[thirdparty/man-pages.git] / man5 / host.conf.5

.\" Copyright (c) 1997 Martin Schulze (joey@infodrom.north.de)
.\" Much of the text is copied from the manpage of resolv+(8).
.\"
.\" %%%LICENSE_START(GPLv2+_DOC_FULL)
.\" This is free documentation; you can redistribute it and/or
.\" modify it under the terms of the GNU General Public License as
.\" published by the Free Software Foundation; either version 2 of
.\" the License, or (at your option) any later version.
.\"
.\" The GNU General Public License's references to "object code"
.\" and "executables" are to be interpreted as the output of any
.\" document formatting or typesetting system, including
.\" intermediate and printed output.
.\"
.\" This manual is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public
.\" License along with this manual; if not, see
.\" <http://www.gnu.org/licenses/>.
.\" %%%LICENSE_END
.\"
.\" 2003-08-23 Martin Schulze <joey@infodrom.org> Updated according to glibc 2.3.2
.TH HOST.CONF 5 2019-03-06 "Linux" "Linux System Administration"
.SH NAME
host.conf \- resolver configuration file
.SH DESCRIPTION
The file
.I /etc/host.conf
contains configuration information specific to the resolver library.
It should contain one configuration keyword per line, followed by
appropriate configuration information.
The following keywords are recognized:
.TP
.I trim
This keyword may be listed more than once.
Each time it should be
followed by a list of domains, separated by colons (\(aq:\(aq), semicolons
(\(aq;\(aq) or commas (\(aq,\(aq), with the leading dot.
When set, the
resolver library will automatically trim the given domain name from the
end of any hostname resolved via DNS.
This is intended for use with
local hosts and domains.
(Related note:
.I trim
will not affect hostnames gathered via NIS or the
.BR hosts (5)
file.
Care should be taken to
ensure that the first hostname for each entry in the hosts file is
fully qualified or unqualified, as appropriate for the local
installation.)
.TP
.I multi
Valid values are
.IR on " and " off .
If set to
.IR on ,
the resolver library will return all valid addresses for a host that
appears in the
.I /etc/hosts
file,
instead of only the first.
This is
.I off
by default, as it may cause a substantial performance loss at sites
with large hosts files.
.TP
.I reorder
Valid values are
.IR on " and " off .
If set to
.IR on ,
the resolver library
will attempt to reorder host addresses so that local addresses
(i.e., on the same subnet) are listed first when a
.BR gethostbyname (3)
is performed.
Reordering is done for all lookup methods.
The default value is
.IR off .
.SH ENVIRONMENT
The following environment variables can be used to allow users to
override the behavior which is configured in
.IR /etc/host.conf :
.TP
.B RESOLV_HOST_CONF
If set, this variable points to a file that should be read instead of
.IR /etc/host.conf .
.TP
.B RESOLV_MULTI
Overrides the
.I multi
command.
.TP
.B RESOLV_REORDER
Overrides the
.I reorder
command.
.TP
.B RESOLV_ADD_TRIM_DOMAINS
A list of domains,  separated by colons (\(aq:\(aq), semicolons (\(aq;\(aq) or
commas (\(aq,\(aq), with the leading dot, which will be added to the list of
domains that should be trimmed.
.TP
.B RESOLV_OVERRIDE_TRIM_DOMAINS
A list of domains,  separated by colons (\(aq:\(aq), semicolons (\(aq;\(aq) or
commas (\(aq,\(aq), with the leading dot, which will replace the list of
domains that should be trimmed.
Overrides the
.I trim
command.
.SH FILES
.TP
.I /etc/host.conf
Resolver configuration file
.TP
.I /etc/resolv.conf
Resolver configuration file
.TP
.I /etc/hosts
Local hosts database
.SH NOTES
The following differences exist compared to the original implementation.
A new command
.I spoof
and a new environment variable
.B RESOLV_SPOOF_CHECK
can take arguments like
.IR off ", " nowarn ", and " warn .
