named



NAMED(8)                                                              NAMED(8)




NAME

       named - Internet domain name server


SYNOPSIS

       named [ -4 ]  [ -6 ]  [ -c config-file ]  [ -d debug-level ]  [ -f ]  [
       -g ]  [ -n #cpus ]  [ -p port ]  [ -s ]  [ -t directory ]  [ -u user  ]
       [ -v ]  [ -x cache-file ]


DESCRIPTION

       named  is a Domain Name System (DNS) server, part of the BIND 9 distri-
       bution from ISC. For more information on the DNS, see RFCs 1033,  1034,
       and 1035.

       When  invoked without arguments, named will read the default configura-
       tion file /etc/named.conf,  read  any  initial  data,  and  listen  for
       queries.


OPTIONS

       -4     Use  IPv4  only even if the host machine is capable of IPv6.  -4
              and -6 are mutually exclusive.

       -6     Use IPv6 only even if the host machine is capable of  IPv4.   -4
              and -6 are mutually exclusive.

       -c config-file
              Use  config-file  as  the  configuration  file  instead  of  the
              default, /etc/named.conf. To ensure that reloading the  configu-
              ration  file  continues to work after the server has changed its
              working directory due to to a possible directory option  in  the
              configuration  file, config-file should be an absolute pathname.

       -d debug-level
              Set the daemon’s debug level to debug-level.   Debugging  traces
              from named become more verbose as the debug level increases.

       -f     Run the server in the foreground (i.e. do not daemonize).

       -g     Run  the  server  in  the  foreground  and  force all logging to
              stderr.

       -n #cpus
              Create #cpus worker threads to take advantage of multiple  CPUs.
              If not specified, named will try to determine the number of CPUs
              present and create one thread per  CPU.   If  it  is  unable  to
              determine  the  number  of  CPUs, a single worker thread will be
              created.

       -p port
              Listen for queries on port port. If not specified,  the  default
              is port 53.

       -s     Write memory usage statistics to stdout on exit.

              Note: This option is mainly of interest to BIND 9 developers and
              may be removed or changed in a future release.


       -t directory
              chroot() to directory after processing the  command  line  argu-
              ments, but before reading the configuration file.

              Warning:  This  option should be used in conjunction with the -u
              option, as chrooting a process running as root  doesn’t  enhance
              security  on  most systems; the way chroot() is defined allows a
              process with root privileges to escape a chroot jail.


       -u user
              setuid() to user after completing privileged operations, such as
              creating sockets that listen on privileged ports.

              Note:  On Linux, named uses the kernel’s capability mechanism to
              drop all root privileges except the ability to bind() to a priv-
              ileged  port  and  set  process resource limits.  Unfortunately,
              this means that the -u option only works when named  is  run  on
              kernel  2.2.18  or  later, or kernel 2.3.99-pre3 or later, since
              previous kernels did not allow privileges to be  retained  after
              setuid().


       -v     Report the version number and exit.

       -x cache-file
              Load data from cache-file into the cache of the default view.

              Warning: This option must not be used. It is only of interest to
              BIND 9 developers and may be removed  or  changed  in  a  future
              release.


       -D     Enable  dynamic  management  of  the forwarding table with D-BUS
              messages. This option is required  for  Red  Hat  NetworkManager
              support. See doc/README.DBUS .



SIGNALS

       In  routine  operation, signals should not be used to control the name-
       server; rndc should be used instead.

       SIGHUP Force a reload of the server.

       SIGINT, SIGTERM
              Shut down the server.

       The result of sending any other signals to the server is undefined.



CONFIGURATION

       The named configuration file is too complex to describe in detail here.
       A  complete  description is provided in the BIND 9 Administrator Refer-
       ence Manual.



NOTES

       Red Hat SELinux BIND Security Profile:

       By default, Red Hat ships BIND with the most secure SELinux policy that
       will not prevent normal BIND operation and will prevent exploitation of
       all known BIND security vulnerabilities . See the selinux(8)  man  page
       for information about SElinux.

       It is not necessary to run named in a chroot environment if the Red Hat
       SELinux policy for named is enabled. When enabled, this policy  is  far
       more secure than a chroot environment.

       With this extra security comes some restrictions:
       By default, the SELinux policy does not allow named to write any master
       zone database files. Only  the  root  user  may  create  files  in  the
       $ROOTDIR/var/named  zone database file directory (the options { "direc-
       tory" } option), where $ROOTDIR is set in /etc/sysconfig/named.
       The "named" group must be granted read  privelege  to  these  files  in
       order for named to be enabled to read them.
       Any  file  created in the zone database file directory is automatically
       assigned the SELinux file context named_zone_t .
       By default, SELinux  prevents  any  role  from  modifying  named_zone_t
       files;  this  means that files in the zone database directory cannot be
       modified by dynamic DNS (DDNS) updates or zone transfers.
       The Red Hat BIND distribution and SELinux policy creates  two  directo-
       ries  where  named  is  allowed  to  create  and  modify  files: $ROOT-
       DIR/var/named/slaves and $ROOTDIR/var/named/data. By placing files  you
       want  named  to modify, such as slave or DDNS updateable zone files and
       database / statistics dump files in these directories, named will  work
       normally  and  no  further  operator action is required. Files in these
       directories are automatically assigned the  ’named_cache_t’  file  con-
       text, which SELinux allows named to write.
       You  can  enable  the  named_t  domain to write and create named_zone_t
       files by use of the SELinux tunable boolean variable  "named_write_mas-
       ter_zones",  using  the setsebool(8) command or the system-config-secu-
       rity GUI . If you do this, you  must  also  set  the  ENABLE_ZONE_WRITE
       variable  in  /etc/sysconfig/named  to  1 / yes to set the ownership of
       files in the $ROOTDIR/var/named directory to named:named in  order  for
       named to be allowed to write them.

       Red Hat BIND named_sdb SDB support:

       Red  Hat  ships  the bind-sdb RPM that provides the /usr/sbin/named_sdb
       program, which is named compiled with the Simplified  Database  Backend
       modules that ISC provides in the "contrib/sdb" directory.
       The  SDB  modules  for  LDAP,  PostGreSQL  and  DirDB are compiled into
       named_sdb.
       To run named_sdb, set the ENABLE_SDB variable  in  /etc/sysconfig/named
       to 1 or "yes", and then the "service named start" named initscript will
       run named_sdb instead of named .
       See   the   documentation   for   the   various    SDB    modules    in
       /usr/share/doc/bind-sdb-*/ .

       Red Hat system-config-bind:

       Red Hat provides the system-config-bind GUI to configure named.conf and
       zone database files. Run the "system-config-bind"  command  and  access
       the manual by selecting the Help menu.



FILES

       /etc/named.conf
              The default configuration file.

       /var/run/named.pid
              The default process-id file.


SEE ALSO

       RFC  1033, RFC 1034, RFC 1035, rndc(8), lwresd(8), BIND 9 Administrator
       Reference Manual. (ARM)
       The ARM is shipped in /usr/share/doc/bind-9*/arm/Bv9ARM.html .


AUTHOR

       Internet Systems Consortium



BIND9                            June 30, 2000                        NAMED(8)

Man(1) output converted with man2html