System Administration Commands named(1M)
NAME
named, in.named - Internet domain name server
SYNOPSIS
named [-fgsv] [-c config-file] [-d debug-level] [-m flag] [-n #cpus]
[-p port] [-t directory] [-u user] [-x cache-file] [-4 -6]
DESCRIPTION
The named utility is a Domain Name System (DNS) server, part
of the BIND 9 distribution from ISC. For more information on
the DNS, see RFCs 1033, 1034, and 1035.
When invoked without arguments, named reads the default con-
figuration file /etc/named.conf, reads any initial data, and
listens for queries.
in.named is a link to named.
OPTIONS
The following options are supported:
-4
Use only IPv4 transport. By default, both IPv4 and IPv6
transports can be used. Options -4 and -6 are mutually
exclusive.
-6
Use only IPv6 transport. By default, both IPv4 and IPv6
transports can be used. Options -4 and -6 are mutually
exclusive.
-c config-file
Use config-file as the configuration file instead of the
default /etc/named.conf. To ensure that reloading the
configuration file continues to work after the server
has changed its working directory due to to a possible
directory option in the configuration file, config-file
should be an absolute pathname.
-d debug-level
Set the daemon's debug level to debug-level. Debugging
traces from named become more verbose as the debug level
SunOS 5.11 Last change: 6 Mar 2009 1
System Administration Commands named(1M)
increases.
-f
Run the server in the foreground (that is, do not dae-
monize).
-g
Run the server in the foreground and force all logging
to stderr.
-m flag
Turn on memory usage debugging flags. Possible flags are
"usage", "trace", and "record". These correspond to the
ISCMEMDEBUGX flags.
-n #cpus
Create #cpus worker threads to take advantage of multi-
ple CPUs. If not specified, named will try to determine
the number of CPUs present and create one thread per
CPU. If it is unable to determine the number of CPUs, a
single worker thread will be created.
-p port
Listen for queries on port port. If not specified, the
default is port 53.
-s
Write memory usage statistics to stdout on exit.
This option is mainly of interest to BIND 9 developers
and might be removed or changed in a future release.
-t directory
Change the root directory using chroot(2) to directory
after processing the command line arguments, but before
reading the configuration file.
This option should be used in conjunction with the -u
SunOS 5.11 Last change: 6 Mar 2009 2
System Administration Commands named(1M)
option, as chrooting a process running as root doesn't
enhance security on most systems; the way chroot() is
defined allows a process with root privileges to escape
a chroot jail.
-u user
Set the real user ID using setuid(2) to user after com-
pleting privileged operations, such as creating sockets
that listen on privileged ports.
On Linux, named uses the kernel's capability mechanism
to drop all root privileges except the ability to use
bind(3SOCKET) to bind to a privileged port and set pro-
cess resource limits. Unfortunately, this means that the
-u option works only when named is run on kernel 2.2.18
or later, or kernel 2.3.99-pre3 or later, since previous
kernels did not allow privileges to be retained after
setuid().
-v
Report the version number and exit.
-x cache-file
Load data from cache-file into the cache of the default
view.
This option must not be used. It is of interest only to
BIND 9 developers and might be removed or changed in a
future release.
EXTENDED DESCRIPTION
This section describes additional attributes of named.
SMF Properties
When starting named from the service management facility,
smf(5), named configuration is read from the service confi-
guration repository. Use svcprop(1) to list the properties
and svccfg(1M) to make changes.
The following application configuration properties are
available to administrators:
options/server
SunOS 5.11 Last change: 6 Mar 2009 3
System Administration Commands named(1M)
Specifies the server executable to be used instead of
the default server, /usr/sbin/named.
options/configurationfile
Specifies the configuration file to be used instead of
the default, /etc/named.conf. A directory option might
be specified in the configuration file. To ensure that
reloading the configuration file continues to work in
such a situation, configurationfile should be specified
as an absolute pathname. This pathname should not
include the chrootdir pathname. This property is the
equivalent of the -c option.
options/ipinterfaces
Specifies over which IP transport, IPv4 or IPv6, BIND
will transmit. Possible values are IPv4 or IPv6. Any
other setting assumes all, the default. This property is
the equivalent of command line option -4 or -6
options/listenonport
Specifies the default UDP and TCP port to be used for
listening to DNS requests. This property is the
equivalent of the command line option -p port.
options/debuglevel
Specifies the default debug level. The default is 0,
which means no debugging. The higher the number the more
verbose debug information becomes. Equivalent of the
command line option -d debuglevel.
options/threads
Specifies the number of CPU worker threads to create.
The default of 0 causes named to try and determine the
number of CPUs present and create one thread per CPU.
Equivalent of command line option -n #cpus.
options/chrootdir
Specifies the directory to be used as the root directory
after processing SMF properties and the command line
arguments but before reading the configuration file. Use
SunOS 5.11 Last change: 6 Mar 2009 4
System Administration Commands named(1M)
this property when using a chroot(2) environment.