Line comments can appear anywhere and not only at the beginning of a line.
.SS Historical
The
.BR nsswitch.conf (5)
file is the modern way of controlling the order of host lookups.
.PP
In glibc 2.4 and earlier, the following keyword is recognized:
.TP
.I order
This keyword specifies how host lookups are to be performed.
It should be followed by one or more lookup methods, separated by commas.
Valid methods are
.IR bind ", " hosts ", and " nis .
.TP
.B RESOLV_SERV_ORDER
Overrides the
.I order
command.
.PP
.\" commit 7d68cdaa4f748e87ee921f587ee2d483db624b3d
Since glibc 2.0.7, and up through glibc 2.24, the following keywords and environment variable have
been recognized but never implemented:
.TP
.I nospoof
Valid values are
.IR on " and " off .
If set to
.IR on ,
the resolver library will attempt to prevent hostname spoofing to
enhance the security of
.BR rlogin " and " rsh .
It works as follows: after performing a host address lookup,
the resolver library will perform a hostname lookup for that address.
If the two hostnames
do not match, the query fails.
The default value is
.IR off .
.TP
.I spoofalert
Valid values are
.IR on " and " off .
If this option is set to
.I on
and the
.I nospoof
option is also set,
the resolver library will log a warning of the error via the
syslog facility.
The default value is
.IR off .
.TP
.I spoof
Valid values are
.IR off ", " nowarn ", and " warn .
If this option is set to
.IR off ,
spoofed addresses are permitted and no warnings will be emitted
via the syslog facility.
If this option is set to
.IR warn ,
the resolver library will attempt to prevent hostname spoofing to
enhance the security and log a warning of the error via the syslog
facility.
If this option is set to
.IR nowarn ,
the resolver library will attempt to prevent hostname spoofing to
enhance the security but not emit warnings via the syslog facility.
Setting this option to anything else is equal to setting it to
.IR nowarn .
.TP
.B RESOLV_SPOOF_CHECK
Overrides the
.IR nospoof ", " spoofalert ", and " spoof
commands in the same way as the
.I spoof
command is parsed.
Valid values are
.IR off ", " nowarn ", and " warn .
.SH SEE ALSO
.BR gethostbyname (3),
.BR hosts (5),
.BR nsswitch.conf (5),
.BR resolv.conf (5),
.BR hostname (7),
.BR named (8)
Commit	Line	Data
fea681da	1	.\" Copyright (c) 1997 Martin Schulze (joey@infodrom.north.de)
c2ac5c4e	2	.\" Much of the text is copied from the manpage of resolv+(8).
fea681da	3	.\"
1dd72f9c	4	.\" %%%LICENSE_START(GPLv2+_DOC_FULL)
fea681da MK	5	.\" This is free documentation; you can redistribute it and/or
	6	.\" modify it under the terms of the GNU General Public License as
	7	.\" published by the Free Software Foundation; either version 2 of
	8	.\" the License, or (at your option) any later version.
	9	.\"
	10	.\" The GNU General Public License's references to "object code"
	11	.\" and "executables" are to be interpreted as the output of any
	12	.\" document formatting or typesetting system, including
	13	.\" intermediate and printed output.
	14	.\"
	15	.\" This manual is distributed in the hope that it will be useful,
	16	.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	.\" GNU General Public License for more details.
	19	.\"
	20	.\" You should have received a copy of the GNU General Public
c715f741 MK	21	.\" License along with this manual; if not, see
c715f741 MK	22	.\" <http://www.gnu.org/licenses/>.
6a8d8745	23	.\" %%%LICENSE_END
fea681da	24	.\"
fea681da	25	.\" 2003-08-23 Martin Schulze <joey@infodrom.org> Updated according to glibc 2.3.2
9ba01802	26	.TH HOST.CONF 5 2019-03-06 "Linux" "Linux System Administration"
fea681da MK	27	.SH NAME
	28	host.conf \- resolver configuration file
	29	.SH DESCRIPTION
	30	The file
	31	.I /etc/host.conf
	32	contains configuration information specific to the resolver library.
