On FreeBSD systems, the server logs error messages
like "fcntl(8, F_SETFL, 4): Inappropriate ioctl for
- device". This is due to a bug in the FreeSBD
+ device". This is due to a bug in the FreeBSD
/dev/random device. The bug has been reported
to the FreeBSD maintainers. A similar problem is
reported to exist on OpenBSD.
- If you are upgrading from BIND 8, please read the migration
- notes in doc/misc/migration.
-
Building
bin/tests subdirectory.
+Documentation
+
+ The BIND 9 Administrator Reference Manual is included with the
+ source distribution in HTML and plain text format, in the
+ doc/arm directory. A PDF version can be downloaded separately
+ at <http://www.nominum.com/resources/>.
+
+ Some of the programs in the BIND 9 distribution have man pages
+ under the doc/man directory. In particular, the command line
+ options of "named" are documented in doc/man/bind/named.8.
+
+ The man pages are currently not installed automatically by
+ "make install".
+
+ If you are upgrading from BIND 8, please read the migration
+ notes in doc/misc/migration.
+
+
Bug Reports and Mailing Lists
Bugs reports should be sent to
bind9-workers-request@isc.org
-
-"named" command line options
-
- -c <config_file>
-
- -d <debug_level>
-
- -f Run in the foreground.
-
- -g Run in the foreground and log
- to stderr, ignoring any "logging"
- statement in in the config file.
-
- -n <number_of_cpus>
-
- -t <directory> Chroot to <directory> before running.
-
- -u <username> Run as user <username> after binding
- to privileged ports.
-
- Use of the "-t" option while still running as "root" doesn't
- enhance security on most systems. The way chroot() is defined
- allows a process with root privileges to escape the chroot jail.
-
- The "-u" option is not currently useful on Linux kernels older
- than 2.3.99-pre3. Linux threads are actually processes sharing a
- common address space. An unfortunate side effect of this is that
- some system calls, e.g. setuid() that in a typical pthreads
- environment would affect all threads only affect the calling
- thread/process on Linux. The good news is that BIND 9 uses the
- Linux kernel's capability mechanism to drop all root powers except
- the ability to bind() to a privileged port. 2.3.99-pre3 and later
- kernels allow a process to say that its capabilities should be
- retained after setuid(). If BIND 9 is compiled with 2.3.99-pre3 or
- later kernel .h files, the "-u" option will cause the server to
- run with the specified user id, but it will retain the capability
- to bind() to privileged ports.
-
- On systems with more than one CPU, the "-n" option should be used
- to indicate how many CPUs there are. If the "-n" option is not
- provided, named will attempt to determine the number of available
- CPUs and use all of them.
-
-.\"
.\" Copyright (C) 2000 Internet Software Consortium.
.\"
-.\" Permission to use, copy, modify, and distribute this document for any
+.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.8,v 1.3 2000/07/12 02:07:32 gson Exp $
+.\" $Id: named.8,v 1.3.2.1 2000/08/21 20:41:17 gson Exp $
.\"
.Dd Jun 30, 2000
.Dt NAMED 8
.ds vT BIND9 Programmer's Manual
.Sh NAME
.Nm named
-.Nd Internet domain name server (DNS)
+.Nd Internet domain name server
.Sh SYNOPSIS
.Nm named
.Op Fl c Ar config-file
.Op Fl x Ar cache-file
.Sh DESCRIPTION
.Nm named
-is the ISC implementation of an Internet domain name server.
-See RFCs 1033, 1034, and 1035 for more information on the Internet
-domain name system.
-For historical reasons, the ISC's DNS software is known as BIND -
-Berkeley Internet Name Daemon - because it was originally
-supplied with BSD
-.Ux
-releases.
+is a Domain Name System (DNS) server, part of the BIND 9 distribution
+from ISC. For more information on the DNS, see RFCs 1033, 1034, and 1035.
.Pp
-Without any arguments,
+When invoked without arguments,
.Nm named
will read the default configuration file
.Pa /etc/named.conf ,
read any initial data, and listen for queries.
-It is also possible to use the BIND9 name server
-as a lightweight resolver server
-.Nm lwresd .
-However when operating as a lightweight resolver server,
-.Nm named
-is functionally and logically distinct from a
-conventional name server.
-More information can be found in
-.Xr lwresd 8 .
-.Pp
-Although some command-line options can be used with
-.Nm named ,
-the name server's behaviour is mainly controlled by its configuration file,
-.Pa /etc/named.conf .
-Refer to the BIND9 Administrator Reference Manual for further details.
.Pp
The options to
.Nm named
in the foreground and force all logging to
.Dv stderr .
.It Fl n
-create
+create
.Ar #cpus
worker threads to take advantage of multiple CPUs.
If no option is given,
to chroot() to
.Ar directory
immediately after reading its config file.
+This should be used in conjunction with the
+.Fl u
+option, as chrooting a process running as root doesn't
+enhance security on most systems - the way chroot() is defined
+allows a process with root privileges to escape the chroot jail.
.It Fl u
run
.Nm named
.Ar user-id .
.Nm named
will change its UID after it has
-carried out any privileged operations, such as
+carried out any privileged operations, such as
creating sockets that listen on privileged ports.
+.Pp
+On Linux,
+.Nm named
+uses the kernel's capability mechanism to drop
+all root privileges except the ability to bind() to a privileged
+port. Unfortunately, this means that the "-u" option only works
+when
+.Nm named
+is run on 2.3.99-pre3 or later kernel, since previous
+kernels did not allow privileges to be retained after setuid().
.It Fl x
load data from
.Ar cache-file .
.Xr RFC1033 ,
.Xr RFC1034 ,
.Xr RFC1035 ,
-.Xr named.conf 5 ,
-.Xr zonefile 5 ,
.Xr rndc 8 ,
.Xr lwresd 8 ,
BIND9 Administrator Reference Manual, June 2000.
projects / thirdparty / bind9.git / commitdiff
