[thirdparty/man-pages.git] / man5 / resolv.conf.5

.\" Copyright (c) 1986 The Regents of the University of California.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms are permitted
.\" provided that the above copyright notice and this paragraph are
.\" duplicated in all such forms and that any documentation,
.\" advertising materials, and other materials related to such
.\" distribution and use acknowledge that the software was developed
.\" by the University of California, Berkeley.  The name of the
.\" University may not be used to endorse or promote products derived
.\" from this software without specific prior written permission.
.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
.\"
.\"	@(#)resolver.5	5.9 (Berkeley) 12/14/89
.\"	$Id: resolver.5,v 8.6 1999/05/21 00:01:02 vixie Exp $
.\"
.\" Added ndots remark by Bernhard R. Link - debian bug #182886
.\"
.TH RESOLV.CONF 5 2004-10-31
.UC 4
.SH NAME
resolv.conf \- resolver configuration file
.SH SYNOPSIS
/etc/resolv.conf
.SH DESCRIPTION
The
.I resolver
is a set of routines in the C library
that provide access to the Internet Domain Name System (DNS).
The resolver configuration file contains information that is read
by the resolver routines the first time they are invoked by a process.
The file is designed to be human readable and contains a list of
keywords with values that provide various types of resolver information.
.LP
On a normally configured system this file should not be necessary.
The only name server to be queried will be on the local machine;
the domain name is determined from the host name
and the domain search path is constructed from the domain name.
.LP
The different configuration options are:
.TP
\fBnameserver\fP Name server IP address
Internet address (in dot notation) of a name server
that the resolver should query.
Up to MAXNS (currently 3, see <resolv.h>) name servers may be listed,
one per keyword.
If there are multiple servers,
the resolver library queries them in the order listed.
If no \fBnameserver\fP entries are present,
the default is to use the name server on the local machine.
(The algorithm used is to try a name server, and if the query times out,
try the next, until out of name servers,
then repeat trying all the name servers
until a maximum number of retries are made.)
.TP
\fBdomain\fP Local domain name.
Most queries for names within this domain can use short names
relative to the local domain.
If no \fBdomain\fP entry is present, the domain is determined
from the local host name returned by
\fIgethostname\fP();
the domain part is taken to be everything after the first `.'.
Finally, if the host name does not contain a domain part, the root
domain is assumed.
.TP
\fBsearch\fP Search list for host-name lookup.
The search list is normally determined from the local domain name;
by default, it contains only the local domain name.
This may be changed by listing the desired domain search path
following the \fIsearch\fP keyword with spaces or tabs separating
the names.
Resolver queries having fewer than
.I ndots
dots (default is 1) in them will be attempted using each component
of the search path in turn until a match is found.
For environments with multiple subdomains please read
.BI "options ndots:" n
below to avoid man-in-the-middle attacks and unnecessary
traffic for the root-dns-servers.
.\" When having a resolv.conv with a line
.\"  search subdomain.domain.tld domain.tld
.\" and doing a hostlookup, for example by
.\"  ping host.anothersubdomain
.\" it sends dns-requests for
.\"  host.anothersubdomain.
.\"  host.anothersubdomain.subdomain.domain.tld.
.\"  host.anothersubdomain.domain.tld.
.\" thus not only causing unnecessary traffic for the root-dns-servers
.\" but broadcasting information to the outside and making man-in-the-middle
.\" attacks possible.
Note that this process may be slow and will generate a lot of network
traffic if the servers for the listed domains are not local,
and that queries will time out if no server is available
for one of the domains.
.IP
The search list is currently limited to six domains
with a total of 256 characters.
.TP
\fBsortlist\fP
Sortlist allows addresses returned by gethostbyname to be sorted.
A sortlist is specified by IP address netmask pairs. The netmask is
optional and defaults to the natural netmask of the net. The IP address
and optional network pairs are separated by slashes. Up to 10 pairs may
be specified. E.g.,
.br
.in +2
sortlist 130.155.160.0/255.255.240.0 130.155.0.0
.in -2
.br
.TP
\fBoptions\fP
Options allows certain internal resolver variables to be modified.
The syntax is
.RS
.IP
\fBoptions\fP \fIoption\fP \fI...\fP
.LP
where \fIoption\fP is one of the following:
.TP
\fBdebug\fP
sets RES_DEBUG in
.IR _res.options .
.TP
.BI ndots: n
sets a threshold for the number of dots which
must appear in a name given to \fBres_query\fP() (see
.BR resolver (3))
before an \fIinitial absolute query\fP will be made.  The default for
\fIn\fP is ``1'', meaning that if there are any dots in a name, the name
will be tried first as an absolute name before any \fIsearch list\fP
elements are appended to it.
.TP
.BI timeout: n
sets the amount of time the resolver will wait for a
response from a remote name server before retrying the
query via a different name server.  Measured in seconds,
the default is RES_TIMEOUT (currently 5, see <resolv.h>).
.TP
.BI attempts: n
sets the number of times the resolver will send a
query to its name servers before giving up and returning
an error to the calling application.  The default
is RES_DFLRETRY (currently 2, see <resolv.h>).
