]>
Commit | Line | Data |
---|---|---|
fea681da MK |
1 | .\" Copyright (c) 1986 The Regents of the University of California. |
2 | .\" All rights reserved. | |
3 | .\" | |
7c576f45 | 4 | .\" %%%LICENSE_START(PERMISSIVE_MISC) |
fea681da MK |
5 | .\" Redistribution and use in source and binary forms are permitted |
6 | .\" provided that the above copyright notice and this paragraph are | |
7 | .\" duplicated in all such forms and that any documentation, | |
8 | .\" advertising materials, and other materials related to such | |
9 | .\" distribution and use acknowledge that the software was developed | |
10 | .\" by the University of California, Berkeley. The name of the | |
11 | .\" University may not be used to endorse or promote products derived | |
12 | .\" from this software without specific prior written permission. | |
13 | .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR | |
14 | .\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED | |
15 | .\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. | |
8ff7380d | 16 | .\" %%%LICENSE_END |
fea681da MK |
17 | .\" |
18 | .\" @(#)resolver.5 5.9 (Berkeley) 12/14/89 | |
19 | .\" $Id: resolver.5,v 8.6 1999/05/21 00:01:02 vixie Exp $ | |
20 | .\" | |
21 | .\" Added ndots remark by Bernhard R. Link - debian bug #182886 | |
22 | .\" | |
867c9b34 | 23 | .TH RESOLV.CONF 5 2019-10-10 "" "Linux Programmer's Manual" |
fea681da MK |
24 | .UC 4 |
25 | .SH NAME | |
26 | resolv.conf \- resolver configuration file | |
27 | .SH SYNOPSIS | |
62218dc0 | 28 | .B /etc/resolv.conf |
fea681da MK |
29 | .SH DESCRIPTION |
30 | The | |
31 | .I resolver | |
32 | is a set of routines in the C library | |
33 | that provide access to the Internet Domain Name System (DNS). | |
34 | The resolver configuration file contains information that is read | |
35 | by the resolver routines the first time they are invoked by a process. | |
36 | The file is designed to be human readable and contains a list of | |
37 | keywords with values that provide various types of resolver information. | |
58822a7a | 38 | The configuration file is considered a trusted source of DNS information |
b40dd7e4 MK |
39 | (e.g., DNSSEC AD-bit information will be returned unmodified from this |
40 | source). | |
dd3568a1 | 41 | .PP |
551162f5 FW |
42 | If this file does not exist, only the name server on the local machine |
43 | will be queried, and the search list contains the local domain name | |
44 | determined from the hostname. | |
dd3568a1 | 45 | .PP |
fea681da MK |
46 | The different configuration options are: |
47 | .TP | |
48 | \fBnameserver\fP Name server IP address | |
b1171e21 SP |
49 | Internet address of a name server that the resolver should query, |
50 | either an IPv4 address (in dot notation), | |
51 | or an IPv6 address in colon (and possibly dot) notation as per RFC 2373. | |
aa3946c7 MK |
52 | Up to |
53 | .B MAXNS | |
54 | (currently 3, see \fI<resolv.h>\fP) name servers may be listed, | |
fea681da MK |
55 | one per keyword. |
56 | If there are multiple servers, | |
57 | the resolver library queries them in the order listed. | |
58 | If no \fBnameserver\fP entries are present, | |
59 | the default is to use the name server on the local machine. | |
60 | (The algorithm used is to try a name server, and if the query times out, | |
61 | try the next, until out of name servers, | |
62 | then repeat trying all the name servers | |
63 | until a maximum number of retries are made.) | |
64 | .TP | |
fea681da | 65 | \fBsearch\fP Search list for host-name lookup. |
551162f5 FW |
66 | By default, the search list contains one entry, the local domain name. |
67 | It is determined from the local hostname returned by | |
68 | .BR gethostname (2); | |
69 | the local domain name is taken to be everything after the first | |
85d76471 MK |
70 | \(aq.\(aq. |
71 | Finally, if the hostname does not contain a \(aq.\(aq, the | |
551162f5 FW |
72 | root domain is assumed as the local domain name. |
