1NAMED(8) BIND 9 NAMED(8)
2
6 named - Internet domain name server
7
9 named [ [-4] | [-6] ] [-c config-file] [-d debug-level] [-D string] [-E
10 engine-name] [-f] [-g] [-L logfile] [-M option] [-m flag] [-n #cpus]
11 [-p port] [-s] [-S #max-socks] [-t directory] [-U #listeners] [-u user]
12 [-v] [-V] [-X lock-file] [-x cache-file]
13
15 named is a Domain Name System (DNS) server, part of the BIND 9 distri‐
16 bution from ISC. For more information on the DNS, see RFC 1033, RFC
17 1034, and RFC 1035.
18 When invoked without arguments, named reads the default configuration
20 file /etc/named.conf, reads any initial data, and listens for queries.
21
23 -4 This option tells named to use only IPv4, even if the host ma‐
24 chine is capable of IPv6. -4 and -6 are mutually exclusive.
25 -6 This option tells named to use only IPv6, even if the host ma‐
27 chine is capable of IPv4. -4 and -6 are mutually exclusive.
28 -c config-file
30 This option tells named to use config-file as its configuration
31 file instead of the default, /etc/named.conf. To ensure that the
32 configuration file can be reloaded after the server has changed
33 its working directory due to to a possible directory option in
34 the configuration file, config-file should be an absolute path‐
35 name.
36 -d debug-level
38 This option sets the daemon's debug level to debug-level. Debug‐
39 ging traces from named become more verbose as the debug level
40 increases.
41 -D string
43 This option specifies a string that is used to identify a in‐
44 stance of named in a process listing. The contents of string are
45 not examined.
46 -E engine-name
48 When applicable, this option specifies the hardware to use for
49 cryptographic operations, such as a secure key store used for
50 signing.
51 When BIND 9 is built with OpenSSL, this needs to be set to the
53 OpenSSL engine identifier that drives the cryptographic acceler‐
54 ator or hardware service module (usually pkcs11). When BIND is
55 built with native PKCS#11 cryptography (--enable-native-pkcs11),
56 it defaults to the path of the PKCS#11 provider library speci‐
57 fied via --with-pkcs11.
58 -f This option runs the server in the foreground (i.e., do not dae‐
60 monize).
61 -g This option runs the server in the foreground and forces all
63 logging to stderr.
64 -L logfile
66 This option sets the log to the file logfile by default, instead
67 of the system log.
68 -M option
70 This option sets the default memory context options. If set to
71 external, the internal memory manager is bypassed in favor of
72 system-provided memory allocation functions. If set to fill,
73 blocks of memory are filled with tag values when allocated or
74 freed, to assist debugging of memory problems. nofill disables
75 this behavior, and is the default unless named has been compiled
76 with developer options.
77 -m flag
79 This option turns on memory usage debugging flags. Possible
80 flags are usage, trace, record, size, and mctx. These correspond
81 to the ISC_MEM_DEBUGXXXX flags described in <isc/mem.h>.
82 -n #cpus
84 This option creates #cpus worker threads to take advantage of
85 multiple CPUs. If not specified, named tries to determine the
86 number of CPUs present and creates one thread per CPU. If it is
87 unable to determine the number of CPUs, a single worker thread
88 is created.
89 -p port
91 This option listens for queries on port. If not specified, the
92 default is port 53.
93 -s This option writes memory usage statistics to stdout on exit.
95 NOTE:
97 This option is mainly of interest to BIND 9 developers and may be
98 removed or changed in a future release.
99 -S #max-socks
101 This option allows named to use up to #max-socks sockets. The
102 default value is 21000 on systems built with default configura‐
103 tion options, and 4096 on systems built with configure
104 --with-tuning=small.
105 WARNING:
107 This option should be unnecessary for the vast majority of users.
108 The use of this option could even be harmful, because the specified
109 value may exceed the limitation of the underlying system API. It is
110 therefore set only when the default configuration causes exhaustion
111 of file descriptors and the operational environment is known to sup‐
112 port the specified number of sockets. Note also that the actual max‐
113 imum number is normally slightly fewer than the specified value, be‐
114 cause named reserves some file descriptors for its internal use.
115 -t directory
117 This option tells named to chroot to directory after processing
118 the command-line arguments, but before reading the configuration
119 file.
120 WARNING:
122 This option should be used in conjunction with the -u option, as ch‐
123 rooting a process running as root doesn't enhance security on most
124 systems; the way chroot is defined allows a process with root privi‐
125 leges to escape a chroot jail.
126 -U #listeners
128 This option tells named the number of #listeners worker threads
129 to listen on, for incoming UDP packets on each address. If not
130 specified, named calculates a default value based on the number
131 of detected CPUs: 1 for 1 CPU, and the number of detected CPUs
132 minus one for machines with more than 1 CPU. This cannot be in‐
133 creased to a value higher than the number of CPUs. If -n has
134 been set to a higher value than the number of detected CPUs,
135 then -U may be increased as high as that value, but no higher.
136 On Windows, the number of UDP listeners is hardwired to 1 and
137 this option has no effect.
138 -u user
140 This option sets the setuid to user after completing privileged
141 operations, such as creating sockets that listen on privileged
142 ports.
143 NOTE:
145 On Linux, named uses the kernel's capability mechanism to drop all
146 root privileges except the ability to bind to a privileged port and
147 set process resource limits. Unfortunately, this means that the -u
148 option only works when named is run on kernel 2.2.18 or later, or
149 kernel 2.3.99-pre3 or later, since previous kernels did not allow
150 privileges to be retained after setuid.
151 -v This option reports the version number and exits.
153 -V This option reports the version number and build options, and
155 exits.
156 -X lock-file
158 This option acquires a lock on the specified file at runtime;
159 this helps to prevent duplicate named instances from running si‐
160 multaneously. Use of this option overrides the lock-file option
161 in named.conf. If set to none, the lock file check is disabled.
162 -x cache-file
164 This option loads data from cache-file into the cache of the de‐
165 fault view.
166 WARNING:
168 This option must not be used in normal operations. It is only of in‐
169 terest to BIND 9 developers and may be removed or changed in a fu‐
170 ture release.
171
173 In routine operation, signals should not be used to control the name‐
174 server; rndc should be used instead.
175 SIGHUP This signal forces a reload of the server.
177 SIGINT, SIGTERM
179 These signals shut down the server.
180 The result of sending any other signals to the server is undefined.
182
184 The named configuration file is too complex to describe in detail here.
185 A complete description is provided in the BIND 9 Administrator Refer‐
186 ence Manual.
187 named inherits the umask (file creation mode mask) from the parent
189 process. If files created by named, such as journal files, need to have
190 custom permissions, the umask should be set explicitly in the script
191 used to start the named process.
192
194 /etc/named.conf
195 The default configuration file.
196 /var/run/named/named.pid
198 The default process-id file.
199
201 RFC 1033, RFC 1034, RFC 1035, named-checkconf(8), named-checkzone(8),
202 rndc(8), named.conf(5), BIND 9 Administrator Reference Manual.
203
205 Internet Systems Consortium
206
208 2021, Internet Systems Consortium
2099.16.23-RH NAMED(8)