summaryrefslogtreecommitdiffstats
path: root/doc/man/named.8in
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man/named.8in')
-rw-r--r--doc/man/named.8in299
1 files changed, 299 insertions, 0 deletions
diff --git a/doc/man/named.8in b/doc/man/named.8in
new file mode 100644
index 0000000..b33c7db
--- /dev/null
+++ b/doc/man/named.8in
@@ -0,0 +1,299 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "NAMED" "8" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
+.SH NAME
+named \- Internet domain name server
+.SH SYNOPSIS
+.sp
+\fBnamed\fP [ [\fB\-4\fP] | [\fB\-6\fP] ] [\fB\-c\fP config\-file] [\fB\-C\fP] [\fB\-d\fP debug\-level] [\fB\-D\fP string] [\fB\-E\fP engine\-name] [\fB\-f\fP] [\fB\-g\fP] [\fB\-L\fP logfile] [\fB\-M\fP option] [\fB\-m\fP flag] [\fB\-n\fP #cpus] [\fB\-p\fP port] [\fB\-s\fP] [\fB\-t\fP directory] [\fB\-U\fP #listeners] [\fB\-u\fP user] [\fB\-v\fP] [\fB\-V\fP] [\fB\-X\fP lock\-file]
+.SH DESCRIPTION
+.sp
+\fBnamed\fP is a Domain Name System (DNS) server, part of the BIND 9
+distribution from ISC. For more information on the DNS, see \fI\%RFC 1033\fP,
+\fI\%RFC 1034\fP, and \fI\%RFC 1035\fP\&.
+.sp
+When invoked without arguments, \fBnamed\fP reads the default
+configuration file \fB@sysconfdir@/named.conf\fP, reads any initial data, and
+listens for queries.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+.B \-4
+This option tells \fBnamed\fP to use only IPv4, even if the host machine is capable of IPv6. \fI\%\-4\fP and
+\fI\%\-6\fP are mutually exclusive.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-6
+This option tells \fBnamed\fP to use only IPv6, even if the host machine is capable of IPv4. \fI\%\-4\fP and
+\fI\%\-6\fP are mutually exclusive.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-c config\-file
+This option tells \fBnamed\fP to use \fBconfig\-file\fP as its configuration file instead of the default,
+\fB@sysconfdir@/named.conf\fP\&. To ensure that the configuration file
+can be reloaded after the server has changed its working directory
+due to to a possible \fBdirectory\fP option in the configuration file,
+\fBconfig\-file\fP should be an absolute pathname.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-C
+This option prints out the default built\-in configuration and exits.
+.sp
+NOTE: This is for debugging purposes only and is not an
+accurate representation of the actual configuration used by \fI\%named\fP
+at runtime.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-d debug\-level
+This option sets the daemon\(aqs debug level to \fBdebug\-level\fP\&. Debugging traces from
+\fBnamed\fP become more verbose as the debug level increases.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-D string
+This option specifies a string that is used to identify a instance of \fBnamed\fP
+in a process listing. The contents of \fBstring\fP are not examined.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-E engine\-name
+When applicable, this option specifies the hardware to use for cryptographic
+operations, such as a secure key store used for signing.
+.sp
+When BIND 9 is built with OpenSSL, this needs to be set to the OpenSSL
+engine identifier that drives the cryptographic accelerator or
+hardware service module (usually \fBpkcs11\fP).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-f
+This option runs the server in the foreground (i.e., do not daemonize).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-g
+This option runs the server in the foreground and forces all logging to \fBstderr\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-L logfile
+This option sets the log to the file \fBlogfile\fP by default, instead of the system log.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-M option
+This option sets the default (comma\-separated) memory context
+options. The possible flags are:
+.INDENT 7.0
+.IP \(bu 2
+\fBfill\fP: fill blocks of memory with tag values when they are
+allocated or freed, to assist debugging of memory problems; this is
+the implicit default if \fBnamed\fP has been compiled with
+\fB\-\-enable\-developer\fP\&.
+.IP \(bu 2
+\fBnofill\fP: disable the behavior enabled by \fBfill\fP; this is the
+implicit default unless \fBnamed\fP has been compiled with
+\fB\-\-enable\-developer\fP\&.
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-m flag
+This option turns on memory usage debugging flags. Possible flags are \fBusage\fP,
+\fBtrace\fP, \fBrecord\fP, \fBsize\fP, and \fBmctx\fP\&. These correspond to the
+\fBISC_MEM_DEBUGXXXX\fP flags described in \fB<isc/mem.h>\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-n #cpus
+This option creates \fB#cpus\fP worker threads to take advantage of multiple CPUs. If
+not specified, \fBnamed\fP tries to determine the number of CPUs
+present and creates one thread per CPU. If it is unable to determine
+the number of CPUs, a single worker thread is created.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-p value
+This option specifies the port(s) on which the server will listen
+for queries. If \fBvalue\fP is of the form \fB<portnum>\fP or
+\fBdns=<portnum>\fP, the server will listen for DNS queries on
+\fBportnum\fP; if not not specified, the default is port 53. If
+\fBvalue\fP is of the form \fBtls=<portnum>\fP, the server will
+listen for TLS queries on \fBportnum\fP; the default is 853.
