man.named.html revision 7c6b9b263898daf28d657f65dbd75c330ca4aa13
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
71cef386fae61275b03e203825680b39fedaa8c6Tinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Permission to use, copy, modify, and/or distribute this software for any
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - purpose with or without fee is hereby granted, provided that the above
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - copyright notice and this permission notice appear in all copies.
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User - PERFORMANCE OF THIS SOFTWARE.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<!-- $Id: man.named.html,v 1.170 2010/07/10 01:14:20 tbox Exp $ -->
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="prev" href="man.named-checkzone.html" title="named-checkzone">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="next" href="man.named-journalprint.html" title="named-journalprint">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<table width="100%" summary="Navigation header">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr><th colspan="3" align="center"><span class="application">named</span></th></tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a accesskey="p" href="man.named-checkzone.html">Prev</a>�</td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<th width="60%" align="center">Manual pages</th>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="20%" align="right">�<a accesskey="n" href="man.named-journalprint.html">Next</a>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="man.named"></a><div class="titlepage"></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><span class="application">named</span> — Internet domain name server</p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><span><strong class="command">named</strong></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User is a Domain Name System (DNS) server,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User part of the BIND 9 distribution from ISC. For more
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User information on the DNS, see RFCs 1033, 1034, and 1035.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User When invoked without arguments, <span><strong class="command">named</strong></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User read the default configuration file
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="filename">/etc/named.conf</code>, read any initial
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User data, and listen for queries.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Use IPv4 only even if the host machine is capable of IPv6.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="option">-4</code> and <code class="option">-6</code> are mutually
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Use IPv6 only even if the host machine is capable of IPv4.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="option">-4</code> and <code class="option">-6</code> are mutually
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Use <em class="replaceable"><code>config-file</code></em> as the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User configuration file instead of the default,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="filename">/etc/named.conf</code>. To
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User ensure that reloading the configuration file continues
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User to work after the server has changed its working
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User directory due to to a possible
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="option">directory</code> option in the configuration
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User file, <em class="replaceable"><code>config-file</code></em> should be
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User an absolute pathname.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Debugging traces from <span><strong class="command">named</strong></span> become
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User more verbose as the debug level increases.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-E <em class="replaceable"><code>engine-name</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Use a crypto hardware (OpenSSL engine) for the crypto operations
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User it supports, for instance re-signing with private keys from
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User a secure key store. When compiled with PKCS#11 support
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <em class="replaceable"><code>engine-name</code></em>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User defaults to pkcs11, the empty name resets it to no engine.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Run the server in the foreground (i.e. do not daemonize).
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User Run the server in the foreground and force all logging
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Turn on memory usage debugging flags. Possible flags are
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <em class="replaceable"><code>usage</code></em>,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <em class="replaceable"><code>trace</code></em>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <em class="replaceable"><code>record</code></em>,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <em class="replaceable"><code>size</code></em>, and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews These correspond to the ISC_MEM_DEBUGXXXX flags described in
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <code class="filename"><isc/mem.h></code>.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Create <em class="replaceable"><code>#cpus</code></em> worker threads
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt to take advantage of multiple CPUs. If not specified,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <span><strong class="command">named</strong></span> will try to determine the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User number of CPUs present and create one thread per CPU.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User If it is unable to determine the number of CPUs, a
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User single worker thread will be created.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Listen for queries on port <em class="replaceable"><code>port</code></em>. If not
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews specified, the default is port 53.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Write memory usage statistics to <code class="filename">stdout</code> on exit.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User This option is mainly of interest to BIND 9 developers
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User and may be removed or changed in a future release.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Allow <span><strong class="command">named</strong></span> to use up to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <em class="replaceable"><code>#max-socks</code></em> sockets.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User This option should be unnecessary for the vast majority
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The use of this option could even be harmful because the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User specified value may exceed the limitation of the
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User underlying system API.
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User It is therefore set only when the default configuration
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User causes exhaustion of file descriptors and the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User operational environment is known to support the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User specified number of sockets.
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User Note also that the actual maximum number is normally a little
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User fewer than the specified value because
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">named</strong></span> reserves some file descriptors
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User for its internal use.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
9fbbfb5757a1e3e86d7dea62c4e63ffc2303ca2bAutomatic Updater to <em class="replaceable"><code>directory</code></em> after
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User processing the command line arguments, but before
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User reading the configuration file.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt This option should be used in conjunction with the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">-u</code> option, as chrooting a process
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt running as root doesn't enhance security on most
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt systems; the way <code class="function">chroot(2)</code> is
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt defined allows a process with root privileges to
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews escape a chroot jail.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User to <em class="replaceable"><code>user</code></em> after completing
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt privileged operations, such as creating sockets that
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews listen on privileged ports.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt On Linux, <span><strong class="command">named</strong></span> uses the kernel's
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews capability mechanism to drop all root privileges
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews except the ability to <code class="function">bind(2)</code> to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt privileged port and set process resource limits.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Unfortunately, this means that the <code class="option">-u</code>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews option only works when <span><strong class="command">named</strong></span> is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt later, since previous kernels did not allow privileges
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt to be retained after <code class="function">setuid(2)</code>.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Report the version number and exit.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Report the version number and build options, and exit.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-x <em class="replaceable"><code>cache-file</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Load data from <em class="replaceable"><code>cache-file</code></em> into the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews cache of the default view.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews This option must not be used. It is only of interest
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews to BIND 9 developers and may be removed or changed in a
72938578c985138165e7a4b0a38f16daacbad95eAutomatic Updater future release.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt In routine operation, signals should not be used to control
dba3c818ae00b10388d31703e86a28415db398acTinderbox User the nameserver; <span><strong class="command">rndc</strong></span> should be used
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Force a reload of the server.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Shut down the server.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The result of sending any other signals to the server is undefined.
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox User<a name="id2637098"></a><h2>CONFIGURATION</h2>
0e1dece22e128f9dfa723316a35c4b3f06912381Tinderbox User The <span><strong class="command">named</strong></span> configuration file is too complex
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt to describe in detail here. A complete description is provided
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User (file creation mode mask) from the parent process. If files
43b94483957d3168796a816ed86cf097518817dcTinderbox User created by <span><strong class="command">named</strong></span>, such as journal files,
dba3c818ae00b10388d31703e86a28415db398acTinderbox User need to have custom permissions, the <code class="function">umask</code>
dba3c818ae00b10388d31703e86a28415db398acTinderbox User should be set explicitly in the script used to start the
dba3c818ae00b10388d31703e86a28415db398acTinderbox User <span><strong class="command">named</strong></span> process.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The default configuration file.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term"><code class="filename">/var/run/named/named.pid</code></span></dt>
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews The default process-id file.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><span class="corpauthor">Internet Systems Consortium</span>
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark Andrews<table width="100%" summary="Navigation footer">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a accesskey="p" href="man.named-checkzone.html">Prev</a>�</td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updater<td width="40%" align="right">�<a accesskey="n" href="man.named-journalprint.html">Next</a>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<span class="application">named-checkzone</span>�</td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td width="40%" align="right" valign="top">�<span class="application">named-journalprint</span>