	33	It should contain one configuration keyword per line, followed by
c13182ef	34	appropriate configuration information.
0921ce4a	35	The following keywords are recognized:
fea681da	36	.TP
c13182ef MK	37	.I trim
	38	This keyword may be listed more than once.
	39	Each time it should be
f81fb444 MK	40	followed by a list of domains, separated by colons (\(aq:\(aq), semicolons
f81fb444 MK	41	(\(aq;\(aq) or commas (\(aq,\(aq), with the leading dot.
c13182ef	42	When set, the
6e9c8c17	43	resolver library will automatically trim the given domain name from the
c13182ef MK	44	end of any hostname resolved via DNS.
	45	This is intended for use with
	46	local hosts and domains.
3845a120 MK	47	(Related note:
3845a120 MK	48	.I trim
68d8192f MK	49	will not affect hostnames gathered via NIS or the
	50	.BR hosts (5)
	51	file.
c13182ef	52	Care should be taken to
fea681da	53	ensure that the first hostname for each entry in the hosts file is
f177a935	54	fully qualified or unqualified, as appropriate for the local
fea681da MK	55	installation.)
	56	.TP
	57	.I multi
	58	Valid values are
	59	.IR on " and " off .
	60	If set to
	61	.IR on ,
6e9c8c17	62	the resolver library will return all valid addresses for a host that
fea681da MK	63	appears in the
	64	.I /etc/hosts
	65	file,
c13182ef MK	66	instead of only the first.
c13182ef MK	67	This is
fea681da MK	68	.I off
	69	by default, as it may cause a substantial performance loss at sites
	70	with large hosts files.
	71	.TP
fea681da MK	72	.I reorder
	73	Valid values are
	74	.IR on " and " off .
	75	If set to
	76	.IR on ,
6e9c8c17 MK	77	the resolver library
6e9c8c17 MK	78	will attempt to reorder host addresses so that local addresses
fea681da MK	79	(i.e., on the same subnet) are listed first when a
fea681da MK	80	.BR gethostbyname (3)
c13182ef MK	81	is performed.
	82	Reordering is done for all lookup methods.
	83	The default value is
fea681da MK	84	.IR off .
fea681da MK	85	.SH ENVIRONMENT
0921ce4a	86	The following environment variables can be used to allow users to
c13182ef	87	override the behavior which is configured in
0921ce4a	88	.IR /etc/host.conf :
fea681da MK	89	.TP
fea681da MK	90	.B RESOLV_HOST_CONF
bd4144a1	91	If set, this variable points to a file that should be read instead of
fea681da MK	92	.IR /etc/host.conf .
fea681da MK	93	.TP
fea681da MK	94	.B RESOLV_MULTI
	95	Overrides the
	96	.I multi
	97	command.
	98	.TP
	99	.B RESOLV_REORDER
	100	Overrides the
	101	.I reorder
	102	command.
	103	.TP
	104	.B RESOLV_ADD_TRIM_DOMAINS
f81fb444 MK	105	A list of domains, separated by colons (\(aq:\(aq), semicolons (\(aq;\(aq) or
f81fb444 MK	106	commas (\(aq,\(aq), with the leading dot, which will be added to the list of
fea681da MK	107	domains that should be trimmed.
	108	.TP
	109	.B RESOLV_OVERRIDE_TRIM_DOMAINS
f81fb444 MK	110	A list of domains, separated by colons (\(aq:\(aq), semicolons (\(aq;\(aq) or
f81fb444 MK	111	commas (\(aq,\(aq), with the leading dot, which will replace the list of
c13182ef MK	112	domains that should be trimmed.
c13182ef MK	113	Overrides the
fea681da MK	114	.I trim
	115	command.
