summaryrefslogtreecommitdiffstats
path: root/man5/resolv.conf.5
diff options
context:
space:
mode:
Diffstat (limited to 'man5/resolv.conf.5')
-rw-r--r--man5/resolv.conf.5406
1 files changed, 0 insertions, 406 deletions
diff --git a/man5/resolv.conf.5 b/man5/resolv.conf.5
deleted file mode 100644
index 1210399..0000000
--- a/man5/resolv.conf.5
+++ /dev/null
@@ -1,406 +0,0 @@
-.\" Copyright (c) 1986 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" %%%LICENSE_START(PERMISSIVE_MISC)
-.\" Redistribution and use in source and binary forms are permitted
-.\" provided that the above copyright notice and this paragraph are
-.\" duplicated in all such forms and that any documentation,
-.\" advertising materials, and other materials related to such
-.\" distribution and use acknowledge that the software was developed
-.\" by the University of California, Berkeley. The name of the
-.\" University may not be used to endorse or promote products derived
-.\" from this software without specific prior written permission.
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-.\" %%%LICENSE_END
-.\"
-.\" @(#)resolver.5 5.9 (Berkeley) 12/14/89
-.\" $Id: resolver.5,v 8.6 1999/05/21 00:01:02 vixie Exp $
-.\"
-.\" Added ndots remark by Bernhard R. Link - debian bug #182886
-.\"
-.TH resolv.conf 5 2023-10-31 "Linux man-pages 6.7"
-.UC 4
-.SH NAME
-resolv.conf \- resolver configuration file
-.SH SYNOPSIS
-.nf
-.B /etc/resolv.conf
-.fi
-.SH DESCRIPTION
-The
-.I resolver
-is a set of routines in the C library
-that provide access to the Internet Domain Name System (DNS).
-The resolver configuration file contains information that is read
-by the resolver routines the first time they are invoked by a process.
-The file is designed to be human readable and contains a list of
-keywords with values that provide various types of resolver information.
-The configuration file is considered a trusted source of DNS information;
-see the
-.B trust-ad
-option below for details.
-.P
-If this file does not exist, only the name server on the local machine
-will be queried, and the search list contains the local domain name
-determined from the hostname.
-.P
-The different configuration options are:
-.TP
-\fBnameserver\fP Name server IP address
-Internet address of a name server that the resolver should query,
-either an IPv4 address (in dot notation),
-or an IPv6 address in colon (and possibly dot) notation as per RFC 2373.
-Up to
-.B MAXNS
-(currently 3, see \fI<resolv.h>\fP) name servers may be listed,
-one per keyword.
-If there are multiple servers,
-the resolver library queries them in the order listed.
-If no \fBnameserver\fP entries are present,
-the default is to use the name server on the local machine.
-(The algorithm used is to try a name server, and if the query times out,
-try the next, until out of name servers,
-then repeat trying all the name servers
-until a maximum number of retries are made.)
-.TP
-\fBsearch\fP Search list for host-name lookup.
-By default, the search list contains one entry, the local domain name.
-It is determined from the local hostname returned by
-.BR gethostname (2);
-the local domain name is taken to be everything after the first
-\[aq].\[aq].
-Finally, if the hostname does not contain a \[aq].\[aq], the
-root domain is assumed as the local domain name.
-.IP
-This may be changed by listing the desired domain search path
-following the \fIsearch\fP keyword with spaces or tabs separating
-the names.
-Resolver queries having fewer than
-.I ndots
-dots (default is 1) in them will be attempted using each component
-of the search path in turn until a match is found.
-For environments with multiple subdomains please read
-.BI "options ndots:" n
-below to avoid man-in-the-middle attacks and unnecessary
-traffic for the root-dns-servers.
-.\" When having a resolv.conv with a line
-.\" search subdomain.domain.tld domain.tld
-.\" and doing a hostlookup, for example by
-.\" ping host.anothersubdomain
-.\" it sends dns-requests for
-.\" host.anothersubdomain.
-.\" host.anothersubdomain.subdomain.domain.tld.
-.\" host.anothersubdomain.domain.tld.
-.\" thus not only causing unnecessary traffic for the root-dns-servers
-.\" but broadcasting information to the outside and making man-in-the-middle
-.\" attacks possible.
-Note that this process may be slow and will generate a lot of network
-traffic if the servers for the listed domains are not local,
-and that queries will time out if no server is available
-for one of the domains.
-.IP
-If there are multiple
-.B search
-directives, only the search list from the last instance is used.
-.IP
-In glibc 2.25 and earlier, the search list is limited to six domains
-with a total of 256 characters.
-Since glibc 2.26,
-.\" glibc commit 3f853f22c87f0b671c0366eb290919719fa56c0e
-the search list is unlimited.
-.IP
-The
-.B domain
-directive is an obsolete name for the
-.B search
-directive that handles one search list entry only.
