363N/A - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") 363N/A - Copyright (C) 2000-2003 Internet Software Consortium. 363N/A - Permission to use, copy, modify, and/or distribute this software for any 363N/A - purpose with or without fee is hereby granted, provided that the above 363N/A - copyright notice and this permission notice appear in all copies. 363N/A - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 363N/A - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 363N/A - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 363N/A - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 363N/A - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 363N/A - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 363N/A - PERFORMANCE OF THIS SOFTWARE. 363N/A<
meta http-
equiv="Content-Type" content="text/html; charset=ISO-8859-1">
5680N/A<
meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
5371N/A<
link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
797N/A<
body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
797N/A<
table width="100%" summary="Navigation header">
797N/A<
tr><
th colspan="3" align="center"><
span class="application">named</
span></
th></
tr>
5912N/A<
td width="20%" align="left">
797N/A<
th width="60%" align="center">Manual pages</
th>
797N/A<
div class="refentry" lang="en">
363N/A<
div class="refnamediv">
2899N/A<
p><
span class="application">named</
span> — Internet domain name server</
p>
4368N/A<
div class="refsynopsisdiv">
4368N/A<
div class="cmdsynopsis"><
p><
code class="command">named</
code> [<
code class="option">-4</
code>] [<
code class="option">-6</
code>] [<
code class="option">-c <
em class="replaceable"><
code>config-file</
code></
em></
code>] [<
code class="option">-d <
em class="replaceable"><
code>debug-level</
code></
em></
code>] [<
code class="option">-E <
em class="replaceable"><
code>engine-name</
code></
em></
code>] [<
code class="option">-f</
code>] [<
code class="option">-g</
code>] [<
code class="option">-m <
em class="replaceable"><
code>flag</
code></
em></
code>] [<
code class="option">-n <
em class="replaceable"><
code>#cpus</
code></
em></
code>] [<
code class="option">-p <
em class="replaceable"><
code>port</
code></
em></
code>] [<
code class="option">-s</
code>] [<
code class="option">-S <
em class="replaceable"><
code>#max-socks</
code></
em></
code>] [<
code class="option">-t <
em class="replaceable"><
code>directory</
code></
em></
code>] [<
code class="option">-u <
em class="replaceable"><
code>user</
code></
em></
code>] [<
code class="option">-v</
code>] [<
code class="option">-V</
code>] [<
code class="option">-x <
em class="replaceable"><
code>cache-file</
code></
em></
code>]</
p></
div>
4368N/A<
div class="refsect1" lang="en">
4368N/A<
a name="id2614152"></
a><
h2>DESCRIPTION</
h2>
3817N/A<
p><
span><
strong class="command">named</
strong></
span>
3817N/A is a Domain Name System (DNS) server,
3817N/A part of the BIND 9 distribution from ISC. For more
3817N/A information on the DNS, see RFCs 1033, 1034, and 1035.
1845N/A When invoked without arguments, <
span><
strong class="command">named</
strong></
span>
1845N/A read the default configuration file
797N/A data, and listen for queries.
363N/A<
div class="refsect1" lang="en">
363N/A<
a name="id2614183"></
a><
h2>OPTIONS</
h2>
363N/A<
div class="variablelist"><
dl>
5123N/A<
dt><
span class="term">-4</
span></
dt>
5123N/A Use IPv4 only even if the host machine is capable of IPv6.
5123N/A <
code class="option">-4</
code> and <
code class="option">-6</
code> are mutually
777N/A<
dt><
span class="term">-6</
span></
dt>
777N/A Use IPv6 only even if the host machine is capable of IPv4.
777N/A <
code class="option">-4</
code> and <
code class="option">-6</
code> are mutually
363N/A<
dt><
span class="term">-c <
em class="replaceable"><
code>config-file</
code></
em></
span></
dt>
363N/A Use <
em class="replaceable"><
code>config-file</
code></
em> as the
363N/A configuration file instead of the default,
363N/A ensure that reloading the configuration file continues
363N/A to work after the server has changed its working
363N/A directory due to to a possible
363N/A <
code class="option">directory</
code> option in the configuration
363N/A file, <
em class="replaceable"><
code>config-file</
code></
em> should be
363N/A<
dt><
span class="term">-d <
em class="replaceable"><
code>debug-level</
code></
em></
span></
dt>
363N/A Set the daemon's debug level to <
em class="replaceable"><
code>debug-level</
code></
em>.
