hypot.3: srcfix: add some notes about the underflow case

[thirdparty/man-pages.git] / man5 / resolv.conf.5

.\" Copyright (c) 1986 The Regents of the University of California.
.\" All rights reserved.
.\"
.\" %%%LICENSE_START(PERMISSIVE_MISC)
.\" Redistribution and use in source and binary forms are permitted
.\" provided that the above copyright notice and this paragraph are
.\" duplicated in all such forms and that any documentation,
.\" advertising materials, and other materials related to such
.\" distribution and use acknowledge that the software was developed
.\" by the University of California, Berkeley.  The name of the
.\" University may not be used to endorse or promote products derived
.\" from this software without specific prior written permission.
.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
.\" %%%LICENSE_END
.\"
.\"	@(#)resolver.5	5.9 (Berkeley) 12/14/89
.\"	$Id: resolver.5,v 8.6 1999/05/21 00:01:02 vixie Exp $
.\"
.\" Added ndots remark by Bernhard R. Link - debian bug #182886
.\"
.TH RESOLV.CONF 5 2019-10-10 "" "Linux Programmer's Manual"
.UC 4
.SH NAME
resolv.conf \- resolver configuration file
.SH SYNOPSIS
.B /etc/resolv.conf
.SH DESCRIPTION
The
.I resolver
is a set of routines in the C library
that provide access to the Internet Domain Name System (DNS).
The resolver configuration file contains information that is read
by the resolver routines the first time they are invoked by a process.
The file is designed to be human readable and contains a list of
keywords with values that provide various types of resolver information.
The configuration file is considered a trusted source of DNS information
(e.g., DNSSEC AD-bit information will be returned unmodified from this
source).
.PP
If this file does not exist, only the name server on the local machine
will be queried, and the search list contains the local domain name
determined from the hostname.
.PP
The different configuration options are:
.TP
\fBnameserver\fP Name server IP address
Internet address of a name server that the resolver should query,
either an IPv4 address (in dot notation),
or an IPv6 address in colon (and possibly dot) notation as per RFC 2373.
Up to
.B MAXNS
(currently 3, see \fI<resolv.h>\fP) name servers may be listed,
one per keyword.
If there are multiple servers,
the resolver library queries them in the order listed.
If no \fBnameserver\fP entries are present,
the default is to use the name server on the local machine.
(The algorithm used is to try a name server, and if the query times out,
try the next, until out of name servers,
then repeat trying all the name servers
until a maximum number of retries are made.)
.TP
\fBsearch\fP Search list for host-name lookup.
By default, the search list contains one entry, the local domain name.
It is determined from the local hostname returned by
.BR gethostname (2);
the local domain name is taken to be everything after the first
\(aq.\(aq.
Finally, if the hostname does not contain a \(aq.\(aq, the
root domain is assumed as the local domain name.
.IP
This may be changed by listing the desired domain search path
following the \fIsearch\fP keyword with spaces or tabs separating
the names.
Resolver queries having fewer than
.I ndots
dots (default is 1) in them will be attempted using each component
of the search path in turn until a match is found.
For environments with multiple subdomains please read
.BI "options ndots:" n
below to avoid man-in-the-middle attacks and unnecessary
traffic for the root-dns-servers.
.\" When having a resolv.conv with a line
.\"  search subdomain.domain.tld domain.tld
.\" and doing a hostlookup, for example by
.\"  ping host.anothersubdomain
.\" it sends dns-requests for
.\"  host.anothersubdomain.
.\"  host.anothersubdomain.subdomain.domain.tld.
.\"  host.anothersubdomain.domain.tld.
.\" thus not only causing unnecessary traffic for the root-dns-servers
.\" but broadcasting information to the outside and making man-in-the-middle
.\" attacks possible.
Note that this process may be slow and will generate a lot of network
traffic if the servers for the listed domains are not local,
and that queries will time out if no server is available
for one of the domains.
.IP
If there are multiple
.B search
directives, only the search list from the last instance is used.
.IP
In glibc 2.25 and earlier, the search list is limited to six domains
with a total of 256 characters.
Since glibc 2.26,
.\" glibc commit 3f853f22c87f0b671c0366eb290919719fa56c0e
the search list is unlimited.
.IP
The
.B domain
directive is an obsolete name for the
.B search
directive that handles one search list entry only.
.TP
\fBsortlist\fP
This option allows addresses returned by
.BR gethostbyname (3)
to be sorted.
A sortlist is specified by IP-address-netmask pairs.
The netmask is
optional and defaults to the natural netmask of the net.
The IP address
and optional network pairs are separated by slashes.
Up to 10 pairs may
be specified.
Here is an example:
.IP
.in +4n
sortlist 130.155.160.0/255.255.240.0 130.155.0.0
.in
.TP
\fBoptions\fP
Options allows certain internal resolver variables to be modified.
The syntax is
.RS
.IP
\fBoptions\fP \fIoption\fP \fI...\fP
.PP
where \fIoption\fP is one of the following:
.TP
\fBdebug\fP
.\" Since glibc 2.2?
Sets
.BR RES_DEBUG
in
.IR _res.options
(effective only if glibc was built with debug support; see
.BR resolver (3)).
.TP
.BI ndots: n
.\" Since glibc 2.2
Sets a threshold for the number of dots which
must appear in a name given to
.BR res_query (3)
(see
.BR resolver (3))
before an \fIinitial absolute query\fP will be made.
The default for
\fIn\fP is 1, meaning that if there are any dots in a name, the name
will be tried first as an absolute name before any \fIsearch list\fP
elements are appended to it.