man.named.html revision 5002bd49e8716be88945d6779202f5b34e435413
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
fd9abdda70912b99b24e3bf1a38f26fde908a74cnd - Copyright (C) 2000-2003 Internet Software Consortium.
fd9abdda70912b99b24e3bf1a38f26fde908a74cnd - Permission to use, copy, modify, and/or distribute this software for any
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl - purpose with or without fee is hereby granted, provided that the above
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl - copyright notice and this permission notice appear in all copies.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
96ad5d81ee4a2cc66a4ae19893efc8aa6d06fae7jailletc - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
2e545ce2450a9953665f701bb05350f0d3f26275nd - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - PERFORMANCE OF THIS SOFTWARE.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<!-- $Id$ -->
3f08db06526d6901aa08c110b5bc7dde6bc39905nd<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
3f08db06526d6901aa08c110b5bc7dde6bc39905nd<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<link rel="prev" href="man.named-checkzone.html" title="named-checkzone">
253547fb9cc7986e84ff68aef076f664fc4169dctakashi<link rel="next" href="man.named-journalprint.html" title="named-journalprint">
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<tr><th colspan="3" align="center"><span class="application">named</span></th></tr>
a92ed1dc978b8a21f85d67024c3de804c78ce801noodl<a accesskey="p" href="man.named-checkzone.html">Prev</a>�</td>
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<td width="20%" align="right">�<a accesskey="n" href="man.named-journalprint.html">Next</a>
1c28b8f24d373dfe800f9d99b9eea20fd05c1376rjung<p><span class="application">named</span> — Internet domain name server</p>
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-D <em class="replaceable"><code>string</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-L <em class="replaceable"><code>logfile</code></em></code>] [<code class="option">-M <em class="replaceable"><code>option</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>lock-file</code></em></code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
316f02e3836836c82e19019ff23f90a7ebc65289nilgun<p><span><strong class="command">named</strong></span>
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl is a Domain Name System (DNS) server,
1c28b8f24d373dfe800f9d99b9eea20fd05c1376rjung part of the BIND 9 distribution from ISC. For more
1c28b8f24d373dfe800f9d99b9eea20fd05c1376rjung information on the DNS, see RFCs 1033, 1034, and 1035.
1c28b8f24d373dfe800f9d99b9eea20fd05c1376rjung When invoked without arguments, <span><strong class="command">named</strong></span>
1c28b8f24d373dfe800f9d99b9eea20fd05c1376rjung read the default configuration file
1c28b8f24d373dfe800f9d99b9eea20fd05c1376rjung <code class="filename">/etc/named.conf</code>, read any initial
1c28b8f24d373dfe800f9d99b9eea20fd05c1376rjung data, and listen for queries.
1c28b8f24d373dfe800f9d99b9eea20fd05c1376rjung Use IPv4 only even if the host machine is capable of IPv6.
1c28b8f24d373dfe800f9d99b9eea20fd05c1376rjung <code class="option">-4</code> and <code class="option">-6</code> are mutually
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl Use IPv6 only even if the host machine is capable of IPv4.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl <code class="option">-4</code> and <code class="option">-6</code> are mutually
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf exclusive.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl Use <em class="replaceable"><code>config-file</code></em> as the
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf configuration file instead of the default,
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl ensure that reloading the configuration file continues
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl to work after the server has changed its working
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl directory due to to a possible
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf <code class="option">directory</code> option in the configuration
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl file, <em class="replaceable"><code>config-file</code></em> should be
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf an absolute pathname.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl Debugging traces from <span><strong class="command">named</strong></span> become
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf more verbose as the debug level increases.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<dt><span class="term">-D <em class="replaceable"><code>string</code></em></span></dt>
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl Specifies a string that is used to identify a instance of
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl <span><strong class="command">named</strong></span> in a process listing. The contents
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl of <em class="replaceable"><code>string</code></em> are
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl not examined.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<dt><span class="term">-E <em class="replaceable"><code>engine-name</code></em></span></dt>
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl When applicable, specifies the hardware to use for
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl cryptographic operations, such as a secure key store used
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl for signing.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl When BIND is built with OpenSSL PKCS#11 support, this defaults
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf to the string "pkcs11", which identifies an OpenSSL engine
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl that can drive a cryptographic accelerator or hardware service
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl module. When BIND is built with native PKCS#11 cryptography
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl (--enable-native-pkcs11), it defaults to the path of the PKCS#11
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl provider library specified via "--with-pkcs11".
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl Run the server in the foreground (i.e. do not daemonize).
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl Run the server in the foreground and force all logging
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<dt><span class="term">-L <em class="replaceable"><code>logfile</code></em></span></dt>
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl Log to the file <code class="option">logfile</code> by default
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl instead of the system log.
