man.named.html revision cd791043c8a6edbcacc2392575a9816d19b8157c
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith - Copyright (C) 2000-2003 Internet Software Consortium.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith - Permission to use, copy, modify, and/or distribute this software for any
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith - purpose with or without fee is hereby granted, provided that the above
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith - copyright notice and this permission notice appear in all copies.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith - PERFORMANCE OF THIS SOFTWARE.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<!-- $Id$ -->
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<link rel="prev" href="man.named-checkzone.html" title="named-checkzone">
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<link rel="next" href="man.named-journalprint.html" title="named-journalprint">
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
b0cfaf8e62a833866fd861fe7ff60747ba997be0Luke Smith<tr><th colspan="3" align="center"><span class="application">named</span></th></tr>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<a accesskey="p" href="man.named-checkzone.html">Prev</a>�</td>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<td width="20%" align="right">�<a accesskey="n" href="man.named-journalprint.html">Next</a>
80c2303f32a65a670907dba765dfde42dc319087Luke Smith<a name="man.named"></a><div class="titlepage"></div>
80c2303f32a65a670907dba765dfde42dc319087Luke Smith<p><span class="application">named</span> — Internet domain name server</p>
80c2303f32a65a670907dba765dfde42dc319087Luke Smith<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
80c2303f32a65a670907dba765dfde42dc319087Luke Smith<p><span><strong class="command">named</strong></span>
80c2303f32a65a670907dba765dfde42dc319087Luke Smith is a Domain Name System (DNS) server,
80c2303f32a65a670907dba765dfde42dc319087Luke Smith part of the BIND 9 distribution from ISC. For more
80c2303f32a65a670907dba765dfde42dc319087Luke Smith information on the DNS, see RFCs 1033, 1034, and 1035.
80c2303f32a65a670907dba765dfde42dc319087Luke Smith When invoked without arguments, <span><strong class="command">named</strong></span>
80c2303f32a65a670907dba765dfde42dc319087Luke Smith read the default configuration file
80c2303f32a65a670907dba765dfde42dc319087Luke Smith <code class="filename">/etc/named.conf</code>, read any initial
80c2303f32a65a670907dba765dfde42dc319087Luke Smith data, and listen for queries.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Use IPv4 only even if the host machine is capable of IPv6.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <code class="option">-4</code> and <code class="option">-6</code> are mutually
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Use IPv6 only even if the host machine is capable of IPv4.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <code class="option">-4</code> and <code class="option">-6</code> are mutually
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Use <em class="replaceable"><code>config-file</code></em> as the
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith configuration file instead of the default,
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <code class="filename">/etc/named.conf</code>. To
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith ensure that reloading the configuration file continues
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith to work after the server has changed its working
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith directory due to to a possible
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <code class="option">directory</code> option in the configuration
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith file, <em class="replaceable"><code>config-file</code></em> should be
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith an absolute pathname.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Debugging traces from <span><strong class="command">named</strong></span> become
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith more verbose as the debug level increases.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term">-E <em class="replaceable"><code>engine-name</code></em></span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Use a crypto hardware (OpenSSL engine) for the crypto operations
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith it supports, for instance re-signing with private keys from
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith a secure key store. When compiled with PKCS#11 support
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <em class="replaceable"><code>engine-name</code></em>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith defaults to pkcs11, the empty name resets it to no engine.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Run the server in the foreground (i.e. do not daemonize).
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Run the server in the foreground and force all logging
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Turn on memory usage debugging flags. Possible flags are
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <em class="replaceable"><code>record</code></em>,
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <em class="replaceable"><code>size</code></em>, and
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith These correspond to the ISC_MEM_DEBUGXXXX flags described in
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Create <em class="replaceable"><code>#cpus</code></em> worker threads
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith to take advantage of multiple CPUs. If not specified,
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <span><strong class="command">named</strong></span> will try to determine the
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith number of CPUs present and create one thread per CPU.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith If it is unable to determine the number of CPUs, a
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith single worker thread will be created.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Listen for queries on port <em class="replaceable"><code>port</code></em>. If not
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith specified, the default is port 53.
481402e2c2b8e4d633d9c023579d0250205ccc8eLuke Smith Write memory usage statistics to <code class="filename">stdout</code> on exit.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith This option is mainly of interest to BIND 9 developers
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith and may be removed or changed in a future release.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Allow <span><strong class="command">named</strong></span> to use up to
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <em class="replaceable"><code>#max-socks</code></em> sockets.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
e98c881d5075aeee5eaaecb155d7a70c3035b300Luke Smith This option should be unnecessary for the vast majority
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith The use of this option could even be harmful because the
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith specified value may exceed the limitation of the
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith underlying system API.
e98c881d5075aeee5eaaecb155d7a70c3035b300Luke Smith It is therefore set only when the default configuration
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith causes exhaustion of file descriptors and the
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith operational environment is known to support the
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith specified number of sockets.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Note also that the actual maximum number is normally a little
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith fewer than the specified value because
e98c881d5075aeee5eaaecb155d7a70c3035b300Luke Smith <span><strong class="command">named</strong></span> reserves some file descriptors
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith for its internal use.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith to <em class="replaceable"><code>directory</code></em> after
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith processing the command line arguments, but before
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith reading the configuration file.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith This option should be used in conjunction with the
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <code class="option">-u</code> option, as chrooting a process
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith running as root doesn't enhance security on most
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith systems; the way <code class="function">chroot(2)</code> is
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith defined allows a process with root privileges to
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith escape a chroot jail.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term">-U <em class="replaceable"><code>#listeners</code></em></span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Use <em class="replaceable"><code>#listeners</code></em>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith worker threads to listen for incoming UDP packets on each
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith address. If not specified, <span><strong class="command">named</strong></span> will
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith use all of the worker threads for this purpose; the
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <code class="option">-U</code> option allows the number to be
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith decreased but not increased.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith to <em class="replaceable"><code>user</code></em> after completing
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith privileged operations, such as creating sockets that
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith listen on privileged ports.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith On Linux, <span><strong class="command">named</strong></span> uses the kernel's
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith capability mechanism to drop all root privileges
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith except the ability to <code class="function">bind(2)</code> to
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith privileged port and set process resource limits.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Unfortunately, this means that the <code class="option">-u</code>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith option only works when <span><strong class="command">named</strong></span> is
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith later, since previous kernels did not allow privileges
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith to be retained after <code class="function">setuid(2)</code>.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Report the version number and exit.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Report the version number and build options, and exit.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term">-x <em class="replaceable"><code>cache-file</code></em></span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Load data from <em class="replaceable"><code>cache-file</code></em> into the
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith cache of the default view.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith This option must not be used. It is only of interest
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith to BIND 9 developers and may be removed or changed in a
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith future release.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith In routine operation, signals should not be used to control
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith the nameserver; <span><strong class="command">rndc</strong></span> should be used
e98c881d5075aeee5eaaecb155d7a70c3035b300Luke Smith Force a reload of the server.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term">SIGINT, SIGTERM</span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith Shut down the server.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith The result of sending any other signals to the server is undefined.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith The <span><strong class="command">named</strong></span> configuration file is too complex
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith to describe in detail here. A complete description is provided
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith (file creation mode mask) from the parent process. If files
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith created by <span><strong class="command">named</strong></span>, such as journal files,
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith need to have custom permissions, the <code class="function">umask</code>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith should be set explicitly in the script used to start the
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <span><strong class="command">named</strong></span> process.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith The default configuration file.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<dt><span class="term"><code class="filename">/var/run/named/named.pid</code></span></dt>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith The default process-id file.
e98c881d5075aeee5eaaecb155d7a70c3035b300Luke Smith <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
e98c881d5075aeee5eaaecb155d7a70c3035b300Luke Smith <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>,
e98c881d5075aeee5eaaecb155d7a70c3035b300Luke Smith <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<p><span class="corpauthor">Internet Systems Consortium</span>
e98c881d5075aeee5eaaecb155d7a70c3035b300Luke Smith<a accesskey="p" href="man.named-checkzone.html">Prev</a>�</td>
e98c881d5075aeee5eaaecb155d7a70c3035b300Luke Smith<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
a9322fe09a9ab78373155a607fc8b0d1b8f903e9Luke Smith<td width="40%" align="right">�<a accesskey="n" href="man.named-journalprint.html">Next</a>
e98c881d5075aeee5eaaecb155d7a70c3035b300Luke Smith<span class="application">named-checkzone</span>�</td>
e98c881d5075aeee5eaaecb155d7a70c3035b300Luke Smith<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
e98c881d5075aeee5eaaecb155d7a70c3035b300Luke Smith<td width="40%" align="right" valign="top">�<span class="application">named-journalprint</span>