-.TP
-\fBsortlist\fP
-This option allows addresses returned by
-.BR gethostbyname (3)
-to be sorted.
-A sortlist is specified by IP-address-netmask pairs.
-The netmask is
-optional and defaults to the natural netmask of the net.
-The IP address
-and optional network pairs are separated by slashes.
-Up to 10 pairs may
-be specified.
-Here is an example:
-.IP
-.in +4n
-sortlist 130.155.160.0/255.255.240.0 130.155.0.0
-.in
-.TP
-\fBoptions\fP
-Options allows certain internal resolver variables to be modified.
-The syntax is
-.RS
-.IP
-\fBoptions\fP \fIoption\fP \fI...\fP
-.P
-where \fIoption\fP is one of the following:
-.TP
-\fBdebug\fP
-.\" Since glibc 2.2?
-Sets
-.B RES_DEBUG
-in
-.I _res.options
-(effective only if glibc was built with debug support; see
-.BR resolver (3)).
-.TP
-.BI ndots: n
-.\" Since glibc 2.2
-Sets a threshold for the number of dots which
-must appear in a name given to
-.BR res_query (3)
-(see
-.BR resolver (3))
-before an \fIinitial absolute query\fP will be made.
-The default for
-\fIn\fP is 1, meaning that if there are any dots in a name, the name
-will be tried first as an absolute name before any \fIsearch list\fP
-elements are appended to it.
-The value for this option is silently capped to 15.
-.TP
-.BI timeout: n
-.\" Since glibc 2.2
-Sets the amount of time the resolver will wait for a
-response from a remote name server before retrying the
-query via a different name server.
-This may
-.B not
-be the total time taken by any resolver API call and there is no
-guarantee that a single resolver API call maps to a single timeout.
-Measured in seconds,
-the default is
-.B RES_TIMEOUT
-(currently 5, see \fI<resolv.h>\fP).
-The value for this option is silently capped to 30.
-.TP
-.BI attempts: n
-Sets the number of times the resolver will send a
-query to its name servers before giving up and returning
-an error to the calling application.
-The default is
-.B RES_DFLRETRY
-(currently 2, see \fI<resolv.h>\fP).
-The value for this option is silently capped to 5.
-.TP
-.B rotate
-.\" Since glibc 2.2
-Sets
-.B RES_ROTATE
-in
-.IR _res.options ,
-which causes round-robin selection of name servers from among those listed.
-This has the effect of spreading the query load among all listed servers,
-rather than having all clients try the first listed server first every time.
-.TP
-.B no\-aaaa (since glibc 2.36)
-.\" f282cdbe7f436c75864e5640a409a10485e9abb2
-Sets
-.B RES_NOAAAA
-in
-.IR _res.options ,
-which suppresses AAAA queries made by the stub resolver,
-including AAAA lookups triggered by NSS-based interfaces such as
-.BR getaddrinfo (3).
-Only DNS lookups are affected: IPv6 data in
-.BR hosts (5)
-is still used,
-.BR getaddrinfo (3)
-with
-.B AI_PASSIVE
-will still produce IPv6 addresses,
-and configured IPv6 name servers are still used.
-To produce correct Name Error (NXDOMAIN) results,
-AAAA queries are translated to A queries.
-This option is intended preliminary for diagnostic purposes,
-to rule out that AAAA DNS queries have adverse impact.
-It is incompatible with EDNS0 usage and DNSSEC validation by applications.
-.TP
-.B no\-check\-names
-.\" since glibc 2.2
-Sets
-.B RES_NOCHECKNAME
-in
-.IR _res.options ,
-which disables the modern BIND checking of incoming hostnames and
-mail names for invalid characters such as underscore (_), non-ASCII,
-or control characters.
-.TP
-.B inet6
-.\" Since glibc 2.2
-Sets
-.B RES_USE_INET6
-in
-.IR _res.options .
-This has the effect of trying an AAAA query before an A query inside the
-.BR gethostbyname (3)
-function, and of mapping IPv4 responses in IPv6 "tunneled form"
-if no AAAA records are found but an A record set exists.
-Since glibc 2.25,
-.\" b76e065991ec01299225d9da90a627ebe6c1ac97
-this option is deprecated; applications should use
-.BR getaddrinfo (3),
-rather than
-.BR gethostbyname (3).
-.TP
-.BR ip6\-bytestring " (since glibc 2.3.4 to glibc 2.24)"
-Sets
-.B RES_USEBSTRING
-in
-.IR _res.options .
-This causes reverse IPv6 lookups to be made using the bit-label format
-described in RFC\ 2673;
-if this option is not set (which is the default), then nibble format is used.
-This option was removed in glibc 2.25,
-since it relied on a backward-incompatible
-DNS extension that was never deployed on the Internet.
-.TP
-.BR ip6\-dotint / no\-ip6\-dotint " (glibc 2.3.4 to glibc 2.24)"
-Clear/set
-.B RES_NOIP6DOTINT
-in
-.IR _res.options .