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf<dt><span class="term">-M <em class="replaceable"><code>option</code></em></span></dt>
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl Sets the default memory context options. Currently
1f5c891e2da26b6b787e429aa71d9c899cc26dfcnoodl the only supported option is
1f5c891e2da26b6b787e429aa71d9c899cc26dfcnoodl which causes the internal memory manager to be bypassed
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf in favor of system-provided memory allocation functions.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl Turn on memory usage debugging flags. Possible flags are
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl These correspond to the ISC_MEM_DEBUGXXXX flags described in
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf Create <em class="replaceable"><code>#cpus</code></em> worker threads
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl to take advantage of multiple CPUs. If not specified,
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl <span><strong class="command">named</strong></span> will try to determine the
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl number of CPUs present and create one thread per CPU.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl If it is unable to determine the number of CPUs, a
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl single worker thread will be created.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl Listen for queries on port <em class="replaceable"><code>port</code></em>. If not
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf specified, the default is port 53.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl Write memory usage statistics to <code class="filename">stdout</code> on exit.
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
a92ed1dc978b8a21f85d67024c3de804c78ce801noodl This option is mainly of interest to BIND 9 developers
1f5c891e2da26b6b787e429aa71d9c899cc26dfcnoodl and may be removed or changed in a future release.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl Allow <span><strong class="command">named</strong></span> to use up to
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf <em class="replaceable"><code>#max-socks</code></em> sockets.
1f5c891e2da26b6b787e429aa71d9c899cc26dfcnoodl The default value is 4096 on systems built with default
a92ed1dc978b8a21f85d67024c3de804c78ce801noodl configuration options, and 21000 on systems built with
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl "configure --with-tuning=large".
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl This option should be unnecessary for the vast majority
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl The use of this option could even be harmful because the
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf specified value may exceed the limitation of the
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl underlying system API.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl It is therefore set only when the default configuration
1ac39787115a288f5e848344b1b1e8dccb1c58f1nd causes exhaustion of file descriptors and the
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl operational environment is known to support the
1ac39787115a288f5e848344b1b1e8dccb1c58f1nd specified number of sockets.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl Note also that the actual maximum number is normally a little
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl fewer than the specified value because
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl <span><strong class="command">named</strong></span> reserves some file descriptors
1f5c891e2da26b6b787e429aa71d9c899cc26dfcnoodl for its internal use.
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl to <em class="replaceable"><code>directory</code></em> after
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl processing the command line arguments, but before
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl reading the configuration file.
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
1f5c891e2da26b6b787e429aa71d9c899cc26dfcnoodl This option should be used in conjunction with the
1f5c891e2da26b6b787e429aa71d9c899cc26dfcnoodl <code class="option">-u</code> option, as chrooting a process
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf running as root doesn't enhance security on most
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl systems; the way <code class="function">chroot(2)</code> is
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl defined allows a process with root privileges to
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl escape a chroot jail.
0d0ba3a410038e179b695446bb149cce6264e0abnd<dt><span class="term">-U <em class="replaceable"><code>#listeners</code></em></span></dt>
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh Use <em class="replaceable"><code>#listeners</code></em>
0d0ba3a410038e179b695446bb149cce6264e0abnd worker threads to listen for incoming UDP packets on each
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh address. If not specified, <span><strong class="command">named</strong></span> will
727872d18412fc021f03969b8641810d8896820bhumbedooh calculate a default value based on the number of detected
0d0ba3a410038e179b695446bb149cce6264e0abnd CPUs: 1 for 1 CPU, 2 for 2-4 CPUs, and the number of
0d0ba3a410038e179b695446bb149cce6264e0abnd detected CPUs divided by 2 for values higher than 4.
0d0ba3a410038e179b695446bb149cce6264e0abnd If <code class="option">-n</code> has been set to a higher value than
ac082aefa89416cbdc9a1836eaf3bed9698201c8humbedooh the number of detected CPUs, then <code class="option">-U</code> may
0d0ba3a410038e179b695446bb149cce6264e0abnd be increased as high as that value, but no higher.
0d0ba3a410038e179b695446bb149cce6264e0abnd<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
0d0ba3a410038e179b695446bb149cce6264e0abnd to <em class="replaceable"><code>user</code></em> after completing
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh privileged operations, such as creating sockets that
205f749042ed530040a4f0080dbcb47ceae8a374rjung listen on privileged ports.
0d0ba3a410038e179b695446bb149cce6264e0abnd<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd On Linux, <span><strong class="command">named</strong></span> uses the kernel's
e6ecf842cd6b826f0f0c3ce4415c054ed61581efnoodl capability mechanism to drop all root privileges