src - OpenBSD base system

diff options


context:
space:
mode:

author	Jakob Schlyter <jakob@cvs.openbsd.org>	2007-12-09 20:05:55 +0000
committer	Jakob Schlyter <jakob@cvs.openbsd.org>	2007-12-09 20:05:55 +0000
commit	13d2cd8bd2937bdd480b10e2f940bb6faf88d84e (patch)
tree	a1d4e27cdafe780e927276a75aac82fe6ca2e9d9 /usr.sbin
parent	72e46c65882f0ba732f3c9e2b157870b2a957909 (diff)

merge our command line changes to docbook

Diffstat (limited to 'usr.sbin')

-rw-r--r--

usr.sbin/bind/bin/named/named.docbook

468

1 files changed, 278 insertions, 190 deletions

diff --git a/usr.sbin/bind/bin/named/named.docbook b/usr.sbin/bind/bin/named/named.docbook
index db070d1264a..db5602805b8 100644
--- a/usr.sbin/bind/bin/named/named.docbook
+++ b/usr.sbin/bind/bin/named/named.docbook

@@ -1,24 +1,25 @@

-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">

+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"

+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"

+ [<!ENTITY mdash "—">]>

<!--

- - Permission to use, copy, modify, and distribute this software for any

+ - Permission to use, copy, modify, and/or distribute this software for any

- purpose with or without fee is hereby granted, provided that the above

- copyright notice and this permission notice appear in all copies.

- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM

- - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL

- - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL

- - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,

- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING

- - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,

- - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION

- - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH

+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,

+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

+ - PERFORMANCE OF THIS SOFTWARE.

-->

-

-<refentry>

+

+<refentry id="man.named">

</refentryinfo>

@@ -34,13 +35,33 @@

<refpurpose>Internet domain name server</refpurpose>

</refnamediv>

+ <docinfo>

+ <copyright>

+ <year>2004</year>

+ <year>2005</year>

+ <year>2006</year>

+ <year>2007</year>

+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>

+ </copyright>

+ <copyright>

+ <year>2000</year>

+ <year>2001</year>

+ <year>2003</year>

+ <holder>Internet Software Consortium.</holder>

+ </copyright>

+ </docinfo>

<command>named</command>

+ <arg><option>-4</option></arg>

+ <arg><option>-6</option></arg>

<arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>

<arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>

+ <arg><option>-i <replaceable class="parameter">pid-file</replaceable></option></arg>

+ <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>

@@ -53,16 +74,21 @@

<title>DESCRIPTION</title>

- <para>

- <command>named</command> is a Domain Name System (DNS) server,

- part of the BIND 9 distribution from ISC. For more

- information on the DNS, see RFCs 1033, 1034, and 1035.

+ <para><command>named</command>

+ is a Domain Name System (DNS) server,

+ part of the BIND 9 distribution from ISC. For more

+ information on the DNS, see RFCs 1033, 1034, and 1035.

</para>

<para>

- When invoked without arguments, <command>named</command> will

- read the default configuration file

- <filename>/etc/named.conf</filename>, read any initial

- data, and listen for queries.

+ When invoked without arguments, <command>named</command>

+ will fork into two processes for privilege separation,

+ <function>chroot(2)</function> to <option>/var/named</option>,

+ read the default configuration file

+ <filename>/var/named/etc/named.conf</filename>,

+ read any initial data, and listen for queries. The

+ privileged process will communicate with the child and

+ <function>bind(2)</function> to privileged

+ ports on its behalf. See CAVEATS section below.

</para>

</refsect1>

@@ -71,168 +97,210 @@

- <term>-c <replaceable class="parameter">config-file</replaceable></term>

- <listitem>

- <para>

- Use <replaceable

- class="parameter">config-file</replaceable> as the

- configuration file instead of the default,

- <filename>/etc/named.conf</filename>. To

- ensure that reloading the configuration file continues

- to work after the server has changed its working

- directory due to to a possible

- <option>directory</option> option in the configuration

- file, <replaceable

- class="parameter">config-file</replaceable> should be

- an absolute pathname.

+ <term>-4</term>

+ <listitem>

+ <para>

+ Use IPv4 only even if the host machine is capable of IPv6.

