doc/man/named.8in

         Man page generated from reStructuredText.
.
.
.nr rst2man-indent-level 0
.
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
 .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
 .rstReportMargin post:
..
. RE
 indent \\n[an-margin]
 old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
 new: \\n[rst2man-indent\\n[rst2man-indent-level]]
..
 "NAMED" "8" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
 NAME
named - Internet domain name server
 SYNOPSIS
named [ [-4] | [-6] ] [-c config-file] [-C] [-d debug-level] [-D string] [-E engine-name] [-f] [-g] [-L logfile] [-M option] [-m flag] [-n #cpus] [-p port] [-s] [-t directory] [-u user] [-v] [-V] ]
 DESCRIPTION
named is a Domain Name System (DNS) server, part of the BIND 9
distribution from ISC. For more information on the DNS, see \X'tty: link https://datatracker.ietf.org/doc/html/rfc1033.html'\%RFC 1033\X'tty: link',
\X'tty: link https://datatracker.ietf.org/doc/html/rfc1034.html'\%RFC 1034\X'tty: link', and \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html'\%RFC 1035\X'tty: link'.
When invoked without arguments, named reads the default
configuration file @sysconfdir@/named.conf, reads any initial data, and
listens for queries.
 OPTIONS
NDENT 0.0
 -4 This option tells named to use only IPv4, even if the host machine is capable of IPv6. \%-4 and
\%-6 are mutually exclusive.
NINDENT NDENT 0.0
 -6 This option tells named to use only IPv6, even if the host machine is capable of IPv4. \%-4 and
\%-6 are mutually exclusive.
NINDENT NDENT 0.0
 -c config-file This option tells named to use config-file as its configuration file instead of the default,
@sysconfdir@/named.conf. To ensure that the configuration file
can be reloaded after the server has changed its working directory
due to to a possible directory option in the configuration file,
config-file should be an absolute pathname.
NINDENT NDENT 0.0
 -C This option prints out the default built-in configuration and exits.
NOTE: This is for debugging purposes only and is not an
accurate representation of the actual configuration used by \%named
at runtime.
NINDENT NDENT 0.0
 -d debug-level This option sets the daemon\(aqs debug level to debug-level. Debugging traces from
named become more verbose as the debug level increases.
NINDENT NDENT 0.0
 -D string This option specifies a string that is used to identify a instance of named
in a process listing. The contents of string are not examined.
NINDENT NDENT 0.0
 -E engine-name When applicable, this option specifies the hardware to use for cryptographic
operations, such as a secure key store used for signing.
When BIND 9 is built with OpenSSL, this needs to be set to the OpenSSL
engine identifier that drives the cryptographic accelerator or
hardware service module (usually pkcs11).
NINDENT NDENT 0.0
 -f This option runs the server in the foreground (i.e., do not daemonize).
NINDENT NDENT 0.0
 -F This options turns on FIPS (US Federal Information Processing Standards)
mode if the underlying crytographic library supports running in FIPS
mode.
NINDENT NDENT 0.0
 -g This option runs the server in the foreground and forces all logging to stderr.
NINDENT NDENT 0.0
 -L logfile This option sets the log to the file logfile by default, instead of the system log.
NINDENT NDENT 0.0
 -M option This option sets the default (comma-separated) memory context
options. The possible flags are:
NDENT 7.0  \(bu 2
fill: fill blocks of memory with tag values when they are
allocated or freed, to assist debugging of memory problems; this is
the implicit default if named has been compiled with
--enable-developer.
 \(bu 2
nofill: disable the behavior enabled by fill; this is the
implicit default unless named has been compiled with
--enable-developer.
NINDENT NINDENT NDENT 0.0
 -m flag This option turns on memory usage debugging flags. Possible flags are usage,
trace, record, size, and mctx. These correspond to the
ISC_MEM_DEBUGXXXX flags described in <isc/mem.h>.
NINDENT NDENT 0.0
 -n #cpus This option creates #cpus worker threads to take advantage of multiple CPUs. If
not specified, named tries to determine the number of CPUs
present and creates one thread per CPU. If it is unable to determine
the number of CPUs, a single worker thread is created.
NINDENT NDENT 0.0
 -p value This option specifies the port(s) on which the server will listen
for queries. If value is of the form <portnum> or
dns=<portnum>, the server will listen for DNS queries on
portnum; if not not specified, the default is port 53. If
value is of the form tls=<portnum>, the server will
listen for TLS queries on portnum; the default is 853.
If value is of the form https=<portnum>, the server will
listen for HTTPS queries on portnum; the default is 443.
If value is of the form http=<portnum>, the server will
listen for HTTP queries on portnum; the default is 80.
NINDENT NDENT 0.0
 -s This option writes memory usage statistics to stdout on exit.
NINDENT NOTE:
NDENT 0.0 NDENT 3.5 This option is mainly of interest to BIND 9 developers and may be
removed or changed in a future release.
NINDENT NINDENT NDENT 0.0
 -t directory This option tells named to chroot to directory after processing the command-line arguments, but
before reading the configuration file.
NINDENT WARNING:
NDENT 0.0 NDENT 3.5 This option should be used in conjunction with the \%-u option,
as chrooting a process running as root doesn\(aqt enhance security on
most systems; the way chroot is defined allows a process
with root privileges to escape a chroot jail.
NINDENT NINDENT NDENT 0.0
 -U #listeners This option has been removed. Attempts to use it now result in a warning.
NINDENT NDENT 0.0
 -u user This option sets the setuid to user after completing privileged operations, such as
creating sockets that listen on privileged ports.
NINDENT NOTE:
NDENT 0.0 NDENT 3.5 On Linux, named uses the kernel\(aqs capability mechanism to drop
all root privileges except the ability to bind to a
privileged port and set process resource limits. Unfortunately,
this means that the \%-u option only works when named is run
on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or later, since
previous kernels did not allow privileges to be retained after
setuid.
NINDENT NINDENT NDENT 0.0
 -v This option reports the version number and exits.
NINDENT NDENT 0.0
 -V This option reports the version number, build options, supported
cryptographics algorithms, and exits.
NINDENT NDENT 0.0
 -X lock-file This option has been removed and using it will cause a fatal error.
NINDENT  SIGNALS
In routine operation, signals should not be used to control the
nameserver; \%rndc should be used instead.
NDENT 0.0
 SIGHUP This signal forces a reload of the server.

 SIGINT, SIGTERM These signals shut down the server.
NINDENT The result of sending any other signals to the server is undefined.
 CONFIGURATION
The named configuration file is too complex to describe in detail
here. A complete description is provided in the BIND 9 Administrator
Reference Manual.
named inherits the umask (file creation mode mask) from the
parent process. If files created by named, such as journal files,
need to have custom permissions, the umask should be set explicitly
in the script used to start the named process.
 FILES
NDENT 0.0
 @sysconfdir@/named.conf The default configuration file.

 @runstatedir@/named.pid The default process-id file.
NINDENT  SEE ALSO
\X'tty: link https://datatracker.ietf.org/doc/html/rfc1033.html'\%RFC 1033\X'tty: link', \X'tty: link https://datatracker.ietf.org/doc/html/rfc1034.html'\%RFC 1034\X'tty: link', \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html'\%RFC 1035\X'tty: link', \%named-checkconf(8), \%named-checkzone(8), \%rndc(8), \%named.conf(5), BIND 9 Administrator Reference Manual.
 AUTHOR
Internet Systems Consortium
 COPYRIGHT
2024, Internet Systems Consortium
 Generated by docutils manpage writer.
.