1NAMED(8) BIND 9 NAMED(8)
2
6 named - Internet domain name server
7
9 named [ [-4] | [-6] ] [-c config-file] [-C] [-d debug-level] [-D
10 string] [-E engine-name] [-f] [-g] [-L logfile] [-M option] [-m flag]
11 [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-U #listen‐
12 ers] [-u user] [-v] [-V] [-X lock-file] [-x cache-file]
13
15 named is a Domain Name System (DNS) server, part of the BIND 9 distri‐
16 bution from ISC. For more information on the DNS, see RFC 1033, RFC
17 1034, and RFC 1035.
18 When invoked without arguments, named reads the default configuration
20 file /etc/named.conf, reads any initial data, and listens for queries.
21
23 -4 This option tells named to use only IPv4, even if the host ma‐
24 chine is capable of IPv6. -4 and -6 are mutually exclusive.
25 -6 This option tells named to use only IPv6, even if the host ma‐
27 chine is capable of IPv4. -4 and -6 are mutually exclusive.
28 -c config-file
30 This option tells named to use config-file as its configuration
31 file instead of the default, /etc/named.conf. To ensure that the
32 configuration file can be reloaded after the server has changed
33 its working directory due to to a possible directory option in
34 the configuration file, config-file should be an absolute path‐
35 name.
36 -C
38 This option prints out the default built-in configuration and exits.
39 NOTE: This is for debugging purposes only and is not an accurate
41 representation of the actual configuration used by named at runtime.
42 -d debug-level
44 This option sets the daemon's debug level to debug-level. Debug‐
45 ging traces from named become more verbose as the debug level
46 increases.
47 -D string
49 This option specifies a string that is used to identify a in‐
50 stance of named in a process listing. The contents of string are
51 not examined.
52 -E engine-name
54 When applicable, this option specifies the hardware to use for
55 cryptographic operations, such as a secure key store used for
56 signing.
57 When BIND 9 is built with OpenSSL, this needs to be set to the
59 OpenSSL engine identifier that drives the cryptographic acceler‐
60 ator or hardware service module (usually pkcs11). When BIND is
61 built with native PKCS#11 cryptography (--enable-native-pkcs11),
62 it defaults to the path of the PKCS#11 provider library speci‐
63 fied via --with-pkcs11.
64 -f This option runs the server in the foreground (i.e., do not dae‐
66 monize).
67 -g This option runs the server in the foreground and forces all
69 logging to stderr.
70 -L logfile
72 This option sets the log to the file logfile by default, instead
73 of the system log.
74 -M option
76 This option sets the default memory context options. If set to
77 external, the internal memory manager is bypassed in favor of
78 system-provided memory allocation functions. If set to fill,
79 blocks of memory are filled with tag values when allocated or
80 freed, to assist debugging of memory problems. nofill disables
81 this behavior, and is the default unless named has been compiled
82 with developer options.
83 -m flag
85 This option turns on memory usage debugging flags. Possible
86 flags are usage, trace, record, size, and mctx. These correspond
87 to the ISC_MEM_DEBUGXXXX flags described in <isc/mem.h>.
88 -n #cpus
90 This option creates #cpus worker threads to take advantage of
91 multiple CPUs. If not specified, named tries to determine the
92 number of CPUs present and creates one thread per CPU. If it is
93 unable to determine the number of CPUs, a single worker thread
94 is created.
95 -p port
97 This option listens for queries on port. If not specified, the
98 default is port 53.
99 -s This option writes memory usage statistics to stdout on exit.
101 NOTE:
103 This option is mainly of interest to BIND 9 developers and may be
104 removed or changed in a future release.
105 -S #max-socks
107 This option allows named to use up to #max-socks sockets. The
108 default value is 21000 on systems built with default configura‐
109 tion options, and 4096 on systems built with configure
110 --with-tuning=small.
111 WARNING:
113 This option should be unnecessary for the vast majority of users.
114 The use of this option could even be harmful, because the specified
115 value may exceed the limitation of the underlying system API. It is
116 therefore set only when the default configuration causes exhaustion
117 of file descriptors and the operational environment is known to sup‐
118 port the specified number of sockets. Note also that the actual max‐
119 imum number is normally slightly fewer than the specified value, be‐
120 cause named reserves some file descriptors for its internal use.
121 -t directory
123 This option tells named to chroot to directory after processing
124 the command-line arguments, but before reading the configuration
125 file.
126 WARNING:
128 This option should be used in conjunction with the -u option, as ch‐
129 rooting a process running as root doesn't enhance security on most
130 systems; the way chroot is defined allows a process with root privi‐
131 leges to escape a chroot jail.
132 -U #listeners
134 This option tells named the number of #listeners worker threads
135 to listen on, for incoming UDP packets on each address. If not
136 specified, named calculates a default value based on the number
137 of detected CPUs: 1 for 1 CPU, and the number of detected CPUs
138 minus one for machines with more than 1 CPU. This cannot be in‐
139 creased to a value higher than the number of CPUs. If -n has
140 been set to a higher value than the number of detected CPUs,
141 then -U may be increased as high as that value, but no higher.
142 On Windows, the number of UDP listeners is hardwired to 1 and
143 this option has no effect.
144 -u user
146 This option sets the setuid to user after completing privileged
147 operations, such as creating sockets that listen on privileged
148 ports.
149 NOTE:
151 On Linux, named uses the kernel's capability mechanism to drop all
152 root privileges except the ability to bind to a privileged port and
153 set process resource limits. Unfortunately, this means that the -u
154 option only works when named is run on kernel 2.2.18 or later, or
155 kernel 2.3.99-pre3 or later, since previous kernels did not allow
156 privileges to be retained after setuid.
157 -v This option reports the version number and exits.
159 -V This option reports the version number and build options, and
161 exits.
162 -X lock-file
164 This option acquires a lock on the specified file at runtime;
165 this helps to prevent duplicate named instances from running si‐
166 multaneously. Use of this option overrides the lock-file option
167 in named.conf. If set to none, the lock file check is disabled.
168 -x cache-file
170 This option loads data from cache-file into the cache of the de‐
171 fault view.
172 WARNING:
174 This option must not be used in normal operations. It is only of in‐
175 terest to BIND 9 developers and may be removed or changed in a fu‐
176 ture release.
177
179 In routine operation, signals should not be used to control the name‐
180 server; rndc should be used instead.
181 SIGHUP This signal forces a reload of the server.
183 SIGINT, SIGTERM
185 These signals shut down the server.
186 The result of sending any other signals to the server is undefined.
188
190 The named configuration file is too complex to describe in detail here.
191 A complete description is provided in the BIND 9 Administrator Refer‐
192 ence Manual.
193 named inherits the umask (file creation mode mask) from the parent
195 process. If files created by named, such as journal files, need to have
196 custom permissions, the umask should be set explicitly in the script
197 used to start the named process.
198
200 /etc/named.conf
201 The default configuration file.
202 /var/run/named/named.pid
204 The default process-id file.
205
207 RFC 1033, RFC 1034, RFC 1035, named-checkconf(8), named-checkzone(8),
208 rndc(8), named.conf(5), BIND 9 Administrator Reference Manual.
209
211 Internet Systems Consortium
212
214 2022, Internet Systems Consortium
2159.16.30-RH NAMED(8)