bind/doc/man/named.8in

.\" Man page generated from reStructuredText.
.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "NAMED" "8" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
.SH NAME
named \- Internet domain name server
.SH SYNOPSIS
.sp
\fBnamed\fP [ [\fB\-4\fP] | [\fB\-6\fP] ] [\fB\-c\fP config\-file] [\fB\-C\fP] [\fB\-d\fP debug\-level] [\fB\-D\fP string] [\fB\-E\fP engine\-name] [\fB\-f\fP] [\fB\-g\fP] [\fB\-L\fP logfile] [\fB\-M\fP option] [\fB\-m\fP flag] [\fB\-n\fP #cpus] [\fB\-p\fP port] [\fB\-s\fP] [\fB\-t\fP directory] [\fB\-U\fP #listeners] [\fB\-u\fP user] [\fB\-v\fP] [\fB\-V\fP] [\fB\-X\fP lock\-file]
.SH DESCRIPTION
.sp
\fBnamed\fP is a Domain Name System (DNS) server, part of the BIND 9
distribution from ISC. For more information on the DNS, see \fI\%RFC 1033\fP,
\fI\%RFC 1034\fP, and \fI\%RFC 1035\fP\&.
.sp
When invoked without arguments, \fBnamed\fP reads the default
configuration file \fB@sysconfdir@/named.conf\fP, reads any initial data, and
listens for queries.
.SH OPTIONS
.INDENT 0.0
.TP
.B \-4
This option tells \fBnamed\fP to use only IPv4, even if the host machine is capable of IPv6. \fI\%\-4\fP and
\fI\%\-6\fP are mutually exclusive.
.UNINDENT
.INDENT 0.0
.TP
.B \-6
This option tells \fBnamed\fP to use only IPv6, even if the host machine is capable of IPv4. \fI\%\-4\fP and
\fI\%\-6\fP are mutually exclusive.
.UNINDENT
.INDENT 0.0
.TP
.B \-c config\-file
This option tells \fBnamed\fP to use \fBconfig\-file\fP as its configuration file instead of the default,
\fB@sysconfdir@/named.conf\fP\&. To ensure that the configuration file
can be reloaded after the server has changed its working directory
due to to a possible \fBdirectory\fP option in the configuration file,
\fBconfig\-file\fP should be an absolute pathname.
.UNINDENT
.INDENT 0.0
.TP
.B \-C
This option prints out the default built\-in configuration and exits.
.sp
NOTE: This is for debugging purposes only and is not an
accurate representation of the actual configuration used by \fI\%named\fP
at runtime.
.UNINDENT
.INDENT 0.0
.TP
.B \-d debug\-level
This option sets the daemon\(aqs debug level to \fBdebug\-level\fP\&. Debugging traces from
\fBnamed\fP become more verbose as the debug level increases.
.UNINDENT
.INDENT 0.0
.TP
.B \-D string
This option specifies a string that is used to identify a instance of \fBnamed\fP
in a process listing. The contents of \fBstring\fP are not examined.
.UNINDENT
.INDENT 0.0
.TP
.B \-E engine\-name
When applicable, this option specifies the hardware to use for cryptographic
operations, such as a secure key store used for signing.
.sp
When BIND 9 is built with OpenSSL, this needs to be set to the OpenSSL
engine identifier that drives the cryptographic accelerator or
hardware service module (usually \fBpkcs11\fP).
.UNINDENT
.INDENT 0.0
.TP
.B \-f
This option runs the server in the foreground (i.e., do not daemonize).
.UNINDENT
.INDENT 0.0
.TP
.B \-g
This option runs the server in the foreground and forces all logging to \fBstderr\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.B \-L logfile
This option sets the log to the file \fBlogfile\fP by default, instead of the system log.
.UNINDENT
.INDENT 0.0
.TP
.B \-M option
This option sets the default memory context options. If set to \fBexternal\fP,
the internal memory manager is bypassed in favor of
system\-provided memory allocation functions. If set to \fBfill\fP, blocks
of memory are filled with tag values when allocated or freed, to
assist debugging of memory problems. \fBnofill\fP disables this behavior,
and is the default unless \fBnamed\fP has been compiled with developer
options.
.UNINDENT
.INDENT 0.0
.TP
.B \-m flag
This option turns on memory usage debugging flags. Possible flags are \fBusage\fP,
\fBtrace\fP, \fBrecord\fP, \fBsize\fP, and \fBmctx\fP\&. These correspond to the
\fBISC_MEM_DEBUGXXXX\fP flags described in \fB<isc/mem.h>\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.B \-n #cpus
This option creates \fB#cpus\fP worker threads to take advantage of multiple CPUs. If
not specified, \fBnamed\fP tries to determine the number of CPUs
present and creates one thread per CPU. If it is unable to determine
the number of CPUs, a single worker thread is created.
.UNINDENT
.INDENT 0.0
.TP
.B \-p value
This option specifies the port(s) on which the server will listen
for queries. If \fBvalue\fP is of the form \fB<portnum>\fP or
\fBdns=<portnum>\fP, the server will listen for DNS queries on
\fBportnum\fP; if not not specified, the default is port 53. If
\fBvalue\fP is of the form \fBtls=<portnum>\fP, the server will
listen for TLS queries on \fBportnum\fP; the default is 853.
