/contrib/bind9/bin/named/named.docbook

https://bitbucket.org/freebsd/freebsd-head/ · Unknown · 471 lines · 426 code · 45 blank · 0 comment · 0 complexity · ce8799a46343cce8c339120fa47421d8 MD5 · raw file

  1. <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
  2. "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
  3. [<!ENTITY mdash "&#8212;">]>
  4. <!--
  5. - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
  6. - Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
  7. -
  8. - Permission to use, copy, modify, and/or distribute this software for any
  9. - purpose with or without fee is hereby granted, provided that the above
  10. - copyright notice and this permission notice appear in all copies.
  11. -
  12. - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  13. - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  14. - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  15. - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  16. - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  17. - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  18. - PERFORMANCE OF THIS SOFTWARE.
  19. -->
  20. <!-- $Id: named.docbook,v 1.26 2009/10/05 17:30:49 fdupont Exp $ -->
  21. <refentry id="man.named">
  22. <refentryinfo>
  23. <date>May 21, 2009</date>
  24. </refentryinfo>
  25. <refmeta>
  26. <refentrytitle><application>named</application></refentrytitle>
  27. <manvolnum>8</manvolnum>
  28. <refmiscinfo>BIND9</refmiscinfo>
  29. </refmeta>
  30. <refnamediv>
  31. <refname><application>named</application></refname>
  32. <refpurpose>Internet domain name server</refpurpose>
  33. </refnamediv>
  34. <docinfo>
  35. <copyright>
  36. <year>2004</year>
  37. <year>2005</year>
  38. <year>2006</year>
  39. <year>2007</year>
  40. <year>2008</year>
  41. <year>2009</year>
  42. <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
  43. </copyright>
  44. <copyright>
  45. <year>2000</year>
  46. <year>2001</year>
  47. <year>2003</year>
  48. <holder>Internet Software Consortium.</holder>
  49. </copyright>
  50. </docinfo>
  51. <refsynopsisdiv>
  52. <cmdsynopsis>
  53. <command>named</command>
  54. <arg><option>-4</option></arg>
  55. <arg><option>-6</option></arg>
  56. <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
  57. <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
  58. <arg><option>-E <replaceable class="parameter">engine-name</replaceable></option></arg>
  59. <arg><option>-f</option></arg>
  60. <arg><option>-g</option></arg>
  61. <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
  62. <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
  63. <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
  64. <arg><option>-s</option></arg>
  65. <arg><option>-S <replaceable class="parameter">#max-socks</replaceable></option></arg>
  66. <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
  67. <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
  68. <arg><option>-v</option></arg>
  69. <arg><option>-V</option></arg>
  70. <arg><option>-x <replaceable class="parameter">cache-file</replaceable></option></arg>
  71. </cmdsynopsis>
  72. </refsynopsisdiv>
  73. <refsect1>
  74. <title>DESCRIPTION</title>
  75. <para><command>named</command>
  76. is a Domain Name System (DNS) server,
  77. part of the BIND 9 distribution from ISC. For more
  78. information on the DNS, see RFCs 1033, 1034, and 1035.
  79. </para>
  80. <para>
  81. When invoked without arguments, <command>named</command>
  82. will
  83. read the default configuration file
  84. <filename>/etc/named.conf</filename>, read any initial
  85. data, and listen for queries.
  86. </para>
  87. </refsect1>
  88. <refsect1>
  89. <title>OPTIONS</title>
  90. <variablelist>
  91. <varlistentry>
  92. <term>-4</term>
  93. <listitem>
  94. <para>
  95. Use IPv4 only even if the host machine is capable of IPv6.
  96. <option>-4</option> and <option>-6</option> are mutually
  97. exclusive.
  98. </para>
  99. </listitem>
  100. </varlistentry>
  101. <varlistentry>
  102. <term>-6</term>
  103. <listitem>
  104. <para>
  105. Use IPv6 only even if the host machine is capable of IPv4.
  106. <option>-4</option> and <option>-6</option> are mutually
  107. exclusive.
  108. </para>
  109. </listitem>
  110. </varlistentry>
  111. <varlistentry>
  112. <term>-c <replaceable class="parameter">config-file</replaceable></term>
  113. <listitem>
  114. <para>
  115. Use <replaceable class="parameter">config-file</replaceable> as the
  116. configuration file instead of the default,
  117. <filename>/etc/named.conf</filename>. To
  118. ensure that reloading the configuration file continues
  119. to work after the server has changed its working
  120. directory due to to a possible
  121. <option>directory</option> option in the configuration
  122. file, <replaceable class="parameter">config-file</replaceable> should be
  123. an absolute pathname.
  124. </para>
  125. </listitem>
  126. </varlistentry>
  127. <varlistentry>
  128. <term>-d <replaceable class="parameter">debug-level</replaceable></term>
  129. <listitem>
  130. <para>
  131. Set the daemon's debug level to <replaceable class="parameter">debug-level</replaceable>.
  132. Debugging traces from <command>named</command> become
  133. more verbose as the debug level increases.
