man.named.html revision 6100dfd774ab9b4040b6f348ef1de01bc902ae07
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence - Copyright (C) 2000-2003 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Permission to use, copy, modify, and/or distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - purpose with or without fee is hereby granted, provided that the above
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff - copyright notice and this permission notice appear in all copies.
70e5a7403f0e0a3bd292b8287c5fed5772c15270Automatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein - PERFORMANCE OF THIS SOFTWARE.
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<!-- $Id: man.named.html,v 1.197 2011/05/18 01:14:42 tbox Exp $ -->
2bdfb330af70122f9ca5aae2556a112a3010e9efMark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<link rel="prev" href="man.named-checkzone.html" title="named-checkzone">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<link rel="next" href="man.named-journalprint.html" title="named-journalprint">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
2bdfb330af70122f9ca5aae2556a112a3010e9efMark Andrews<tr><th colspan="3" align="center"><span class="application">named</span></th></tr>
2bdfb330af70122f9ca5aae2556a112a3010e9efMark Andrews<a accesskey="p" href="man.named-checkzone.html">Prev</a>�</td>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<td width="20%" align="right">�<a accesskey="n" href="man.named-journalprint.html">Next</a>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<a name="man.named"></a><div class="titlepage"></div>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<p><span class="application">named</span> — Internet domain name server</p>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<p><span><strong class="command">named</strong></span>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein is a Domain Name System (DNS) server,
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein part of the BIND 9 distribution from ISC. For more
2bdfb330af70122f9ca5aae2556a112a3010e9efMark Andrews information on the DNS, see RFCs 1033, 1034, and 1035.
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein When invoked without arguments, <span><strong class="command">named</strong></span>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein read the default configuration file
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein <code class="filename">/etc/named.conf</code>, read any initial
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein data, and listen for queries.
2bdfb330af70122f9ca5aae2556a112a3010e9efMark Andrews Use IPv4 only even if the host machine is capable of IPv6.
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein <code class="option">-4</code> and <code class="option">-6</code> are mutually
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein Use IPv6 only even if the host machine is capable of IPv4.
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein <code class="option">-4</code> and <code class="option">-6</code> are mutually
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein Use <em class="replaceable"><code>config-file</code></em> as the
2bdfb330af70122f9ca5aae2556a112a3010e9efMark Andrews configuration file instead of the default,
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein <code class="filename">/etc/named.conf</code>. To
2bdfb330af70122f9ca5aae2556a112a3010e9efMark Andrews ensure that reloading the configuration file continues
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein to work after the server has changed its working
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein directory due to to a possible
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence <code class="option">directory</code> option in the configuration
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff file, <em class="replaceable"><code>config-file</code></em> should be
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff an absolute pathname.
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff Debugging traces from <span><strong class="command">named</strong></span> become
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff more verbose as the debug level increases.
8cd870e3f5e3db9808a4a0d6f98db3d1a5348e40Michael Graff<dt><span class="term">-E <em class="replaceable"><code>engine-name</code></em></span></dt>
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff Use a crypto hardware (OpenSSL engine) for the crypto operations
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff it supports, for instance re-signing with private keys from
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff a secure key store. When compiled with PKCS#11 support
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein <em class="replaceable"><code>engine-name</code></em>
b81306ccd14066cb7378f7f74bbf3843b5a88985Michael Graff defaults to pkcs11, the empty name resets it to no engine.
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff Run the server in the foreground (i.e. do not daemonize).
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff Run the server in the foreground and force all logging
c05e003dce672b2f8555a3e56857f29ce89c1677Michael Graff<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff Turn on memory usage debugging flags. Possible flags are
7a166c5c61a5aaa6eeb929bed152dc0a6b128e3dMichael Graff <em class="replaceable"><code>usage</code></em>,
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff <em class="replaceable"><code>trace</code></em>,
c05e003dce672b2f8555a3e56857f29ce89c1677Michael Graff <em class="replaceable"><code>record</code></em>,
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff <em class="replaceable"><code>size</code></em>, and
8cd870e3f5e3db9808a4a0d6f98db3d1a5348e40Michael Graff <em class="replaceable"><code>mctx</code></em>.
8cd870e3f5e3db9808a4a0d6f98db3d1a5348e40Michael Graff These correspond to the ISC_MEM_DEBUGXXXX flags described in
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename"><isc/mem.h></code>.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
58ff88cca7c169f7fbebc9b6e93bbba1fb345157Michael Graff Create <em class="replaceable"><code>#cpus</code></em> worker threads
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff to take advantage of multiple CPUs. If not specified,
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff <span><strong class="command">named</strong></span> will try to determine the
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff number of CPUs present and create one thread per CPU.
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff If it is unable to determine the number of CPUs, a
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff single worker thread will be created.
8cd870e3f5e3db9808a4a0d6f98db3d1a5348e40Michael Graff<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff Listen for queries on port <em class="replaceable"><code>port</code></em>. If not
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff specified, the default is port 53.