363N/A Debugging traces from <
span><
strong class="command">named</
strong></
span> become
6017N/A more verbose as the debug level increases.
363N/A<
dt><
span class="term">-E <
em class="replaceable"><
code>engine-name</
code></
em></
span></
dt>
363N/A Use a crypto hardware (OpenSSL engine) for the crypto operations
363N/A it supports, for instance re-signing with private keys from
363N/A a secure key store. When compiled with PKCS#11 support
363N/A <
em class="replaceable"><
code>engine-name</
code></
em>
363N/A defaults to pkcs11, the empty name resets it to no engine.
363N/A<
dt><
span class="term">-f</
span></
dt>
363N/A Run the server in the foreground (
i.e. do not daemonize).
363N/A<
dt><
span class="term">-g</
span></
dt>
4371N/A Run the server in the foreground and force all logging
5912N/A to <
code class="filename">stderr</
code>.
4371N/A<
dt><
span class="term">-m <
em class="replaceable"><
code>flag</
code></
em></
span></
dt>
363N/A Turn on memory usage debugging flags. Possible flags are
363N/A <
em class="replaceable"><
code>usage</
code></
em>,
363N/A <
em class="replaceable"><
code>trace</
code></
em>,
363N/A <
em class="replaceable"><
code>record</
code></
em>,
1426N/A <
em class="replaceable"><
code>size</
code></
em>, and
797N/A <
em class="replaceable"><
code>mctx</
code></
em>.
797N/A These correspond to the ISC_MEM_DEBUGXXXX flags described in
363N/A<
dt><
span class="term">-n <
em class="replaceable"><
code>#cpus</
code></
em></
span></
dt>
363N/A Create <
em class="replaceable"><
code>#cpus</
code></
em> worker threads
363N/A to take advantage of multiple CPUs. If not specified,
363N/A <
span><
strong class="command">named</
strong></
span> will try to determine the
363N/A number of CPUs present and create one thread per CPU.
363N/A If it is unable to determine the number of CPUs, a
797N/A single worker thread will be created.
797N/A<
dt><
span class="term">-p <
em class="replaceable"><
code>port</
code></
em></
span></
dt>
797N/A Listen for queries on port <
em class="replaceable"><
code>port</
code></
em>. If not
797N/A specified, the default is port 53.
797N/A<
dt><
span class="term">-s</
span></
dt>
797N/A Write memory usage statistics to <
code class="filename">stdout</
code> on exit.
797N/A<
div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
797N/A<
h3 class="title">Note</
h3>
797N/A This option is mainly of interest to BIND 9 developers
797N/A and may be removed or changed in a future release.
797N/A<
dt><
span class="term">-S <
em class="replaceable"><
code>#max-socks</
code></
em></
span></
dt>
797N/A Allow <
span><
strong class="command">named</
strong></
span> to use up to
797N/A <
em class="replaceable"><
code>#max-socks</
code></
em> sockets.
797N/A<
div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
797N/A<
h3 class="title">Warning</
h3>
797N/A This option should be unnecessary for the vast majority
363N/A The use of this option could even be harmful because the
363N/A specified value may exceed the limitation of the
363N/A It is therefore set only when the default configuration
363N/A causes exhaustion of file descriptors and the
363N/A operational environment is known to support the
797N/A specified number of sockets.
797N/A Note also that the actual maximum number is normally a little
797N/A fewer than the specified value because
363N/A <
span><
strong class="command">named</
strong></
span> reserves some file descriptors
363N/A<
dt><
span class="term">-t <
em class="replaceable"><
code>directory</
code></
em></
span></
dt>
363N/A to <
em class="replaceable"><
code>directory</
code></
em> after
363N/A processing the command line arguments, but before
363N/A reading the configuration file.
797N/A<
div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
797N/A<
h3 class="title">Warning</
h3>
997N/A This option should be used in conjunction with the
2041N/A <
code class="option">-u</
code> option, as chrooting a process
4820N/A running as root doesn't enhance security on most
797N/A systems; the way <
code class="function">chroot(2)</
code> is
1951N/A defined allows a process with root privileges to
797N/A<
dt><
span class="term">-u <
em class="replaceable"><
code>user</
code></
em></
span></
dt>
3477N/A to <
em class="replaceable"><
code>user</
code></
em> after completing
3477N/A privileged operations, such as creating sockets that
363N/A listen on privileged ports.