  134. </para>
  135. </listitem>
  136. </varlistentry>
  137. <varlistentry>
  138. <term>-E <replaceable class="parameter">engine-name</replaceable></term>
  139. <listitem>
  140. <para>
  141. Use a crypto hardware (OpenSSL engine) for the crypto operations
  142. it supports, for instance re-signing with private keys from
  143. a secure key store. When compiled with PKCS#11 support
  144. <replaceable class="parameter">engine-name</replaceable>
  145. defaults to pkcs11, the empty name resets it to no engine.
  146. </para>
  147. </listitem>
  148. </varlistentry>
  149. <varlistentry>
  150. <term>-f</term>
  151. <listitem>
  152. <para>
  153. Run the server in the foreground (i.e. do not daemonize).
  154. </para>
  155. </listitem>
  156. </varlistentry>
  157. <varlistentry>
  158. <term>-g</term>
  159. <listitem>
  160. <para>
  161. Run the server in the foreground and force all logging
  162. to <filename>stderr</filename>.
  163. </para>
  164. </listitem>
  165. </varlistentry>
  166. <varlistentry>
  167. <term>-m <replaceable class="parameter">flag</replaceable></term>
  168. <listitem>
  169. <para>
  170. Turn on memory usage debugging flags. Possible flags are
  171. <replaceable class="parameter">usage</replaceable>,
  172. <replaceable class="parameter">trace</replaceable>,
  173. <replaceable class="parameter">record</replaceable>,
  174. <replaceable class="parameter">size</replaceable>, and
  175. <replaceable class="parameter">mctx</replaceable>.
  176. These correspond to the ISC_MEM_DEBUGXXXX flags described in
  177. <filename>&lt;isc/mem.h&gt;</filename>.
  178. </para>
  179. </listitem>
  180. </varlistentry>
  181. <varlistentry>
  182. <term>-n <replaceable class="parameter">#cpus</replaceable></term>
  183. <listitem>
  184. <para>
  185. Create <replaceable class="parameter">#cpus</replaceable> worker threads
  186. to take advantage of multiple CPUs. If not specified,
  187. <command>named</command> will try to determine the
  188. number of CPUs present and create one thread per CPU.
  189. If it is unable to determine the number of CPUs, a
  190. single worker thread will be created.
  191. </para>
  192. </listitem>
  193. </varlistentry>
  194. <varlistentry>
  195. <term>-p <replaceable class="parameter">port</replaceable></term>
  196. <listitem>
  197. <para>
  198. Listen for queries on port <replaceable class="parameter">port</replaceable>. If not
  199. specified, the default is port 53.
  200. </para>
  201. </listitem>
  202. </varlistentry>
  203. <varlistentry>
  204. <term>-s</term>
  205. <listitem>
  206. <para>
  207. Write memory usage statistics to <filename>stdout</filename> on exit.
  208. </para>
  209. <note>
  210. <para>
  211. This option is mainly of interest to BIND 9 developers
  212. and may be removed or changed in a future release.
  213. </para>
  214. </note>
  215. </listitem>
  216. </varlistentry>
  217. <varlistentry>
  218. <term>-S <replaceable class="parameter">#max-socks</replaceable></term>
  219. <listitem>
  220. <para>
  221. Allow <command>named</command> to use up to
  222. <replaceable class="parameter">#max-socks</replaceable> sockets.
  223. </para>
  224. <warning>
  225. <para>
  226. This option should be unnecessary for the vast majority
  227. of users.
  228. The use of this option could even be harmful because the
  229. specified value may exceed the limitation of the
  230. underlying system API.
  231. It is therefore set only when the default configuration
  232. causes exhaustion of file descriptors and the
  233. operational environment is known to support the
  234. specified number of sockets.
  235. Note also that the actual maximum number is normally a little
  236. fewer than the specified value because
  237. <command>named</command> reserves some file descriptors
  238. for its internal use.
  239. </para>
  240. </warning>
  241. </listitem>
  242. </varlistentry>
  243. <varlistentry>
  244. <term>-t <replaceable class="parameter">directory</replaceable></term>
  245. <listitem>
  246. <para>Chroot
  247. to <replaceable class="parameter">directory</replaceable> after
  248. processing the command line arguments, but before
  249. reading the configuration file.
  250. </para>
  251. <warning>
  252. <para>
  253. This option should be used in conjunction with the
  254. <option>-u</option> option, as chrooting a process
  255. running as root doesn't enhance security on most
  256. systems; the way <function>chroot(2)</function> is
  257. defined allows a process with root privileges to
  258. escape a chroot jail.
  259. </para>
  260. </warning>
  261. </listitem>
  262. </varlistentry>
  263. <varlistentry>
  264. <term>-u <replaceable class="parameter">user</replaceable></term>
  265. <listitem>
  266. <para>Setuid
  267. to <replaceable class="parameter">user</replaceable> after completing
  268. privileged operations, such as creating sockets that
  269. listen on privileged ports.
