1NAMED(8) BIND9 NAMED(8)
2
6 named - Internet domain name server
7
9 named [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-m flag]
10 [-n #cpus] [-p port] [-s] [-t directory] [-u user] [-v]
11 [-x cache-file] [-D]
12
14 named is a Domain Name System (DNS) server, part of the BIND 9
15 distribution from ISC. For more information on the DNS, see RFCs 1033,
16 1034, and 1035.
17 When invoked without arguments, named will read the default
19 configuration file /etc/named.conf, read any initial data, and listen
20 for queries.
21
23 -4
24 Use IPv4 only even if the host machine is capable of IPv6. -4 and
25 -6 are mutually exclusive.
26 -6
28 Use IPv6 only even if the host machine is capable of IPv4. -4 and
29 -6 are mutually exclusive.
30 -c config-file
32 Use config-file as the configuration file instead of the default,
33 /etc/named.conf. To ensure that reloading the configuration file
34 continues to work after the server has changed its working
35 directory due to to a possible directory option in the
36 configuration file, config-file should be an absolute pathname.
37 -d debug-level
39 Set the daemon's debug level to debug-level. Debugging traces from
40 named become more verbose as the debug level increases.
41 -f
43 Run the server in the foreground (i.e. do not daemonize).
44 -g
46 Run the server in the foreground and force all logging to stderr.
47 -m flag
49 Turn on memory usage debugging flags. Possible flags are usage,
50 trace, record, size, and mctx. These correspond to the
51 ISC_MEM_DEBUGXXXX flags described in <isc/mem.h>.
52 -n #cpus
54 Create #cpus worker threads to take advantage of multiple CPUs. If
55 not specified, named will try to determine the number of CPUs
56 present and create one thread per CPU. If it is unable to determine
57 the number of CPUs, a single worker thread will be created.
58 -p port
60 Listen for queries on port port. If not specified, the default is
61 port 53.
62 -s
64 Write memory usage statistics to stdout on exit.
65 Note: This option is mainly of interest to BIND 9 developers
66 and may be removed or changed in a future release.
67 -t directory
69 Chroot to directory after processing the command line arguments,
70 but before reading the configuration file.
71 Warning: This option should be used in conjunction with the
72 -u option, as chrooting a process running as root doesn't
73 enhance security on most systems; the way chroot(2) is
74 defined allows a process with root privileges to escape a
75 chroot jail.
76 -u user
78 Setuid to user after completing privileged operations, such as
79 creating sockets that listen on privileged ports.
80 Note: On Linux, named uses the kernel's capability mechanism
81 to drop all root privileges except the ability to bind(2) to
82 a privileged port and set process resource limits.
83 Unfortunately, this means that the -u option only works when
84 named is run on kernel 2.2.18 or later, or kernel
85 2.3.99-pre3 or later, since previous kernels did not allow
86 privileges to be retained after setuid(2).
87 -v
89 Report the version number and exit.
90 -x cache-file
92 Load data from cache-file into the cache of the default view.
93 Warning: This option must not be used. It is only of
94 interest to BIND 9 developers and may be removed or changed
95 in a future release.
96 -D Enable dynamic management of the forwarding table with D-BUS
99 messages. This option is required for Red Hat NetworkManager
100 support. See doc/README.DBUS .
101
104 In routine operation, signals should not be used to control the
105 nameserver; rndc should be used instead.
106 SIGHUP
108 Force a reload of the server.
109 SIGINT, SIGTERM
111 Shut down the server.
112 The result of sending any other signals to the server is undefined.
114
116 The named configuration file is too complex to describe in detail here.
117 A complete description is provided in the BIND 9 Administrator
118 Reference Manual.
119
121 /etc/named.conf
122 The default configuration file.
123 /var/run/named.pid
125 The default process-id file.
126
128 Red Hat SELinux BIND Security Profile:
129 By default, Red Hat ships BIND with the most secure SELinux policy that
131 will not prevent normal BIND operation and will prevent exploitation of
132 all known BIND security vulnerabilities . See the selinux(8) man page
133 for information about SElinux.
134 It is not necessary to run named in a chroot environment if the Red Hat
136 SELinux policy for named is enabled. When enabled, this policy is far
137 more secure than a chroot environment. Users are recommended to enable
138 SELinux and remove the bind-chroot package.
139 With this extra security comes some restrictions:
141 By default, the SELinux policy does not allow named to write any master
143 zone database files. Only the root user may create files in the
144 $ROOTDIR/var/named zone database file directory (the options {
145 "directory" } option), where $ROOTDIR is set in /etc/sysconfig/named.
146 The "named" group must be granted read privelege to these files in
148 order for named to be enabled to read them.
149 Any file created in the zone database file directory is automatically
151 assigned the SELinux file context named_zone_t .
152 By default, SELinux prevents any role from modifying named_zone_t
154 files; this means that files in the zone database directory cannot be
155 modified by dynamic DNS (DDNS) updates or zone transfers.
156 The Red Hat BIND distribution and SELinux policy creates three
158 directories where named is allowed to create and modify files:
159 /var/named/slaves, /var/named/dynamic and /var/named/data. By placing
160 files you want named to modify, such as slave or DDNS updateable zone
161 files and database / statistics dump files in these directories, named
162 will work normally and no further operator action is required. Files in
163 these directories are automatically assigned the 'named_cache_t' file
164 context, which SELinux allows named to write.
165 You can enable the named_t domain to write and create named_zone_t
167 files by use of the SELinux tunable boolean variable
168 "named_write_master_zones", using the setsebool(8) command or the
169 system-config-security GUI . If you do this, you must also set the
170 ENABLE_ZONE_WRITE variable in /etc/sysconfig/named to 1 / yes to set
171 the ownership of files in the $ROOTDIR/var/named directory to
172 named:named in order for named to be allowed to write them. NOTE: this
173 approach is deprecated and will be drop in future releases
174 Red Hat BIND named_sdb SDB support:
176 Red Hat ships the bind-sdb RPM that provides the /usr/sbin/named_sdb
178 program, which is named compiled with the Simplified Database Backend
179 modules that ISC provides in the "contrib/sdb" directory.
180 The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled
182 into named_sdb.
183 To run named_sdb, set the ENABLE_SDB variable in /etc/sysconfig/named
185 to 1 or "yes", and then the "service named start" named initscript will
186 run named_sdb instead of named .
187 See the documentation for the various SDB modules in
189 /usr/share/doc/bind-sdb-*/ .
190 Red Hat system-config-bind:
192 Red Hat provides the system-config-bind GUI to configure named.conf and
194 zone database files. Run the "system-config-bind" command and access
195 the manual by selecting the Help menu.
196
198 RFC 1033, RFC 1034, RFC 1035, named-checkconf(8), named-checkzone(8),
199 rndc(8), lwresd(8), named.conf(5), BIND 9 Administrator Reference
200 Manual.
201
203 Internet Systems Consortium
204
206 Copyright © 2004-2007 Internet Systems Consortium, Inc. ("ISC")
207 Copyright © 2000, 2001, 2003 Internet Software Consortium.
208BIND9 June 30, 2000 NAMED(8)