.TP
.B rotate
sets RES_ROTATE in
.IR _res.options ,
which causes round robin selection of nameservers from among those listed.
This has the effect of spreading the query load among all listed servers,
rather than having all clients try the first listed server first every time.
.TP
.B no-check-names
sets RES_NOCHECKNAME in
.IR _res.options ,
which disables the modern BIND checking of incoming host names and
mail names for invalid characters such as underscore (_), non-ASCII,
or control characters.
.TP
.B inet6
sets RES_USE_INET6 in
.IR _res.options .
This has the effect of trying a AAAA query before an A query inside the
.BR gethostbyname ()
function, and of mapping IPv4 responses in IPv6 ``tunnelled form''
if no AAAA records are found but an A record set exists.
.RE
.LP
The \fIdomain\fP and \fIsearch\fP keywords are mutually exclusive.
If more than one instance of these keywords is present,
the last instance wins.
.LP
The \fIsearch\fP keyword of a system's \fIresolv.conf\fP file can be
overridden on a per-process basis by setting the environment variable
``\s-1LOCALDOMAIN\s+1'' to a space-separated list of search domains.
.LP
The \fIoptions\fP keyword of a system's \fIresolv.conf\fP file can be
amended on a per-process basis by setting the environment variable
``\s-1RES_OPTIONS\s+1'' to a space-separated list of resolver options
as explained above under \fBoptions\fP.
.LP
The keyword and value must appear on a single line, and the keyword
(e.g. \fBnameserver\fP) must start the line.  The value follows
the keyword, separated by white space.
.SH FILES
.IR /etc/resolv.conf ,
.I <resolv.h>
.SH "SEE ALSO"
.BR gethostbyname (3),
.BR resolver (3),
.BR hostname (7),
.BR named (8)
.br
Name Server Operations Guide for BIND
Commit	Line	Data
fea681da MK	1	.\" Copyright (c) 1986 The Regents of the University of California.
	2	.\" All rights reserved.
	3	.\"
	4	.\" Redistribution and use in source and binary forms are permitted
	5	.\" provided that the above copyright notice and this paragraph are
	6	.\" duplicated in all such forms and that any documentation,
	7	.\" advertising materials, and other materials related to such
	8	.\" distribution and use acknowledge that the software was developed
	9	.\" by the University of California, Berkeley. The name of the
	10	.\" University may not be used to endorse or promote products derived
	11	.\" from this software without specific prior written permission.
	12	.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
	13	.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
	14	.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
	15	.\"
	16	.\" @(#)resolver.5 5.9 (Berkeley) 12/14/89
	17	.\" $Id: resolver.5,v 8.6 1999/05/21 00:01:02 vixie Exp $
	18	.\"
	19	.\" Added ndots remark by Bernhard R. Link - debian bug #182886
	20	.\"
	21	.TH RESOLV.CONF 5 2004-10-31
	22	.UC 4
	23	.SH NAME
	24	resolv.conf \- resolver configuration file
	25	.SH SYNOPSIS
	26	/etc/resolv.conf
	27	.SH DESCRIPTION
	28	The
	29	.I resolver
	30	is a set of routines in the C library
	31	that provide access to the Internet Domain Name System (DNS).
	32	The resolver configuration file contains information that is read
	33	by the resolver routines the first time they are invoked by a process.
	34	The file is designed to be human readable and contains a list of
	35	keywords with values that provide various types of resolver information.
	36	.LP
	37	On a normally configured system this file should not be necessary.
	38	The only name server to be queried will be on the local machine;
	39	the domain name is determined from the host name
	40	and the domain search path is constructed from the domain name.
	41	.LP
	42	The different configuration options are:
	43	.TP
	44	\fBnameserver\fP Name server IP address
	45	Internet address (in dot notation) of a name server
	46	that the resolver should query.
	47	Up to MAXNS (currently 3, see <resolv.h>) name servers may be listed,
	48	one per keyword.
	49	If there are multiple servers,
	50	the resolver library queries them in the order listed.
	51	If no \fBnameserver\fP entries are present,
	52	the default is to use the name server on the local machine.
	53	(The algorithm used is to try a name server, and if the query times out,
	54	try the next, until out of name servers,
	55	then repeat trying all the name servers
	56	until a maximum number of retries are made.)
	57	.TP
	58	\fBdomain\fP Local domain name.
	59	Most queries for names within this domain can use short names
	60	relative to the local domain.
	61	If no \fBdomain\fP entry is present, the domain is determined
	62	from the local host name returned by
	63	\fIgethostname\fP();
	64	the domain part is taken to be everything after the first `.'.
65	Finally, if the host name does not contain a domain part, the root
66	domain is assumed.
67	.TP
68	\fBsearch\fP Search list for host-name lookup.
69	The search list is normally determined from the local domain name;
70	by default, it contains only the local domain name.
71	This may be changed by listing the desired domain search path
72	following the \fIsearch\fP keyword with spaces or tabs separating
73	the names.