	116	.SH FILES
	117	.TP
	118	.I /etc/host.conf
	119	Resolver configuration file
	120	.TP
	121	.I /etc/resolv.conf
	122	Resolver configuration file
	123	.TP
	124	.I /etc/hosts
	125	Local hosts database
	126	.SH NOTES
	127	The following differences exist compared to the original implementation.
	128	A new command
	129	.I spoof
	130	and a new environment variable
	131	.B RESOLV_SPOOF_CHECK
	132	can take arguments like
3845a120	133	.IR off ", " nowarn ", and " warn .
fea681da	134	Line comments can appear anywhere and not only at the beginning of a line.
0921ce4a	135	.SS Historical
e51f148a SA	136	The
	137	.BR nsswitch.conf (5)
	138	file is the modern way of controlling the order of host lookups.
	139	.PP
0921ce4a SP	140	In glibc 2.4 and earlier, the following keyword is recognized:
	141	.TP
	142	.I order
	143	This keyword specifies how host lookups are to be performed.
	144	It should be followed by one or more lookup methods, separated by commas.
	145	Valid methods are
	146	.IR bind ", " hosts ", and " nis .
e51f148a	147	.TP
0921ce4a	148	.B RESOLV_SERV_ORDER
3845a120 MK	149	Overrides the
	150	.I order
	151	command.
0921ce4a	152	.PP
c8097a40 NF	153	.\" commit 7d68cdaa4f748e87ee921f587ee2d483db624b3d
c8097a40 NF	154	Since glibc 2.0.7, and up through glibc 2.24, the following keywords and environment variable have
e51f148a SA	155	been recognized but never implemented:
	156	.TP
	157	.I nospoof
	158	Valid values are
	159	.IR on " and " off .
	160	If set to
	161	.IR on ,
6e9c8c17	162	the resolver library will attempt to prevent hostname spoofing to
e51f148a SA	163	enhance the security of
e51f148a SA	164	.BR rlogin " and " rsh .
6e9c8c17 MK	165	It works as follows: after performing a host address lookup,
6e9c8c17 MK	166	the resolver library will perform a hostname lookup for that address.
e51f148a	167	If the two hostnames
a23d8efa	168	do not match, the query fails.
e51f148a SA	169	The default value is
	170	.IR off .
	171	.TP
	172	.I spoofalert
	173	Valid values are
	174	.IR on " and " off .
	175	If this option is set to
	176	.I on
	177	and the
	178	.I nospoof
6e9c8c17 MK	179	option is also set,
6e9c8c17 MK	180	the resolver library will log a warning of the error via the
e51f148a SA	181	syslog facility.
	182	The default value is
	183	.IR off .
	184	.TP
	185	.I spoof
	186	Valid values are
f6d08687	187	.IR off ", " nowarn ", and " warn .
e51f148a SA	188	If this option is set to
	189	.IR off ,
	190	spoofed addresses are permitted and no warnings will be emitted
	191	via the syslog facility.
	192	If this option is set to
	193	.IR warn ,
6e9c8c17	194	the resolver library will attempt to prevent hostname spoofing to
e51f148a SA	195	enhance the security and log a warning of the error via the syslog
	196	facility.
	197	If this option is set to
	198	.IR nowarn ,
6e9c8c17	199	the resolver library will attempt to prevent hostname spoofing to
e51f148a SA	200	enhance the security but not emit warnings via the syslog facility.
	201	Setting this option to anything else is equal to setting it to
	202	.IR nowarn .
	203	.TP
	204	.B RESOLV_SPOOF_CHECK
	205	Overrides the
3845a120	206	.IR nospoof ", " spoofalert ", and " spoof
e51f148a SA	207	commands in the same way as the
	208	.I spoof
	209	command is parsed.
	210	Valid values are
3845a120	211	.IR off ", " nowarn ", and " warn .
47297adb	212	.SH SEE ALSO
fea681da	213	.BR gethostbyname (3),
7b46b4fa SA	214	.BR hosts (5),
	215	.BR nsswitch.conf (5),
	216	.BR resolv.conf (5),
fea681da	217	.BR hostname (7),
0921ce4a	218	.BR named (8)