If \fBvalue\fP is of the form \fBhttps=<portnum>\fP, the server will
listen for HTTPS queries on \fBportnum\fP; the default is 443.
If \fBvalue\fP is of the form \fBhttp=<portnum>\fP, the server will
listen for HTTP queries on \fBportnum\fP; the default is 80.
.UNINDENT
.INDENT 0.0
.TP
.B \-s
This option writes memory usage statistics to \fBstdout\fP on exit.
.UNINDENT
.sp
\fBNOTE:\fP
.INDENT 0.0
.INDENT 3.5
This option is mainly of interest to BIND 9 developers and may be
removed or changed in a future release.
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
.B \-S #max\-socks
This option is deprecated and no longer has any function.
.UNINDENT
.sp
\fBWARNING:\fP
.INDENT 0.0
.INDENT 3.5
This option should be unnecessary for the vast majority of users.
The use of this option could even be harmful, because the specified
value may exceed the limitation of the underlying system API. It
is therefore set only when the default configuration causes
exhaustion of file descriptors and the operational environment is
known to support the specified number of sockets. Note also that
the actual maximum number is normally slightly fewer than the
specified value, because \fBnamed\fP reserves some file descriptors
for its internal use.
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
.B \-t directory
This option tells \fBnamed\fP to chroot to \fBdirectory\fP after processing the command\-line arguments, but
before reading the configuration file.
.UNINDENT
.sp
\fBWARNING:\fP
.INDENT 0.0
.INDENT 3.5
This option should be used in conjunction with the \fI\%\-u\fP option,
as chrooting a process running as root doesn\(aqt enhance security on
most systems; the way \fBchroot\fP is defined allows a process
with root privileges to escape a chroot jail.
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
.B \-U #listeners
This option tells \fBnamed\fP the number of \fB#listeners\fP worker threads to listen on, for incoming UDP packets on
each address. If not specified, \fBnamed\fP calculates a default
value based on the number of detected CPUs: 1 for 1 CPU, and the
number of detected CPUs minus one for machines with more than 1 CPU.
This cannot be increased to a value higher than the number of CPUs.
If \fI\%\-n\fP has been set to a higher value than the number of detected
CPUs, then \fI\%\-U\fP may be increased as high as that value, but no
higher.
.UNINDENT
.INDENT 0.0
.TP
.B \-u user
This option sets the setuid to \fBuser\fP after completing privileged operations, such as
creating sockets that listen on privileged ports.
.UNINDENT
.sp
\fBNOTE:\fP
.INDENT 0.0
.INDENT 3.5
On Linux, \fBnamed\fP uses the kernel\(aqs capability mechanism to drop
all root privileges except the ability to \fBbind\fP to a
privileged port and set process resource limits. Unfortunately,
this means that the \fI\%\-u\fP option only works when \fBnamed\fP is run
on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since
previous kernels did not allow privileges to be retained after
\fBsetuid\fP\&.
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
.B \-v
This option reports the version number and exits.
.UNINDENT
.INDENT 0.0
.TP
.B \-V
This option reports the version number and build options, and exits.
.UNINDENT
.INDENT 0.0
.TP
.B \-X lock\-file
This option acquires a lock on the specified file at runtime; this helps to
prevent duplicate \fBnamed\fP instances from running simultaneously.
Use of this option overrides the \fBlock\-file\fP option in
\fI\%named.conf\fP\&. If set to \fBnone\fP, the lock file check is disabled.
.UNINDENT
.SH SIGNALS
.sp
In routine operation, signals should not be used to control the
nameserver; \fI\%rndc\fP should be used instead.
.INDENT 0.0
.TP
.B SIGHUP
This signal forces a reload of the server.
.TP
.B SIGINT, SIGTERM
These signals shut down the server.
.UNINDENT
.sp
The result of sending any other signals to the server is undefined.
.SH CONFIGURATION
.sp
The \fBnamed\fP configuration file is too complex to describe in detail
here. A complete description is provided in the BIND 9 Administrator
Reference Manual.
.sp
\fBnamed\fP inherits the \fBumask\fP (file creation mode mask) from the
parent process. If files created by \fBnamed\fP, such as journal files,
need to have custom permissions, the \fBumask\fP should be set explicitly
in the script used to start the \fBnamed\fP process.
.SH FILES
.INDENT 0.0
.TP
.B \fB@sysconfdir@/named.conf\fP
The default configuration file.
.TP
.B \fB@runstatedir@/named.pid\fP
The default process\-id file.
.UNINDENT
.SH SEE ALSO
.sp
\fI\%RFC 1033\fP, \fI\%RFC 1034\fP, \fI\%RFC 1035\fP, \fI\%named\-checkconf(8)\fP, \fI\%named\-checkzone(8)\fP, \fI\%rndc(8)\fP, \fI\%named.conf(5)\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
2022, Internet Systems Consortium
.\" Generated by docutils manpage writer.
.