Synonymous to command line option -t pathname.
When using chroot(2), named is unable to disable itself
when receiving rndc(1M) stop or halt commands. Instead,
you must use the svcadm(1M) disable command.
In the event of a configuration error originating in one of
the above SMF application options, named displays a message
providing information about the error and the parameters
that need correcting. The process then exits with exit code
SMFEXITERCONFIG.
At startup, in the event of an error other than a configura-
tion error, named exits with exit code SMFEXITERFATAL.
Both of this code and SMFEXITERCONFIG cause the start
method, smfmethod(5), to place the service in the mainte-
nance state, which can be observed with the svcs(1) command
svcs -x.
In addition to the properties listed above, the following
property can be used to invoke named as a user other than
root:
start/user
Specifies the identity of the user that is invoking
named. See smfmethod(5) and chroot(2). Note that the
user must have solaris.smf.manage.bind authorization.
Without this role the named will be unable to manage its
SMF FMRI and named will automatically be restarted by
the SMF after an rndc(1M) stop or halt command. See
EXAMPLES for a sequence of commands that establishes the
correct authorization.
SIGNALS
In routine operation, signals should not be used to control
the nameserver; rndc(1M) should be used instead.
SIGHUP
Force a reload of the server.
SIGINT, SIGTERM
Shut down the server.
SunOS 5.11 Last change: 6 Mar 2009 5
System Administration Commands named(1M)
The result of sending any other signals to the server is
undefined.
Configuration
The named configuration file is too complex to describe in
detail here. A list of configuration options is provided in
the named.conf man page shipped with the BIND 9 distribu-
tion. A complete description is provided in the BIND 9
Administrator Reference Manual. See SEE ALSO.
EXAMPLES
Example 1 Configuring named to Transmit Only over IPv4 Net-
works
The following command sequence configures named such that it
will transmit only over IPv4 networks.
# svccfg -s svc:network/dns/server:default setprop \
> options/ipinterfaces=IPv4
# svcadm refresh svc:network/dns/server:default
#
Example 2 Listing Current Configuration File and Setting an
Alternative File
The following sequence of commands lists the current named
configuration file and sets an alternative file.
# svcprop -p options/configurationfile dns/server:default
/etc/named.conf
# svccfg -s dns/server:default setprop \
> options/configurationfile=/var/named/named.conf
# svcadm refresh dns/server:default
# svcprop -p options/configurationfile dns/server:default
/var/named/named.conf
Example 3 Establishing Appropriate Authorization for named
To have named start with the solaris.smf.manage.bind author-
ization, perform the steps shown below.
SunOS 5.11 Last change: 6 Mar 2009 6
System Administration Commands named(1M)
Add the user dnsadmin to the solaris.smf.manage.bind role:
# usermod -A solaris.smf.manage.bind dnsadmin
Observe effect of command:
# tail -1 /etc/userattr
dnsadmin::::type=normal;auths=solaris.smf.manage.bind
Modify the service properties:
# svccfg
svc:> select svc:/network/dns/server:default
svc:/network/dns/server:default> setprop start/user = dnsadmin
svc:/network/dns/server:default> setprop start/group = dnsadmin
svc:/network/dns/server:default> exit
# svcadm refresh svc:/network/dns/server:default
# svcadm restart svc:/network/dns/server:default
Because only root has write access to create the default
process-ID file, /var/run/named.pid, named must be config-
ured to use an alternative path for the user dnsadmin. Here
is an example of how to accomplish this:
# mkdir /var/named/tmp
# chown dnsadmin /var/named/tmp
Shown below is what you must add to named.conf to make use
of the directory created above.
# head /etc/named.conf
options {
directory "/var/named";
pid-file "/var/named/tmp/named.pid";
};
FILES
/etc/named.conf
SunOS 5.11 Last change: 6 Mar 2009 7
System Administration Commands named(1M)
default configuration file
/var/run/named.pid
default process-ID file
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWbind
Interface Stability Standard
SEE ALSO
svcs(1), rndc(1M), rndc-confgen(1M), svcadm(1M), svccfg(1M),
svcprop(1), chroot(2), setuid(2), bind(3SOCKET), attri-
butes(5), smf(5), smfmethod(5)
RFC 1033, RFC 1034, RFC 1035
BIND 9 Administrator Reference Manual, published by the
Internet Systems Consortium and accessible at www.bind9.net
named.conf man page shipped with the BIND 9 distribution
BUGS
By default, named attempts to contact remote name servers by
either their IPv4 or IPv6 address, even though the host sys-
tem does not have either IPv4 or IPv6 connectivity (that is,
a configured and active interface). To address this issue,
either provide the missing connectivity or use the relevant
-4 or -6 command line option. When using svccfg(1M), set
application property options/ipinterfaces to either IPv4 or
IPv6.
SunOS 5.11 Last change: 6 Mar 2009 8
|