-When this option is clear
-.RB ( ip6\-dotint ),
-reverse IPv6 lookups are made in the (deprecated)
-.I ip6.int
-zone;
-when this option is set
-.RB ( no\-ip6\-dotint ),
-reverse IPv6 lookups are made in the
-.I ip6.arpa
-zone by default.
-These options are available up to glibc 2.24, where
-.B no\-ip6\-dotint
-is the default.
-Since
-.B ip6\-dotint
-support long ago ceased to be available on the Internet,
-these options were removed in glibc 2.25.
-.TP
-.BR edns0 " (since glibc 2.6)"
-Sets
-.B RES_USE_EDNS0
-in
-.IR _res.options .
-This enables support for the DNS extensions described in RFC\ 2671.
-.TP
-.BR single\-request " (since glibc 2.10)"
-Sets
-.B RES_SNGLKUP
-in
-.IR _res.options .
-By default, glibc performs IPv4 and IPv6 lookups in parallel since
-glibc 2.9.
-Some appliance DNS servers
-cannot handle these queries properly and make the requests time out.
-This option disables the behavior and makes glibc perform the IPv6
-and IPv4 requests sequentially (at the cost of some slowdown of the
-resolving process).
-.TP
-.BR single\-request\-reopen " (since glibc 2.9)"
-Sets
-.B RES_SNGLKUPREOP
-in
-.IR _res.options .
-The resolver uses the same socket for the A and AAAA requests.
-Some hardware mistakenly sends back only one reply.
-When that happens the client system will sit and wait for the second reply.
-Turning this option on changes this behavior
-so that if two requests from the same port are not handled correctly it will
-close the socket and open a new one before sending the second request.
-.TP
-.BR no\-tld\-query " (since glibc 2.14)"
-Sets
-.B RES_NOTLDQUERY
-in
-.IR _res.options .
-This option causes
-.BR res_nsearch ()
-to not attempt to resolve an unqualified name
-as if it were a top level domain (TLD).
-This option can cause problems if the site has ``localhost'' as a TLD
-rather than having localhost on one or more elements of the search list.
-This option has no effect if neither RES_DEFNAMES or RES_DNSRCH is set.
-.TP
-.BR use\-vc " (since glibc 2.14)"
-Sets
-.B RES_USEVC
-in
-.IR _res.options .
-This option forces the use of TCP for DNS resolutions.
-.\" aef16cc8a4c670036d45590877d411a97f01e0cd
-.TP
-.BR no\-reload " (since glibc 2.26)"
-Sets
-.B RES_NORELOAD
-in
-.IR _res.options .
-This option disables automatic reloading of a changed configuration file.
-.TP
-.BR trust\-ad " (since glibc 2.31)"
-.\" 446997ff1433d33452b81dfa9e626b8dccf101a4
-Sets
-.B RES_TRUSTAD
-in
-.IR _res.options .
-This option controls the AD bit behavior of the stub resolver.
-If a validating resolver sets the AD bit in a response,
-it indicates that the data in the response was verified according
-to the DNSSEC protocol.
-In order to rely on the AD bit, the local system has to
-trust both the DNSSEC-validating resolver and the network path to it,
-which is why an explicit opt-in is required.
-If the
-.B trust\-ad
-option is active, the stub resolver sets the AD bit in outgoing DNS
-queries (to enable AD bit support), and preserves the AD bit in responses.
-Without this option, the AD bit is not set in queries,
-and it is always removed from responses before they are returned to the
-application.
-This means that applications can trust the AD bit in responses if the
-.B trust\-ad
-option has been set correctly.
-.IP
-In glibc 2.30 and earlier,
-the AD is not set automatically in queries,
-and is passed through unchanged to applications in responses.
-.RE
-.P
-The \fIsearch\fP keyword of a system's \fIresolv.conf\fP file can be
-overridden on a per-process basis by setting the environment variable
-.B LOCALDOMAIN
-to a space-separated list of search domains.
-.P
-The \fIoptions\fP keyword of a system's \fIresolv.conf\fP file can be
-amended on a per-process basis by setting the environment variable
-.B RES_OPTIONS
-to a space-separated list of resolver options
-as explained above under \fBoptions\fP.
-.P
-The keyword and value must appear on a single line, and the keyword
-(e.g., \fBnameserver\fP) must start the line.
-The value follows the keyword, separated by white space.
-.P
-Lines that contain a semicolon (;) or hash character (#)
-in the first column are treated as comments.
-.SH FILES
-.IR /etc/resolv.conf ,
-.I <resolv.h>
-.SH SEE ALSO
-.BR gethostbyname (3),
-.BR resolver (3),
-.BR host.conf (5),
-.BR hosts (5),
-.BR nsswitch.conf (5),
-.BR hostname (7),
-.BR named (8)
-.P
-Name Server Operations Guide for BIND