[thirdparty/man-pages.git] / man5 / resolv.conf.5

.\" Copyright (c) 1986 The Regents of the University of California.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms are permitted
.\" provided that the above copyright notice and this paragraph are
.\" duplicated in all such forms and that any documentation,
.\" advertising materials, and other materials related to such
.\" distribution and use acknowledge that the software was developed
.\" by the University of California, Berkeley.  The name of the
.\" University may not be used to endorse or promote products derived
.\" from this software without specific prior written permission.
.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
.\"
.\"	@(#)resolver.5	5.9 (Berkeley) 12/14/89
.\"	$Id: resolver.5,v 8.6 1999/05/21 00:01:02 vixie Exp $
.\"
.\" Added ndots remark by Bernhard R. Link - debian bug #182886
.\"
.TH RESOLV.CONF 5 2013-02-12 "" "Linux Programmer's Manual"
.UC 4
.SH NAME
resolv.conf \- resolver configuration file
.SH SYNOPSIS
.B /etc/resolv.conf
.SH DESCRIPTION
The
.I resolver
is a set of routines in the C library
that provide access to the Internet Domain Name System (DNS).
The resolver configuration file contains information that is read
by the resolver routines the first time they are invoked by a process.
The file is designed to be human readable and contains a list of
keywords with values that provide various types of resolver information.
.LP
If this file does not exist,
only the name server on the local machine will be queried;
the domain name is determined from the hostname
and the domain search path is constructed from the domain name.
.LP
The different configuration options are:
.TP
\fBnameserver\fP Name server IP address
Internet address of a name server that the resolver should query,
either an IPv4 address (in dot notation),
or an IPv6 address in colon (and possibly dot) notation as per RFC 2373.
Up to
.B MAXNS
(currently 3, see \fI<resolv.h>\fP) name servers may be listed,
one per keyword.
If there are multiple servers,
the resolver library queries them in the order listed.
If no \fBnameserver\fP entries are present,
the default is to use the name server on the local machine.
(The algorithm used is to try a name server, and if the query times out,
try the next, until out of name servers,
then repeat trying all the name servers
until a maximum number of retries are made.)
.TP
\fBdomain\fP Local domain name.
Most queries for names within this domain can use short names
relative to the local domain.
If no \fBdomain\fP entry is present, the domain is determined
from the local hostname returned by
.BR gethostname (2);
the domain part is taken to be everything after the first \(aq.\(aq.
Finally, if the hostname does not contain a domain part, the root
domain is assumed.
.TP
\fBsearch\fP Search list for host-name lookup.
The search list is normally determined from the local domain name;
by default, it contains only the local domain name.
This may be changed by listing the desired domain search path
following the \fIsearch\fP keyword with spaces or tabs separating
the names.
Resolver queries having fewer than
.I ndots
dots (default is 1) in them will be attempted using each component
of the search path in turn until a match is found.
For environments with multiple subdomains please read
.BI "options ndots:" n
below to avoid man-in-the-middle attacks and unnecessary
traffic for the root-dns-servers.
.\" When having a resolv.conv with a line
.\"  search subdomain.domain.tld domain.tld
.\" and doing a hostlookup, for example by
.\"  ping host.anothersubdomain
.\" it sends dns-requests for
.\"  host.anothersubdomain.
.\"  host.anothersubdomain.subdomain.domain.tld.
.\"  host.anothersubdomain.domain.tld.
.\" thus not only causing unnecessary traffic for the root-dns-servers
.\" but broadcasting information to the outside and making man-in-the-middle
.\" attacks possible.
Note that this process may be slow and will generate a lot of network
traffic if the servers for the listed domains are not local,
and that queries will time out if no server is available
for one of the domains.
.IP
The search list is currently limited to six domains
with a total of 256 characters.
.TP
\fBsortlist\fP
This option allows addresses returned by
.BR gethostbyname (3)
to be sorted.
A sortlist is specified by IP-address-netmask pairs.
The netmask is
optional and defaults to the natural netmask of the net.
The IP address
and optional network pairs are separated by slashes.
Up to 10 pairs may
be specified.
Here is an example:

.in +4n
sortlist 130.155.160.0/255.255.240.0 130.155.0.0
.in
.br
.TP
\fBoptions\fP
Options allows certain internal resolver variables to be modified.
The syntax is
.RS
.IP
\fBoptions\fP \fIoption\fP \fI...\fP
.LP
where \fIoption\fP is one of the following:
.TP
\fBdebug\fP
.\" Since glibc 2.2?
sets
.BR RES_DEBUG
in
.IR _res.options .
.TP
.BI ndots: n
.\" Since glibc 2.2
sets a threshold for the number of dots which
must appear in a name given to
.BR res_query (3)
(see
.BR resolver (3))
before an \fIinitial absolute query\fP will be made.
The default for
\fIn\fP is 1, meaning that if there are any dots in a name, the name
will be tried first as an absolute name before any \fIsearch list\fP
elements are appended to it.
Commit	Line	Data
fea681da MK	1	.\" Copyright (c) 1986 The Regents of the University of California.
	2	.\" All rights reserved.
	3	.\"
	4	.\" Redistribution and use in source and binary forms are permitted
	5	.\" provided that the above copyright notice and this paragraph are
	6	.\" duplicated in all such forms and that any documentation,
	7	.\" advertising materials, and other materials related to such
	8	.\" distribution and use acknowledge that the software was developed
	9	.\" by the University of California, Berkeley. The name of the
	10	.\" University may not be used to endorse or promote products derived
	11	.\" from this software without specific prior written permission.
	12	.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
	13	.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
	14	.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
	15	.\"
	16	.\" @(#)resolver.5 5.9 (Berkeley) 12/14/89
	17	.\" $Id: resolver.5,v 8.6 1999/05/21 00:01:02 vixie Exp $
	18	.\"
	19	.\" Added ndots remark by Bernhard R. Link - debian bug #182886
	20	.\"
96d1766a	21	.TH RESOLV.CONF 5 2013-02-12 "" "Linux Programmer's Manual"
fea681da MK	22	.UC 4
	23	.SH NAME
	24	resolv.conf \- resolver configuration file
	25	.SH SYNOPSIS
62218dc0	26	.B /etc/resolv.conf
fea681da MK	27	.SH DESCRIPTION
	28	The
	29	.I resolver
	30	is a set of routines in the C library
	31	that provide access to the Internet Domain Name System (DNS).
	32	The resolver configuration file contains information that is read
	33	by the resolver routines the first time they are invoked by a process.
	34	The file is designed to be human readable and contains a list of
	35	keywords with values that provide various types of resolver information.
	36	.LP
6de785c3	37	If this file does not exist,
efa400c7	38	only the name server on the local machine will be queried;
ddaec46d	39	the domain name is determined from the hostname
fea681da MK	40	and the domain search path is constructed from the domain name.
	41	.LP
	42	The different configuration options are:
	43	.TP
	44	\fBnameserver\fP Name server IP address
b1171e21 SP	45	Internet address of a name server that the resolver should query,
	46	either an IPv4 address (in dot notation),
	47	or an IPv6 address in colon (and possibly dot) notation as per RFC 2373.
aa3946c7 MK	48	Up to
	49	.B MAXNS
	50	(currently 3, see \fI<resolv.h>\fP) name servers may be listed,
fea681da MK	51	one per keyword.
	52	If there are multiple servers,
	53	the resolver library queries them in the order listed.
	54	If no \fBnameserver\fP entries are present,
	55	the default is to use the name server on the local machine.
	56	(The algorithm used is to try a name server, and if the query times out,
	57	try the next, until out of name servers,
	58	then repeat trying all the name servers
	59	until a maximum number of retries are made.)
	60	.TP
	61	\fBdomain\fP Local domain name.
	62	Most queries for names within this domain can use short names
	63	relative to the local domain.
	64	If no \fBdomain\fP entry is present, the domain is determined
ddaec46d	65	from the local hostname returned by
0ce57e09	66	.BR gethostname (2);
f81fb444	67	the domain part is taken to be everything after the first \(aq.\(aq.
ddaec46d	68	Finally, if the hostname does not contain a domain part, the root
fea681da MK	69	domain is assumed.
	70	.TP
	71	\fBsearch\fP Search list for host-name lookup.
	72	The search list is normally determined from the local domain name;
	73	by default, it contains only the local domain name.
	74	This may be changed by listing the desired domain search path
	75	following the \fIsearch\fP keyword with spaces or tabs separating
	76	the names.
	77	Resolver queries having fewer than
	78	.I ndots
	79	dots (default is 1) in them will be attempted using each component
	80	of the search path in turn until a match is found.
	81	For environments with multiple subdomains please read
	82	.BI "options ndots:" n
	83	below to avoid man-in-the-middle attacks and unnecessary
	84	traffic for the root-dns-servers.
	85	.\" When having a resolv.conv with a line
	86	.\" search subdomain.domain.tld domain.tld
	87	.\" and doing a hostlookup, for example by
	88	.\" ping host.anothersubdomain
	89	.\" it sends dns-requests for
	90	.\" host.anothersubdomain.
	91	.\" host.anothersubdomain.subdomain.domain.tld.
	92	.\" host.anothersubdomain.domain.tld.
	93	.\" thus not only causing unnecessary traffic for the root-dns-servers
	94	.\" but broadcasting information to the outside and making man-in-the-middle
	95	.\" attacks possible.
	96	Note that this process may be slow and will generate a lot of network
	97	traffic if the servers for the listed domains are not local,
	98	and that queries will time out if no server is available
	99	for one of the domains.
	100	.IP
	101	The search list is currently limited to six domains
	102	with a total of 256 characters.
	103	.TP
	104	\fBsortlist\fP
ac92a408	105	This option allows addresses returned by
d1746f31 MK	106	.BR gethostbyname (3)
d1746f31 MK	107	to be sorted.
ac176c0d	108	A sortlist is specified by IP-address-netmask pairs.
c13182ef MK	109	The netmask is
	110	optional and defaults to the natural netmask of the net.
	111	The IP address
	112	and optional network pairs are separated by slashes.
	113	Up to 10 pairs may
	114	be specified.
9944f03d MK	115	Here is an example:
9944f03d MK	116
088a639b	117	.in +4n
fea681da	118	sortlist 130.155.160.0/255.255.240.0 130.155.0.0
088a639b	119	.in
fea681da MK	120	.br
	121	.TP
	122	\fBoptions\fP
	123	Options allows certain internal resolver variables to be modified.
	124	The syntax is
	125	.RS
	126	.IP
	127	\fBoptions\fP \fIoption\fP \fI...\fP
	128	.LP
	129	where \fIoption\fP is one of the following:
	130	.TP
	131	\fBdebug\fP
a4b9f050	132	.\" Since glibc 2.2?
aa3946c7 MK	133	sets
	134	.BR RES_DEBUG
	135	in
fea681da MK	136	.IR _res.options .
	137	.TP
	138	.BI ndots: n
a4b9f050	139	.\" Since glibc 2.2
fea681da	140	sets a threshold for the number of dots which
60a90ecd	141	must appear in a name given to
3a72373c	142	.BR res_query (3)
60a90ecd	143	(see
fea681da	144	.BR resolver (3))
c13182ef MK	145	before an \fIinitial absolute query\fP will be made.
c13182ef MK	146	The default for
324633ae	147	\fIn\fP is 1, meaning that if there are any dots in a name, the name
fea681da MK	148	will be tried first as an absolute name before any \fIsearch list\fP
fea681da MK	149	elements are appended to it.