73 | .IP | |
fea681da MK |
74 | This may be changed by listing the desired domain search path |
75 | following the \fIsearch\fP keyword with spaces or tabs separating | |
76 | the names. | |
77 | Resolver queries having fewer than | |
78 | .I ndots | |
79 | dots (default is 1) in them will be attempted using each component | |
80 | of the search path in turn until a match is found. | |
81 | For environments with multiple subdomains please read | |
82 | .BI "options ndots:" n | |
83 | below to avoid man-in-the-middle attacks and unnecessary | |
84 | traffic for the root-dns-servers. | |
85 | .\" When having a resolv.conv with a line | |
86 | .\" search subdomain.domain.tld domain.tld | |
87 | .\" and doing a hostlookup, for example by | |
88 | .\" ping host.anothersubdomain | |
89 | .\" it sends dns-requests for | |
90 | .\" host.anothersubdomain. | |
91 | .\" host.anothersubdomain.subdomain.domain.tld. | |
92 | .\" host.anothersubdomain.domain.tld. | |
93 | .\" thus not only causing unnecessary traffic for the root-dns-servers | |
94 | .\" but broadcasting information to the outside and making man-in-the-middle | |
95 | .\" attacks possible. | |
96 | Note that this process may be slow and will generate a lot of network | |
97 | traffic if the servers for the listed domains are not local, | |
98 | and that queries will time out if no server is available | |
99 | for one of the domains. | |
100 | .IP | |
551162f5 FW |
101 | If there are multiple |
102 | .B search | |
103 | directives, only the search list from the last instance is used. | |
104 | .IP | |
c594a728 | 105 | In glibc 2.25 and earlier, the search list is limited to six domains |
fea681da | 106 | with a total of 256 characters. |
89524684 MK |
107 | Since glibc 2.26, |
108 | .\" glibc commit 3f853f22c87f0b671c0366eb290919719fa56c0e | |
109 | the search list is unlimited. | |
551162f5 FW |
110 | .IP |
111 | The | |
112 | .B domain | |
113 | directive is an obsolete name for the | |
114 | .B search | |
115 | directive that handles one search list entry only. | |
fea681da MK |
116 | .TP |
117 | \fBsortlist\fP | |
ac92a408 | 118 | This option allows addresses returned by |
d1746f31 MK |
119 | .BR gethostbyname (3) |
120 | to be sorted. | |
ac176c0d | 121 | A sortlist is specified by IP-address-netmask pairs. |
c13182ef MK |
122 | The netmask is |
123 | optional and defaults to the natural netmask of the net. | |
124 | The IP address | |
125 | and optional network pairs are separated by slashes. | |
126 | Up to 10 pairs may | |
127 | be specified. | |
9944f03d | 128 | Here is an example: |
eabf3ae5 | 129 | .IP |
088a639b | 130 | .in +4n |
fea681da | 131 | sortlist 130.155.160.0/255.255.240.0 130.155.0.0 |
088a639b | 132 | .in |
fea681da MK |
133 | .TP |
134 | \fBoptions\fP | |
135 | Options allows certain internal resolver variables to be modified. | |
136 | The syntax is | |
137 | .RS | |
138 | .IP | |
139 | \fBoptions\fP \fIoption\fP \fI...\fP | |
dd3568a1 | 140 | .PP |
fea681da MK |
141 | where \fIoption\fP is one of the following: |
142 | .TP | |
143 | \fBdebug\fP | |
a4b9f050 | 144 | .\" Since glibc 2.2? |
56961a8c | 145 | Sets |
aa3946c7 MK |
146 | .BR RES_DEBUG |
147 | in | |
7d63c0a4 | 148 | .IR _res.options |
33a0ccb2 | 149 | (effective only if glibc was built with debug support; see |
7d63c0a4 | 150 | .BR resolver (3)). |
fea681da MK |
151 | .TP |
152 | .BI ndots: n | |
a4b9f050 | 153 | .\" Since glibc 2.2 |
56961a8c | 154 | Sets a threshold for the number of dots which |
60a90ecd | 155 | must appear in a name given to |
3a72373c | 156 | .BR res_query (3) |
60a90ecd | 157 | (see |
fea681da | 158 | .BR resolver (3)) |
c13182ef MK |
159 | before an \fIinitial absolute query\fP will be made. |
160 | The default for | |
324633ae | 161 | \fIn\fP is 1, meaning that if there are any dots in a name, the name |
fea681da MK |
162 | will be tried first as an absolute name before any \fIsearch list\fP |
163 | elements are appended to it. | |