man.named.html revision ea94d370123a5892f6c47a97f21d1b28d44bb168
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb - Copyright (C) 2000-2003 Internet Software Consortium.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb - Permission to use, copy, modify, and/or distribute this software for any
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb - purpose with or without fee is hereby granted, provided that the above
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb - copyright notice and this permission notice appear in all copies.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb - PERFORMANCE OF THIS SOFTWARE.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<!-- $Id$ -->
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<link rel="prev" href="man.named-checkzone.html" title="named-checkzone">
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<link rel="next" href="man.named-journalprint.html" title="named-journalprint">
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<tr><th colspan="3" align="center"><span class="application">named</span></th></tr>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<a accesskey="p" href="man.named-checkzone.html">Prev</a>�</td>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<td width="20%" align="right">�<a accesskey="n" href="man.named-journalprint.html">Next</a>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<p><span class="application">named</span> — Internet domain name server</p>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb is a Domain Name System (DNS) server,
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb part of the BIND 9 distribution from ISC. For more
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb information on the DNS, see RFCs 1033, 1034, and 1035.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb When invoked without arguments, <span><strong class="command">named</strong></span>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb read the default configuration file
e33a549ef7ad9ce23f4719d91de915e9ecedaecfgstein <code class="filename">/etc/named.conf</code>, read any initial
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb data, and listen for queries.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Use IPv4 only even if the host machine is capable of IPv6.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <code class="option">-4</code> and <code class="option">-6</code> are mutually
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb exclusive.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Use IPv6 only even if the host machine is capable of IPv4.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <code class="option">-4</code> and <code class="option">-6</code> are mutually
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb exclusive.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Use <em class="replaceable"><code>config-file</code></em> as the
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb configuration file instead of the default,
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb ensure that reloading the configuration file continues
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb to work after the server has changed its working
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb directory due to to a possible
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <code class="option">directory</code> option in the configuration
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb file, <em class="replaceable"><code>config-file</code></em> should be
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb an absolute pathname.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Debugging traces from <span><strong class="command">named</strong></span> become
e33a549ef7ad9ce23f4719d91de915e9ecedaecfgstein more verbose as the debug level increases.
e33a549ef7ad9ce23f4719d91de915e9ecedaecfgstein<dt><span class="term">-E <em class="replaceable"><code>engine-name</code></em></span></dt>
e33a549ef7ad9ce23f4719d91de915e9ecedaecfgstein Use a crypto hardware (OpenSSL engine) for the crypto operations
e33a549ef7ad9ce23f4719d91de915e9ecedaecfgstein it supports, for instance re-signing with private keys from
e33a549ef7ad9ce23f4719d91de915e9ecedaecfgstein a secure key store. When compiled with PKCS#11 support
e33a549ef7ad9ce23f4719d91de915e9ecedaecfgstein <em class="replaceable"><code>engine-name</code></em>
e33a549ef7ad9ce23f4719d91de915e9ecedaecfgstein defaults to pkcs11, the empty name resets it to no engine.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Run the server in the foreground (i.e. do not daemonize).
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Run the server in the foreground and force all logging
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Turn on memory usage debugging flags. Possible flags are
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb These correspond to the ISC_MEM_DEBUGXXXX flags described in
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Create <em class="replaceable"><code>#cpus</code></em> worker threads
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb to take advantage of multiple CPUs. If not specified,
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <span><strong class="command">named</strong></span> will try to determine the
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb number of CPUs present and create one thread per CPU.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb If it is unable to determine the number of CPUs, a
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb single worker thread will be created.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Listen for queries on port <em class="replaceable"><code>port</code></em>. If not
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb specified, the default is port 53.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Write memory usage statistics to <code class="filename">stdout</code> on exit.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb This option is mainly of interest to BIND 9 developers
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb and may be removed or changed in a future release.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Allow <span><strong class="command">named</strong></span> to use up to
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <em class="replaceable"><code>#max-socks</code></em> sockets.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb This option should be unnecessary for the vast majority
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb The use of this option could even be harmful because the
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb specified value may exceed the limitation of the
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb underlying system API.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb It is therefore set only when the default configuration
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb causes exhaustion of file descriptors and the
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb operational environment is known to support the
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb specified number of sockets.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Note also that the actual maximum number is normally a little
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb fewer than the specified value because
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <span><strong class="command">named</strong></span> reserves some file descriptors
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb for its internal use.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb to <em class="replaceable"><code>directory</code></em> after
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb processing the command line arguments, but before
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb reading the configuration file.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb This option should be used in conjunction with the
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <code class="option">-u</code> option, as chrooting a process
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb running as root doesn't enhance security on most
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb systems; the way <code class="function">chroot(2)</code> is
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb defined allows a process with root privileges to
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb escape a chroot jail.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<dt><span class="term">-U <em class="replaceable"><code>#listeners</code></em></span></dt>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Use <em class="replaceable"><code>#listeners</code></em>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb worker threads to listen for incoming UDP packets on each
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb address. If not specified, <span><strong class="command">named</strong></span> will
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb use all of the worker threads for this purpose; the
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <code class="option">-U</code> option allows the number to be
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb decreased but not increased.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb to <em class="replaceable"><code>user</code></em> after completing
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb privileged operations, such as creating sockets that
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb listen on privileged ports.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb On Linux, <span><strong class="command">named</strong></span> uses the kernel's
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb capability mechanism to drop all root privileges
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb except the ability to <code class="function">bind(2)</code> to
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb privileged port and set process resource limits.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Unfortunately, this means that the <code class="option">-u</code>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb option only works when <span><strong class="command">named</strong></span> is
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb later, since previous kernels did not allow privileges
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb to be retained after <code class="function">setuid(2)</code>.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Report the version number and exit.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Report the version number and build options, and exit.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<dt><span class="term">-x <em class="replaceable"><code>cache-file</code></em></span></dt>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Load data from <em class="replaceable"><code>cache-file</code></em> into the
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb cache of the default view.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb This option must not be used. It is only of interest
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb to BIND 9 developers and may be removed or changed in a
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb future release.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb In routine operation, signals should not be used to control
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb the nameserver; <span><strong class="command">rndc</strong></span> should be used
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Force a reload of the server.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb Shut down the server.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb The result of sending any other signals to the server is undefined.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb The <span><strong class="command">named</strong></span> configuration file is too complex
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb to describe in detail here. A complete description is provided
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb (file creation mode mask) from the parent process. If files
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb created by <span><strong class="command">named</strong></span>, such as journal files,
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb need to have custom permissions, the <code class="function">umask</code>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb should be set explicitly in the script used to start the
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <span><strong class="command">named</strong></span> process.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb The default configuration file.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<dt><span class="term"><code class="filename">/var/run/named/named.pid</code></span></dt>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb The default process-id file.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>,
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<p><span class="corpauthor">Internet Systems Consortium</span>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<a accesskey="p" href="man.named-checkzone.html">Prev</a>�</td>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<td width="40%" align="right">�<a accesskey="n" href="man.named-journalprint.html">Next</a>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<td width="40%" align="right" valign="top">�<span class="application">named-journalprint</span>