Provided by: bind9_9.20.0-2ubuntu3_amd64 bug

NAME
       named - Internet domain name server


SYNOPSIS
       named  [ [-4] | [-6] ] [-c config-file] [-C] [-d debug-level] [-D string] [-E engine-name]
       [-f] [-g] [-L logfile] [-M option] [-m flag] [-n #cpus] [-p port] [-s] [-t directory]  [-u
       user] [-v] [-V] ]


DESCRIPTION
       named  is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For
       more information on the DNS, see RFC 1033, RFC 1034, and RFC 1035.

       When  invoked  without   arguments,   named   reads   the   default   configuration   file
       /etc/bind/named.conf, reads any initial data, and listens for queries.


OPTIONS
       -4     This  option  tells  named to use only IPv4, even if the host machine is capable of
              IPv6. -4 and -6 are mutually exclusive.

       -6     This option tells named to use only IPv6, even if the host machine  is  capable  of
              IPv4. -4 and -6 are mutually exclusive.

       -c config-file
              This option tells named to use config-file as its configuration file instead of the
              default, /etc/bind/named.conf.  To  ensure  that  the  configuration  file  can  be
              reloaded  after  the  server has changed its working directory due to to a possible
              directory option in the configuration  file,  config-file  should  be  an  absolute
              pathname.

       -C     This option prints out the default built-in configuration and exits.

              NOTE:  This is for debugging purposes only and is not an accurate representation of
              the actual configuration used by named at runtime.

       -d debug-level
              This option sets the daemon's debug level to  debug-level.  Debugging  traces  from
              named become more verbose as the debug level increases.

       -D string
              This  option  specifies  a string that is used to identify a instance of named in a
              process listing. The contents of string are not examined.

       -E engine-name
              When applicable, this option  specifies  the  hardware  to  use  for  cryptographic
              operations, such as a secure key store used for signing.

              When  BIND  9  is  built  with  OpenSSL, this needs to be set to the OpenSSL engine
              identifier that drives the cryptographic accelerator  or  hardware  service  module
              (usually pkcs11).

       -f     This option runs the server in the foreground (i.e., do not daemonize).

       -F     This  options  turns  on FIPS (US Federal Information Processing Standards) mode if
              the underlying crytographic library supports running in FIPS mode.

       -g     This option runs the server in the foreground and forces all logging to stderr.

       -L logfile
              This option sets the log to the file logfile by default, instead of the system log.

       -M option
              This option sets the default (comma-separated) memory context options. The possible
              flags are:

              • fill:  fill blocks of memory with tag values when they are allocated or freed, to
                assist debugging of memory problems; this is the implicit default  if  named  has
                been compiled with --enable-developer.

              • nofill: disable the behavior enabled by fill; this is the implicit default unless
                named has been compiled with --enable-developer.

       -m flag
              This option turns on memory usage debugging flags. Possible flags are usage, trace,
              record,  size,  and mctx. These correspond to the ISC_MEM_DEBUGXXXX flags described
              in <isc/mem.h>.

       -n #cpus
              This option creates #cpus worker threads to take advantage of multiple CPUs. If not
              specified,  named  tries  to  determine  the number of CPUs present and creates one
              thread per CPU. If it is unable to determine the number of CPUs,  a  single  worker
              thread is created.

       -p value
              This  option  specifies the port(s) on which the server will listen for queries. If
              value is of the form <portnum> or dns=<portnum>, the server  will  listen  for  DNS
              queries  on  portnum;  if not not specified, the default is port 53. If value is of
              the form tls=<portnum>, the server will listen for  TLS  queries  on  portnum;  the
              default  is  853.   If value is of the form https=<portnum>, the server will listen
              for HTTPS queries on portnum; the  default  is  443.   If  value  is  of  the  form
              http=<portnum>,  the server will listen for HTTP queries on portnum; the default is
              80.

       -s     This option writes memory usage statistics to stdout on exit.

       NOTE:
          This option is mainly of interest to BIND 9 developers and may be removed or changed in
          a future release.

       -t directory
              This  option  tells  named to chroot to directory after processing the command-line
              arguments, but before reading the configuration file.

       WARNING:
          This option should be used in conjunction with the -u option, as  chrooting  a  process
          running  as  root  doesn't  enhance security on most systems; the way chroot is defined
          allows a process with root privileges to escape a chroot jail.

       -U #listeners
              This option has been removed. Attempts to use it now result in a warning.

       -u user
              This option sets the setuid to user after completing privileged operations, such as
              creating sockets that listen on privileged ports.

       NOTE:
          On  Linux,  named  uses  the  kernel's capability mechanism to drop all root privileges
          except the ability to bind to a  privileged  port  and  set  process  resource  limits.
          Unfortunately,  this  means  that  the -u option only works when named is run on kernel
          2.2.18 or later, or kernel 2.3.99-pre3 or later, since previous kernels did  not  allow
          privileges to be retained after setuid.

       -v     This option reports the version number and exits.

       -V     This  option  reports  the  version number, build options, supported cryptographics
              algorithms, and exits.

       -X lock-file
              This option has been removed and using it will cause a fatal error.


SIGNALS
       In routine operation, signals should not be used to control the nameserver; rndc should be
       used instead.

       SIGHUP This signal forces a reload of the server.

       SIGINT, SIGTERM
              These signals shut down the server.

       The result of sending any other signals to the server is undefined.


CONFIGURATION
       The  named  configuration  file  is  too  complex  to  describe in detail here. A complete
       description is provided in the BIND 9 Administrator Reference Manual.

       named inherits the umask (file creation mode mask)  from  the  parent  process.  If  files
       created by named, such as journal files, need to have custom permissions, the umask should
       be set explicitly in the script used to start the named process.


FILES
       /etc/bind/named.conf
              The default configuration file.

       /run/named.pid
              The default process-id file.


SEE ALSO
       RFC  1033,  RFC  1034,  RFC   1035,   named-checkconf(8),   named-checkzone(8),   rndc(8),
       named.conf(5), BIND 9 Administrator Reference Manual.


AUTHOR
       Internet Systems Consortium


COPYRIGHT
       2024, Internet Systems Consortium