797N/A<
div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
797N/A<
h3 class="title">Note</
h3>
1761N/A On Linux, <
span><
strong class="command">named</
strong></
span> uses the kernel's
1761N/A capability mechanism to drop all root privileges
1426N/A except the ability to <
code class="function">bind(2)</
code> to
1426N/A privileged port and set process resource limits.
1426N/A Unfortunately, this means that the <
code class="option">-u</
code>
1426N/A option only works when <
span><
strong class="command">named</
strong></
span> is
1426N/A on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
1426N/A later, since previous kernels did not allow privileges
1426N/A to be retained after <
code class="function">setuid(2)</
code>.
1426N/A<
dt><
span class="term">-v</
span></
dt>
1426N/A Report the version number and exit.
1426N/A<
dt><
span class="term">-V</
span></
dt>
1426N/A Report the version number and build options, and exit.
1426N/A<
dt><
span class="term">-x <
em class="replaceable"><
code>cache-file</
code></
em></
span></
dt>
1426N/A Load data from <
em class="replaceable"><
code>cache-file</
code></
em> into the
1426N/A<
div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
1426N/A<
h3 class="title">Warning</
h3>
1426N/A This option must not be used. It is only of interest
1426N/A to BIND 9 developers and may be removed or changed in a
1426N/A<
div class="refsect1" lang="en">
1426N/A<
a name="id2635285"></
a><
h2>SIGNALS</
h2>
4820N/A In routine operation, signals should not be used to control
1426N/A the nameserver; <
span><
strong class="command">rndc</
strong></
span> should be used
1426N/A<
div class="variablelist"><
dl>
1426N/A<
dt><
span class="term">SIGHUP</
span></
dt>
1426N/A Force a reload of the server.
1426N/A<
dt><
span class="term">SIGINT, SIGTERM</
span></
dt>
1426N/A The result of sending any other signals to the server is undefined.
1426N/A<
div class="refsect1" lang="en">
1426N/A<
a name="id2635335"></
a><
h2>CONFIGURATION</
h2>
1426N/A The <
span><
strong class="command">named</
strong></
span> configuration file is too complex
1426N/A to describe in detail here. A complete description is provided
1426N/A <
em class="citetitle">BIND 9 Administrator Reference Manual</
em>.
1426N/A <
span><
strong class="command">named</
strong></
span> inherits the <
code class="function">umask</
code>
1426N/A (file creation mode mask) from the parent process. If files
797N/A created by <
span><
strong class="command">named</
strong></
span>, such as journal files,
797N/A need to have custom permissions, the <
code class="function">umask</
code>
797N/A should be set explicitly in the script used to start the
797N/A <
span><
strong class="command">named</
strong></
span> process.
797N/A<
div class="refsect1" lang="en">
797N/A<
a name="id2635384"></
a><
h2>FILES</
h2>
797N/A<
div class="variablelist"><
dl>
797N/A The default configuration file.
1426N/A The default process-id file.
797N/A<
div class="refsect1" lang="en">
797N/A<
a name="id2635428"></
a><
h2>SEE ALSO</
h2>
797N/A<
p><
em class="citetitle">RFC 1033</
em>,
797N/A <
em class="citetitle">RFC 1034</
em>,
797N/A <
em class="citetitle">RFC 1035</
em>,
797N/A <
span class="citerefentry"><
span class="refentrytitle">named-checkconf</
span>(8)</
span>,
797N/A <
span class="citerefentry"><
span class="refentrytitle">named-checkzone</
span>(8)</
span>,
797N/A <
span class="citerefentry"><
span class="refentrytitle">rndc</
span>(8)</
span>,
797N/A <
span class="citerefentry"><
span class="refentrytitle">lwresd</
span>(8)</
span>,
797N/A <
span class="citerefentry"><
span class="refentrytitle">
named.conf</
span>(5)</
span>,
1426N/A <
em class="citetitle">BIND 9 Administrator Reference Manual</
em>.
1426N/A<
div class="refsect1" lang="en">
1426N/A<
a name="id2669632"></
a><
h2>AUTHOR</
h2>
1426N/A<
p><
span class="corpauthor">Internet Systems Consortium</
span>
797N/A<
table width="100%" summary="Navigation footer">
1426N/A<
td width="40%" align="left">
4820N/A<
td width="40%" align="left" valign="top">
4820N/A<
span class="application">named-checkzone</
span>�</
td>
1426N/A<
td width="40%" align="right" valign="top">�<
span class="application">nsupdate</
span>