  270. </para>
  271. <note>
  272. <para>
  273. On Linux, <command>named</command> uses the kernel's
  274. capability mechanism to drop all root privileges
  275. except the ability to <function>bind(2)</function> to
  276. a
  277. privileged port and set process resource limits.
  278. Unfortunately, this means that the <option>-u</option>
  279. option only works when <command>named</command> is
  280. run
  281. on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
  282. later, since previous kernels did not allow privileges
  283. to be retained after <function>setuid(2)</function>.
  284. </para>
  285. </note>
  286. </listitem>
  287. </varlistentry>
  288. <varlistentry>
  289. <term>-v</term>
  290. <listitem>
  291. <para>
  292. Report the version number and exit.
  293. </para>
  294. </listitem>
  295. </varlistentry>
  296. <varlistentry>
  297. <term>-V</term>
  298. <listitem>
  299. <para>
  300. Report the version number and build options, and exit.
  301. </para>
  302. </listitem>
  303. </varlistentry>
  304. <varlistentry>
  305. <term>-x <replaceable class="parameter">cache-file</replaceable></term>
  306. <listitem>
  307. <para>
  308. Load data from <replaceable class="parameter">cache-file</replaceable> into the
  309. cache of the default view.
  310. </para>
  311. <warning>
  312. <para>
  313. This option must not be used. It is only of interest
  314. to BIND 9 developers and may be removed or changed in a
  315. future release.
  316. </para>
  317. </warning>
  318. </listitem>
  319. </varlistentry>
  320. </variablelist>
  321. </refsect1>
  322. <refsect1>
  323. <title>SIGNALS</title>
  324. <para>
  325. In routine operation, signals should not be used to control
  326. the nameserver; <command>rndc</command> should be used
  327. instead.
  328. </para>
  329. <variablelist>
  330. <varlistentry>
  331. <term>SIGHUP</term>
  332. <listitem>
  333. <para>
  334. Force a reload of the server.
  335. </para>
  336. </listitem>
  337. </varlistentry>
  338. <varlistentry>
  339. <term>SIGINT, SIGTERM</term>
  340. <listitem>
  341. <para>
  342. Shut down the server.
  343. </para>
  344. </listitem>
  345. </varlistentry>
  346. </variablelist>
  347. <para>
  348. The result of sending any other signals to the server is undefined.
  349. </para>
  350. </refsect1>
  351. <refsect1>
  352. <title>CONFIGURATION</title>
  353. <para>
  354. The <command>named</command> configuration file is too complex
  355. to describe in detail here. A complete description is provided
  356. in the
  357. <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
  358. </para>
  359. <para>
  360. <command>named</command> inherits the <function>umask</function>
  361. (file creation mode mask) from the parent process. If files
  362. created by <command>named</command>, such as journal files,
  363. need to have custom permissions, the <function>umask</function>
  364. should be set explicitly in the script used to start the
  365. <command>named</command> process.
  366. </para>
  367. </refsect1>
  368. <refsect1>
  369. <title>FILES</title>
  370. <variablelist>
  371. <varlistentry>
  372. <term><filename>/etc/named.conf</filename></term>
  373. <listitem>
  374. <para>
  375. The default configuration file.
  376. </para>
  377. </listitem>
  378. </varlistentry>
  379. <varlistentry>
  380. <term><filename>/var/run/named/named.pid</filename></term>
  381. <listitem>
  382. <para>
  383. The default process-id file.
  384. </para>
  385. </listitem>
  386. </varlistentry>
  387. </variablelist>
  388. </refsect1>
  389. <refsect1>
  390. <title>SEE ALSO</title>
  391. <para><citetitle>RFC 1033</citetitle>,
  392. <citetitle>RFC 1034</citetitle>,
  393. <citetitle>RFC 1035</citetitle>,
  394. <citerefentry>
  395. <refentrytitle>named-checkconf</refentrytitle>
  396. <manvolnum>8</manvolnum>
  397. </citerefentry>,
  398. <citerefentry>
  399. <refentrytitle>named-checkzone</refentrytitle>
  400. <manvolnum>8</manvolnum>
  401. </citerefentry>,
  402. <citerefentry>
  403. <refentrytitle>rndc</refentrytitle>
  404. <manvolnum>8</manvolnum>
  405. </citerefentry>,
  406. <citerefentry>
  407. <refentrytitle>lwresd</refentrytitle>
  408. <manvolnum>8</manvolnum>
  409. </citerefentry>,
  410. <citerefentry>
  411. <refentrytitle>named.conf</refentrytitle>
  412. <manvolnum>5</manvolnum>
  413. </citerefentry>,
  414. <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
  415. </para>
  416. </refsect1>
  417. <refsect1>
  418. <title>AUTHOR</title>
  419. <para><corpauthor>Internet Systems Consortium</corpauthor>
  420. </para>
  421. </refsect1>
  422. </refentry><!--
  423. - Local variables:
  424. - mode: sgml
  425. - End:
  426. -->