
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher file, <em class="replaceable"><code>config-file</code></em> should be
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher an absolute pathname.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Debugging traces from <span><strong class="command">named</strong></span> become
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher more verbose as the debug level increases.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-f</span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Run the server in the foreground (i.e. do not daemonize).
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-g</span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Run the server in the foreground and force all logging
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher to <code class="filename">stderr</code>.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Turn on memory usage debugging flags. Possible flags are
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <em class="replaceable"><code>usage</code></em>,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <em class="replaceable"><code>trace</code></em>,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <em class="replaceable"><code>record</code></em>,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <em class="replaceable"><code>size</code></em>, and
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <em class="replaceable"><code>mctx</code></em>.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher These correspond to the ISC_MEM_DEBUGXXXX flags described in
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <code class="filename">&lt;isc/mem.h&gt;</code>.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Create <em class="replaceable"><code>#cpus</code></em> worker threads
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher to take advantage of multiple CPUs. If not specified,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <span><strong class="command">named</strong></span> will try to determine the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher number of CPUs present and create one thread per CPU.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher If it is unable to determine the number of CPUs, a
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher single worker thread will be created.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Listen for queries on port <em class="replaceable"><code>port</code></em>. If not
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher specified, the default is port 53.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-s</span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Write memory usage statistics to <code class="filename">stdout</code> on exit.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<h3 class="title">Note</h3>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher This option is mainly of interest to BIND 9 developers
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher and may be removed or changed in a future release.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Allow <span><strong class="command">named</strong></span> to use up to
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <em class="replaceable"><code>#max-socks</code></em> sockets.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<h3 class="title">Warning</h3>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher This option should be unnecessary for the vast majority
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher of users.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher The use of this option could even be harmful because the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher specified value may exceed the limitation of the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher underlying system API.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher It is therefore set only when the default configuration
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher causes exhaustion of file descriptors and the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher operational environment is known to support the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher specified number of sockets.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Note also that the actual maximum number is normally a little
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher fewer than the specified value because
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <span><strong class="command">named</strong></span> reserves some file descriptors
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher for its internal use.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>Chroot
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher to <em class="replaceable"><code>directory</code></em> after
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher processing the command line arguments, but before
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher reading the configuration file.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<h3 class="title">Warning</h3>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher This option should be used in conjunction with the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <code class="option">-u</code> option, as chrooting a process
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher running as root doesn't enhance security on most
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher systems; the way <code class="function">chroot(2)</code> is
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher defined allows a process with root privileges to
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher escape a chroot jail.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>Setuid
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher to <em class="replaceable"><code>user</code></em> after completing
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher privileged operations, such as creating sockets that
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher listen on privileged ports.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<h3 class="title">Note</h3>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher On Linux, <span><strong class="command">named</strong></span> uses the kernel's
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher capability mechanism to drop all root privileges
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher except the ability to <code class="function">bind(2)</code> to
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher a
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher privileged port and set process resource limits.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Unfortunately, this means that the <code class="option">-u</code>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher option only works when <span><strong class="command">named</strong></span> is
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher run
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher later, since previous kernels did not allow privileges
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher to be retained after <code class="function">setuid(2)</code>.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-v</span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Report the version number and exit.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-V</span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Report the version number and build options, and exit.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">-x <em class="replaceable"><code>cache-file</code></em></span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Load data from <em class="replaceable"><code>cache-file</code></em> into the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher cache of the default view.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<h3 class="title">Warning</h3>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher This option must not be used. It is only of interest
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher to BIND 9 developers and may be removed or changed in a
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher future release.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</dl></div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="refsect1" lang="en">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<a name="id2625365"></a><h2>SIGNALS</h2>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher In routine operation, signals should not be used to control
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher the nameserver; <span><strong class="command">rndc</strong></span> should be used
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher instead.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="variablelist"><dl>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">SIGHUP</span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Force a reload of the server.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term">SIGINT, SIGTERM</span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Shut down the server.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</dl></div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher The result of sending any other signals to the server is undefined.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="refsect1" lang="en">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<a name="id2655316"></a><h2>CONFIGURATION</h2>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher The <span><strong class="command">named</strong></span> configuration file is too complex
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher to describe in detail here. A complete description is provided
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher in the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher (file creation mode mask) from the parent process. If files
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher created by <span><strong class="command">named</strong></span>, such as journal files,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher need to have custom permissions, the <code class="function">umask</code>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher should be set explicitly in the script used to start the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <span><strong class="command">named</strong></span> process.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="refsect1" lang="en">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<a name="id2655365"></a><h2>FILES</h2>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="variablelist"><dl>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher The default configuration file.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dt><span class="term"><code class="filename">/var/run/named/named.pid</code></span></dt>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<dd><p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher The default process-id file.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p></dd>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</dl></div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="refsect1" lang="en">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<a name="id2655409"></a><h2>SEE ALSO</h2>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p><em class="citetitle">RFC 1033</em>,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <em class="citetitle">RFC 1034</em>,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <em class="citetitle">RFC 1035</em>,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="refsect1" lang="en">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<a name="id2663671"></a><h2>AUTHOR</h2>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<p><span class="corpauthor">Internet Systems Consortium</span>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher </p>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<div class="navfooter">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<hr>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<table width="100%" summary="Navigation footer">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<tr>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<td width="40%" align="left">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<a accesskey="p" href="man.named-checkzone.html">Prev</a>�</td>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<td width="40%" align="right">�<a accesskey="n" href="man.nsupdate.html">Next</a>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</td>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</tr>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<tr>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<td width="40%" align="left" valign="top">
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<span class="application">named-checkzone</span>�</td>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher<td width="40%" align="right" valign="top">�<span class="application">nsupdate</span>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</td>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</tr>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</table>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</div>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</body>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher</html>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher