man.named.html revision dba3c818ae00b10388d31703e86a28415db398ac
<!--
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id$ -->
<html>
<head>
<title>named</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
<table width="100%" summary="Navigation header">
<tr><th colspan="3" align="center"><span class="application">named</span></th></tr>
<tr>
<td width="20%" align="left">
<th width="60%" align="center">Manual pages</th>
</td>
</tr>
</table>
<hr>
</div>
<div class="refentry" lang="en">
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">named</span> — Internet domain name server</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2637859"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
information on the DNS, see RFCs 1033, 1034, and 1035.
</p>
<p>
When invoked without arguments, <span><strong class="command">named</strong></span>
will
read the default configuration file
data, and listen for queries.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2637890"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
Use IPv4 only even if the host machine is capable of IPv6.
<code class="option">-4</code> and <code class="option">-6</code> are mutually
exclusive.
</p></dd>
<dt><span class="term">-6</span></dt>
<dd><p>
Use IPv6 only even if the host machine is capable of IPv4.
<code class="option">-4</code> and <code class="option">-6</code> are mutually
exclusive.
</p></dd>
<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
<dd><p>
Use <em class="replaceable"><code>config-file</code></em> as the
configuration file instead of the default,
ensure that reloading the configuration file continues
to work after the server has changed its working
directory due to to a possible
<code class="option">directory</code> option in the configuration
file, <em class="replaceable"><code>config-file</code></em> should be
an absolute pathname.
</p></dd>
<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
<dd><p>
Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
Debugging traces from <span><strong class="command">named</strong></span> become
more verbose as the debug level increases.
</p></dd>
<dt><span class="term">-E <em class="replaceable"><code>engine-name</code></em></span></dt>
<dd><p>
Use a crypto hardware (OpenSSL engine) for the crypto operations
it supports, for instance re-signing with private keys from
a secure key store. When compiled with PKCS#11 support
<em class="replaceable"><code>engine-name</code></em>
defaults to pkcs11, the empty name resets it to no engine.
</p></dd>
<dt><span class="term">-f</span></dt>
<dd><p>
Run the server in the foreground (i.e. do not daemonize).
</p></dd>
<dt><span class="term">-g</span></dt>
<dd><p>
Run the server in the foreground and force all logging
to <code class="filename">stderr</code>.
</p></dd>
<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
<dd><p>
Turn on memory usage debugging flags. Possible flags are
<em class="replaceable"><code>usage</code></em>,
<em class="replaceable"><code>trace</code></em>,
<em class="replaceable"><code>record</code></em>,
<em class="replaceable"><code>size</code></em>, and
<em class="replaceable"><code>mctx</code></em>.
These correspond to the ISC_MEM_DEBUGXXXX flags described in
</p></dd>
<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
<dd><p>
Create <em class="replaceable"><code>#cpus</code></em> worker threads
to take advantage of multiple CPUs. If not specified,
<span><strong class="command">named</strong></span> will try to determine the
number of CPUs present and create one thread per CPU.
If it is unable to determine the number of CPUs, a
single worker thread will be created.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
<dd><p>
Listen for queries on port <em class="replaceable"><code>port</code></em>. If not
specified, the default is port 53.
</p></dd>
<dt><span class="term">-s</span></dt>
<dd>
<p>
Write memory usage statistics to <code class="filename">stdout</code> on exit.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
This option is mainly of interest to BIND 9 developers
and may be removed or changed in a future release.
</p>
</div>
</dd>
<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
<dd>
<p>
Allow <span><strong class="command">named</strong></span> to use up to
<em class="replaceable"><code>#max-socks</code></em> sockets.
</p>
<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Warning</h3>
<p>
This option should be unnecessary for the vast majority
of users.
The use of this option could even be harmful because the
specified value may exceed the limitation of the
underlying system API.
It is therefore set only when the default configuration
causes exhaustion of file descriptors and the
operational environment is known to support the
specified number of sockets.
Note also that the actual maximum number is normally a little
fewer than the specified value because
<span><strong class="command">named</strong></span> reserves some file descriptors
for its internal use.
</p>
</div>
</dd>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd>
<p>Chroot
to <em class="replaceable"><code>directory</code></em> after
processing the command line arguments, but before
reading the configuration file.
</p>
<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Warning</h3>
<p>
This option should be used in conjunction with the
<code class="option">-u</code> option, as chrooting a process
running as root doesn't enhance security on most
systems; the way <code class="function">chroot(2)</code> is
defined allows a process with root privileges to
escape a chroot jail.
</p>
</div>
</dd>
<dt><span class="term">-U <em class="replaceable"><code>#listeners</code></em></span></dt>
<dd><p>
Use <em class="replaceable"><code>#listeners</code></em>
worker threads to listen for incoming UDP packets on each
address. If not specified, <span><strong class="command">named</strong></span> will
use all of the worker threads for this purpose; the
<code class="option">-U</code> option allows the number to be
decreased but not increased.
</p></dd>
<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
<dd>
<p>Setuid
to <em class="replaceable"><code>user</code></em> after completing
privileged operations, such as creating sockets that
listen on privileged ports.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
On Linux, <span><strong class="command">named</strong></span> uses the kernel's
capability mechanism to drop all root privileges
except the ability to <code class="function">bind(2)</code> to
a
privileged port and set process resource limits.
Unfortunately, this means that the <code class="option">-u</code>
option only works when <span><strong class="command">named</strong></span> is
run
on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
later, since previous kernels did not allow privileges
to be retained after <code class="function">setuid(2)</code>.
</p>
</div>
</dd>
<dt><span class="term">-v</span></dt>
<dd><p>
Report the version number and exit.
</p></dd>
<dt><span class="term">-V</span></dt>
<dd><p>
Report the version number and build options, and exit.
</p></dd>
<dt><span class="term">-x <em class="replaceable"><code>cache-file</code></em></span></dt>
<dd>
<p>
Load data from <em class="replaceable"><code>cache-file</code></em> into the
cache of the default view.
</p>
<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Warning</h3>
<p>
This option must not be used. It is only of interest
to BIND 9 developers and may be removed or changed in a
future release.
</p>
</div>
</dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2661480"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
instead.
</p>
<div class="variablelist"><dl>
<dt><span class="term">SIGHUP</span></dt>
<dd><p>
Force a reload of the server.
</p></dd>
<dt><span class="term">SIGINT, SIGTERM</span></dt>
<dd><p>
Shut down the server.
</p></dd>
</dl></div>
<p>
The result of sending any other signals to the server is undefined.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2661530"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
in the
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
<p>
<span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
(file creation mode mask) from the parent process. If files
created by <span><strong class="command">named</strong></span>, such as journal files,
need to have custom permissions, the <code class="function">umask</code>
should be set explicitly in the script used to start the
<span><strong class="command">named</strong></span> process.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2661579"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dd><p>
The default configuration file.
</p></dd>
<dd><p>
The default process-id file.
</p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2676846"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2676985"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">named-checkzone</span>�</td>
<td width="40%" align="right" valign="top">�<span class="application">named-journalprint</span>
</td>
</tr>
</table>
</div>
</body>
</html>