Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
NAMED(8)			    BIND 9			      NAMED(8)

NAME
       named - Internet	domain name server

SYNOPSIS
       named  [	 [-4]  |  [-6]	]  [-c	config-file] [-C] [-d debug-level] [-D
       string] [-E engine-name]	[-f] [-g] [-L logfile] [-M option]  [-m	 flag]
       [-n #cpus] [-p port] [-s] [-t directory]	[-u user] [-v] [-V] ]

DESCRIPTION
       named is	a Domain Name System (DNS) server, part	of the BIND 9 distrib-
       ution  from  ISC.  For  more  information on the	DNS, see RFC 1033, RFC
       1034, and RFC 1035.

       When invoked without arguments, named reads the	default	 configuration
       file /usr/local/etc/namedb/named.conf, reads any	initial	data, and lis-
       tens for	queries.

OPTIONS
       -4     This  option  tells named	to use only IPv4, even if the host ma-
	      chine is capable of IPv6.	-4 and -6 are mutually exclusive.

       -6     This option tells	named to use only IPv6,	even if	the  host  ma-
	      chine is capable of IPv4.	-4 and -6 are mutually exclusive.

       -c config-file
	      This  option tells named to use config-file as its configuration
	      file instead of the  default,  /usr/local/etc/namedb/named.conf.
	      To  ensure that the configuration	file can be reloaded after the
	      server has changed its working directory due to  to  a  possible
	      directory	 option	 in the	configuration file, config-file	should
	      be an absolute pathname.

       -C     This option prints out the default  built-in  configuration  and
	      exits.

	      NOTE: This is for	debugging purposes only	and is not an accurate
	      representation of	the actual configuration used by named at run-
	      time.

       -d debug-level
	      This option sets the daemon's debug level	to debug-level.	Debug-
	      ging  traces  from  named	become more verbose as the debug level
	      increases.

       -D string
	      This option specifies a string that is used to  identify	a  in-
	      stance of	named in a process listing. The	contents of string are
	      not examined.

       -E engine-name
	      When  applicable,	 this option specifies the hardware to use for
	      cryptographic operations,	such as	a secure key  store  used  for
	      signing.

	      When  BIND  9 is built with OpenSSL, this	needs to be set	to the
	      OpenSSL engine identifier	that drives the	cryptographic acceler-
	      ator or hardware service module (usually pkcs11).

       -f     This option runs the server in the foreground (i.e., do not dae-
	      monize).

       -F     This options turns on FIPS (US  Federal  Information  Processing
	      Standards)  mode if the underlying crytographic library supports
	      running in FIPS mode.

       -g     This option runs the server in the  foreground  and  forces  all
	      logging to stderr.

       -L logfile
	      This option sets the log to the file logfile by default, instead
	      of the system log.

       -M option
	      This  option  sets  the default (comma-separated)	memory context
	      options. The possible flags are:

	      	fill: fill blocks of memory with tag values when they are  al-
		located	or freed, to assist debugging of memory	problems; this
		is  the	implicit default if named has been compiled with --en-
		able-developer.

	      	nofill:	disable	the behavior enabled by	fill; this is the  im-
		plicit	default	 unless	 named	has  been  compiled with --en-
		able-developer.

       -m flag
	      This option turns	on  memory  usage  debugging  flags.  Possible
	      flags are	usage, trace, record, size, and	mctx. These correspond
	      to the ISC_MEM_DEBUGXXXX flags described in <isc/mem.h>.

       -n #cpus
	      This  option  creates  #cpus worker threads to take advantage of
	      multiple CPUs. If	not specified, named tries  to	determine  the
	      number  of CPUs present and creates one thread per CPU. If it is
	      unable to	determine the number of	CPUs, a	single	worker	thread
	      is created.

       -p value
	      This  option specifies the port(s) on which the server will lis-
	      ten for queries. If value	is of the form <portnum> or dns=<port-
	      num>, the	server will listen for DNS queries on portnum; if  not
	      not  specified,  the default is port 53. If value	is of the form
	      tls=<portnum>, the server	will listen for	TLS queries  on	 port-
	      num;  the	 default is 853.  If value is of the form https=<port-
	      num>, the	server will listen for HTTPS queries on	 portnum;  the
	      default  is  443.	  If  value is of the form http=<portnum>, the
	      server will listen for HTTP queries on portnum; the  default  is
	      80.

       -s     This option writes memory	usage statistics to stdout on exit.

       NOTE:
	  This	option	is  mainly of interest to BIND 9 developers and	may be
	  removed or changed in	a future release.

       -t directory
	      This option tells	named to chroot	to directory after  processing
	      the command-line arguments, but before reading the configuration
	      file.

       WARNING:
	  This option should be	used in	conjunction with the -u	option,	as ch-
	  rooting  a  process running as root doesn't enhance security on most
	  systems; the way chroot is defined allows a process with root	privi-
	  leges	to escape a chroot jail.

       -U #listeners
	      This option has been removed. Attempts to	use it now result in a
	      warning.

       -u user
	      This option sets the setuid to user after	completing  privileged
	      operations,  such	 as creating sockets that listen on privileged
	      ports.

       NOTE:
	  On Linux, named uses the kernel's capability mechanism to  drop  all
	  root	privileges except the ability to bind to a privileged port and
	  set process resource limits. Unfortunately, this means that  the  -u
	  option  only	works  when named is run on kernel 2.2.18 or later, or
	  kernel 2.3.99-pre3 or	later, since previous kernels  did  not	 allow
	  privileges to	be retained after setuid.

       -v     This option reports the version number and exits.

       -V     This option reports the version number, build options, supported
	      cryptographics algorithms, and exits.

       -X lock-file
	      This option has been removed and using it	will cause a fatal er-
	      ror.

SIGNALS
       In  routine  operation, signals should not be used to control the name-
       server; rndc should be used instead.

       SIGHUP This signal forces a reload of the server.

       SIGINT, SIGTERM
	      These signals shut down the server.

       The result of sending any other signals to the server is	undefined.

CONFIGURATION
       The named configuration file is too complex to describe in detail here.
       A complete description is provided in the BIND 9	 Administrator	Refer-
       ence Manual.

       named  inherits	the  umask  (file  creation mode mask) from the	parent
       process.	If files created by named, such	as journal files, need to have
       custom permissions, the umask should be set explicitly  in  the	script
       used to start the named process.

FILES
       /usr/local/etc/namedb/named.conf
	      The default configuration	file.

       /var/run/named.pid
	      The default process-id file.

SEE ALSO
       RFC  1033,  RFC 1034, RFC 1035, named-checkconf(8), named-checkzone(8),
       rndc(8),	named.conf(5), BIND 9 Administrator Reference Manual.

AUTHOR
       Internet	Systems	Consortium

COPYRIGHT
       2024, Internet Systems Consortium

9.20.2				  2024-09-09			      NAMED(8)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | SIGNALS | CONFIGURATION | FILES | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=named&manpath=FreeBSD+14.2-RELEASE+and+Ports>

home | help