+If \fBvalue\fP is of the form \fBhttps=<portnum>\fP, the server will
+listen for HTTPS queries on \fBportnum\fP; the default is 443.
+If \fBvalue\fP is of the form \fBhttp=<portnum>\fP, the server will
+listen for HTTP queries on \fBportnum\fP; the default is 80.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-s
+This option writes memory usage statistics to \fBstdout\fP on exit.
+.UNINDENT
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+This option is mainly of interest to BIND 9 developers and may be
+removed or changed in a future release.
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-S #max\-socks
+This option is deprecated and no longer has any function.
+.UNINDENT
+.sp
+\fBWARNING:\fP
+.INDENT 0.0
+.INDENT 3.5
+This option should be unnecessary for the vast majority of users.
+The use of this option could even be harmful, because the specified
+value may exceed the limitation of the underlying system API. It
+is therefore set only when the default configuration causes
+exhaustion of file descriptors and the operational environment is
+known to support the specified number of sockets. Note also that
+the actual maximum number is normally slightly fewer than the
+specified value, because \fBnamed\fP reserves some file descriptors
+for its internal use.
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-t directory
+This option tells \fBnamed\fP to chroot to \fBdirectory\fP after processing the command\-line arguments, but
+before reading the configuration file.
+.UNINDENT
+.sp
+\fBWARNING:\fP
+.INDENT 0.0
+.INDENT 3.5
+This option should be used in conjunction with the \fI\%\-u\fP option,
+as chrooting a process running as root doesn\(aqt enhance security on
+most systems; the way \fBchroot\fP is defined allows a process
+with root privileges to escape a chroot jail.
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-U #listeners
+This option tells \fBnamed\fP the number of \fB#listeners\fP worker threads to listen on, for incoming UDP packets on
+each address. If not specified, \fBnamed\fP calculates a default
+value based on the number of detected CPUs: 1 for 1 CPU, and the
+number of detected CPUs minus one for machines with more than 1 CPU.
+This cannot be increased to a value higher than the number of CPUs.
+If \fI\%\-n\fP has been set to a higher value than the number of detected
+CPUs, then \fI\%\-U\fP may be increased as high as that value, but no
+higher.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-u user
+This option sets the setuid to \fBuser\fP after completing privileged operations, such as
+creating sockets that listen on privileged ports.
+.UNINDENT
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+On Linux, \fBnamed\fP uses the kernel\(aqs capability mechanism to drop
+all root privileges except the ability to \fBbind\fP to a
+privileged port and set process resource limits. Unfortunately,
+this means that the \fI\%\-u\fP option only works when \fBnamed\fP is run
+on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since
+previous kernels did not allow privileges to be retained after
+\fBsetuid\fP\&.
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-v
+This option reports the version number and exits.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-V
+This option reports the version number, build options, supported
+cryptographics algorithms, and exits.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-X lock\-file
+This option acquires a lock on the specified file at runtime; this helps to
+prevent duplicate \fBnamed\fP instances from running simultaneously.
+Use of this option overrides the \fBlock\-file\fP option in
+\fI\%named.conf\fP\&. If set to \fBnone\fP, the lock file check is disabled.
+.UNINDENT
+.SH SIGNALS
+.sp
+In routine operation, signals should not be used to control the
+nameserver; \fI\%rndc\fP should be used instead.
+.INDENT 0.0
+.TP
+.B SIGHUP
+This signal forces a reload of the server.
+.TP
+.B SIGINT, SIGTERM
+These signals shut down the server.
+.UNINDENT
+.sp
+The result of sending any other signals to the server is undefined.
+.SH CONFIGURATION
+.sp
+The \fBnamed\fP configuration file is too complex to describe in detail
+here. A complete description is provided in the BIND 9 Administrator
+Reference Manual.
+.sp
+\fBnamed\fP inherits the \fBumask\fP (file creation mode mask) from the
+parent process. If files created by \fBnamed\fP, such as journal files,
+need to have custom permissions, the \fBumask\fP should be set explicitly
+in the script used to start the \fBnamed\fP process.
+.SH FILES
+.INDENT 0.0
+.TP
+.B \fB@sysconfdir@/named.conf\fP
+The default configuration file.
+.TP
+.B \fB@runstatedir@/named.pid\fP
+The default process\-id file.
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fI\%RFC 1033\fP, \fI\%RFC 1034\fP, \fI\%RFC 1035\fP, \fI\%named\-checkconf(8)\fP, \fI\%named\-checkzone(8)\fP, \fI\%rndc(8)\fP, \fI\%named.conf(5)\fP, BIND 9 Administrator Reference Manual.
+.SH AUTHOR
+Internet Systems Consortium
+.SH COPYRIGHT
+2023, Internet Systems Consortium
+.\" Generated by docutils manpage writer.
+.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-03 17:15:04 +0000