74	Resolver queries having fewer than
75	.I ndots
76	dots (default is 1) in them will be attempted using each component
77	of the search path in turn until a match is found.
78	For environments with multiple subdomains please read
79	.BI "options ndots:" n
80	below to avoid man-in-the-middle attacks and unnecessary
81	traffic for the root-dns-servers.
82	.\" When having a resolv.conv with a line
83	.\" search subdomain.domain.tld domain.tld
84	.\" and doing a hostlookup, for example by
85	.\" ping host.anothersubdomain
86	.\" it sends dns-requests for
87	.\" host.anothersubdomain.
88	.\" host.anothersubdomain.subdomain.domain.tld.
89	.\" host.anothersubdomain.domain.tld.
90	.\" thus not only causing unnecessary traffic for the root-dns-servers
91	.\" but broadcasting information to the outside and making man-in-the-middle
92	.\" attacks possible.
93	Note that this process may be slow and will generate a lot of network
94	traffic if the servers for the listed domains are not local,
95	and that queries will time out if no server is available
96	for one of the domains.
97	.IP
98	The search list is currently limited to six domains
99	with a total of 256 characters.
100	.TP
101	\fBsortlist\fP
102	Sortlist allows addresses returned by gethostbyname to be sorted.
103	A sortlist is specified by IP address netmask pairs. The netmask is
104	optional and defaults to the natural netmask of the net. The IP address
105	and optional network pairs are separated by slashes. Up to 10 pairs may
106	be specified. E.g.,
107	.br
108	.in +2
109	sortlist 130.155.160.0/255.255.240.0 130.155.0.0
110	.in -2
111	.br
112	.TP
113	\fBoptions\fP
114	Options allows certain internal resolver variables to be modified.
115	The syntax is
116	.RS
117	.IP
118	\fBoptions\fP \fIoption\fP \fI...\fP
119	.LP
120	where \fIoption\fP is one of the following:
121	.TP
122	\fBdebug\fP
123	sets RES_DEBUG in
124	.IR _res.options .
125	.TP
126	.BI ndots: n
127	sets a threshold for the number of dots which
128	must appear in a name given to \fBres_query\fP() (see
129	.BR resolver (3))
130	before an \fIinitial absolute query\fP will be made. The default for
131	\fIn\fP is ``1'', meaning that if there are any dots in a name, the name
132	will be tried first as an absolute name before any \fIsearch list\fP
133	elements are appended to it.
134	.TP
135	.BI timeout: n
136	sets the amount of time the resolver will wait for a
137	response from a remote name server before retrying the
138	query via a different name server. Measured in seconds,
139	the default is RES_TIMEOUT (currently 5, see <resolv.h>).
140	.TP
141	.BI attempts: n
142	sets the number of times the resolver will send a
143	query to its name servers before giving up and returning
144	an error to the calling application. The default
145	is RES_DFLRETRY (currently 2, see <resolv.h>).
146	.TP
147	.B rotate
148	sets RES_ROTATE in
149	.IR _res.options ,
150	which causes round robin selection of nameservers from among those listed.
151	This has the effect of spreading the query load among all listed servers,
152	rather than having all clients try the first listed server first every time.
153	.TP
154	.B no-check-names
155	sets RES_NOCHECKNAME in
156	.IR _res.options ,
157	which disables the modern BIND checking of incoming host names and
158	mail names for invalid characters such as underscore (_), non-ASCII,
159	or control characters.
160	.TP
161	.B inet6
162	sets RES_USE_INET6 in
163	.IR _res.options .
164	This has the effect of trying a AAAA query before an A query inside the
31e9a9ec	165	.BR gethostbyname ()
fea681da MK	166	function, and of mapping IPv4 responses in IPv6 ``tunnelled form''
	167	if no AAAA records are found but an A record set exists.
	168	.RE
	169	.LP
	170	The \fIdomain\fP and \fIsearch\fP keywords are mutually exclusive.
	171	If more than one instance of these keywords is present,
	172	the last instance wins.
	173	.LP
	174	The \fIsearch\fP keyword of a system's \fIresolv.conf\fP file can be
	175	overridden on a per-process basis by setting the environment variable
	176	``\s-1LOCALDOMAIN\s+1'' to a space-separated list of search domains.
	177	.LP
	178	The \fIoptions\fP keyword of a system's \fIresolv.conf\fP file can be
	179	amended on a per-process basis by setting the environment variable
	180	``\s-1RES_OPTIONS\s+1'' to a space-separated list of resolver options
	181	as explained above under \fBoptions\fP.
	182	.LP
	183	The keyword and value must appear on a single line, and the keyword
	184	(e.g. \fBnameserver\fP) must start the line. The value follows
	185	the keyword, separated by white space.
	186	.SH FILES
	187	.IR /etc/resolv.conf ,
	188	.I <resolv.h>
	189	.SH "SEE ALSO"
	190	.BR gethostbyname (3),
	191	.BR resolver (3),
	192	.BR hostname (7),
	193	.BR named (8)
	194	.br
	195	Name Server Operations Guide for BIND