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff Write memory usage statistics to <code class="filename">stdout</code> on exit.
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff This option is mainly of interest to BIND 9 developers
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff and may be removed or changed in a future release.
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein Allow <span><strong class="command">named</strong></span> to use up to
b81306ccd14066cb7378f7f74bbf3843b5a88985Michael Graff <em class="replaceable"><code>#max-socks</code></em> sockets.
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff This option should be unnecessary for the vast majority
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff The use of this option could even be harmful because the
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff specified value may exceed the limitation of the
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff underlying system API.
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff It is therefore set only when the default configuration
c05e003dce672b2f8555a3e56857f29ce89c1677Michael Graff causes exhaustion of file descriptors and the
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff operational environment is known to support the
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff specified number of sockets.
7a166c5c61a5aaa6eeb929bed152dc0a6b128e3dMichael Graff Note also that the actual maximum number is normally a little
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff fewer than the specified value because
c05e003dce672b2f8555a3e56857f29ce89c1677Michael Graff <span><strong class="command">named</strong></span> reserves some file descriptors
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff for its internal use.
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
58ff88cca7c169f7fbebc9b6e93bbba1fb345157Michael Graff to <em class="replaceable"><code>directory</code></em> after
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff processing the command line arguments, but before
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff reading the configuration file.
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff This option should be used in conjunction with the
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff <code class="option">-u</code> option, as chrooting a process
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff running as root doesn't enhance security on most
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff systems; the way <code class="function">chroot(2)</code> is
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff defined allows a process with root privileges to
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff escape a chroot jail.
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff to <em class="replaceable"><code>user</code></em> after completing
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff privileged operations, such as creating sockets that
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff listen on privileged ports.
8cd870e3f5e3db9808a4a0d6f98db3d1a5348e40Michael Graff<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein On Linux, <span><strong class="command">named</strong></span> uses the kernel's
b81306ccd14066cb7378f7f74bbf3843b5a88985Michael Graff capability mechanism to drop all root privileges
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff except the ability to <code class="function">bind(2)</code> to
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff privileged port and set process resource limits.
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff Unfortunately, this means that the <code class="option">-u</code>
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff option only works when <span><strong class="command">named</strong></span> is
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff later, since previous kernels did not allow privileges
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff to be retained after <code class="function">setuid(2)</code>.
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff Report the version number and exit.
7a166c5c61a5aaa6eeb929bed152dc0a6b128e3dMichael Graff Report the version number and build options, and exit.
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff<dt><span class="term">-x <em class="replaceable"><code>cache-file</code></em></span></dt>
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff Load data from <em class="replaceable"><code>cache-file</code></em> into the
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff cache of the default view.
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
28dff2287e42c8b83eda2abb95667b4596dc994bMichael Graff This option must not be used. It is only of interest
28dff2287e42c8b83eda2abb95667b4596dc994bMichael Graff to BIND 9 developers and may be removed or changed in a
28dff2287e42c8b83eda2abb95667b4596dc994bMichael Graff future release.
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff In routine operation, signals should not be used to control
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff the nameserver; <span><strong class="command">rndc</strong></span> should be used
b81306ccd14066cb7378f7f74bbf3843b5a88985Michael Graff Force a reload of the server.
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff<dt><span class="term">SIGINT, SIGTERM</span></dt>
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff Shut down the server.
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff The result of sending any other signals to the server is undefined.
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff The <span><strong class="command">named</strong></span> configuration file is too complex
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff to describe in detail here. A complete description is provided
8cd870e3f5e3db9808a4a0d6f98db3d1a5348e40Michael Graff <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
8cd870e3f5e3db9808a4a0d6f98db3d1a5348e40Michael Graff <span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff (file creation mode mask) from the parent process. If files
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff created by <span><strong class="command">named</strong></span>, such as journal files,
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff need to have custom permissions, the <code class="function">umask</code>
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff should be set explicitly in the script used to start the
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff <span><strong class="command">named</strong></span> process.
28dff2287e42c8b83eda2abb95667b4596dc994bMichael Graff<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
031ce3bc62d273c5bd99596e01aa95c7ed33bbd7Brian Wellington The default configuration file.
28dff2287e42c8b83eda2abb95667b4596dc994bMichael Graff<dt><span class="term"><code class="filename">/var/run/named/named.pid</code></span></dt>
658db10162f779c8a5ed4e40c77111a7e18492beMichael Graff The default process-id file.
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff <span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>,
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff<p><span class="corpauthor">Internet Systems Consortium</span>
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff<a accesskey="p" href="man.named-checkzone.html">Prev</a>�</td>
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff<td width="40%" align="right">�<a accesskey="n" href="man.named-journalprint.html">Next</a>
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff<span class="application">named-checkzone</span>�</td>
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
64bed6c54393c2d213db83e9b171fb7c318cfc8eMichael Graff<td width="40%" align="right" valign="top">�<span class="application">named-journalprint</span>