+ <option>-4</option> and <option>-6</option> are mutually

+ exclusive.

+ </para>

+ </listitem>

+ </varlistentry>

+ <varlistentry>

+ <term>-6</term>

+ <listitem>

+ <para>

+ Use IPv6 only even if the host machine is capable of IPv4.

+ <option>-4</option> and <option>-6</option> are mutually

+ exclusive.

+ </para>

+ </listitem>

+ </varlistentry>

+ <varlistentry>

+ <term>-c <replaceable class="parameter">config-file</replaceable></term>

+ <listitem>

+ <para>

+ Use <replaceable class="parameter">config-file</replaceable> as the

+ configuration file instead of the default,

+ <filename>/etc/named.conf</filename>. To

+ ensure that reloading the configuration file continues

+ to work after the server has changed its working

+ directory due to to a possible

+ <option>directory</option> option in the configuration

+ file, <replaceable class="parameter">config-file</replaceable> should be

+ an absolute pathname.

+ </para>

+ </listitem>

+ </varlistentry>

+ <varlistentry>

+ <term>-d <replaceable class="parameter">debug-level</replaceable></term>

+ <listitem>

+ <para>

+ Set the daemon's debug level to <replaceable class="parameter">debug-level</replaceable>.

+ Debugging traces from <command>named</command> become

+ more verbose as the debug level increases.

</para>

- </listitem>

+ </listitem>

</varlistentry>

- <term>-d <replaceable class="parameter">debug-level</replaceable></term>

- <listitem>

- <para>

- Set the daemon's debug level to <replaceable

- class="parameter">debug-level</replaceable>.

- Debugging traces from <command>named</command> become

- more verbose as the debug level increases.

+ <term>-f</term>

+ <listitem>

+ <para>

+ Run the server in the foreground (i.e. do not daemonize).

</para>

- </listitem>

+ </listitem>

</varlistentry>

- <term>-f</term>

- <listitem>

- <para>

- Run the server in the foreground (i.e. do not daemonize).

+ <term>-g</term>

+ <listitem>

+ <para>

+ Run the server in the foreground and force all logging

+ to <filename>stderr</filename>.

</para>

- </listitem>

+ </listitem>

</varlistentry>

- <term>-g</term>

- <listitem>

- <para>

- Run the server in the foreground and force all logging

- to <filename>stderr</filename>.

+ <term>-m <replaceable class="parameter">flag</replaceable></term>

+ <listitem>

+ <para>

+ Turn on memory usage debugging flags. Possible flags are

+ <replaceable class="parameter">usage</replaceable>,

+ <replaceable class="parameter">trace</replaceable>,

+ <replaceable class="parameter">record</replaceable>,

+ <replaceable class="parameter">size</replaceable>, and

+ <replaceable class="parameter">mctx</replaceable>.

+ These correspond to the ISC_MEM_DEBUGXXXX flags described in

+ <filename><isc/mem.h></filename>.

</para>

- </listitem>

+ </listitem>

</varlistentry>

- <term>-n <replaceable class="parameter">#cpus</replaceable></term>

- <listitem>

- <para>

- Create <replaceable

- class="parameter">#cpus</replaceable> worker threads

- to take advantage of multiple CPUs. If not specified,

- <command>named</command> will try to determine the

- number of CPUs present and create one thread per CPU.

- If it is unable to determine the number of CPUs, a

- single worker thread will be created.

+ <term>-i <replaceable class="parameter">pid-file</replaceable></term>

+ <listitem>

+ <para>

+ Specifies the file taht contains the process ID of

+ <command>named</command>. The default is

+ <filename>/var/run/named.pid</filename>.

</para>

- </listitem>

+ </listitem>

</varlistentry>

- <term>-p <replaceable class="parameter">port</replaceable></term>

- <listitem>

- <para>

- Listen for queries on port <replaceable

- class="parameter">port</replaceable>. If not

- specified, the default is port 53.

+ <term>-n <replaceable class="parameter">#cpus</replaceable></term>

+ <listitem>

+ <para>

+ Create <replaceable class="parameter">#cpus</replaceable> worker threads

+ to take advantage of multiple CPUs. If not specified,

+ <command>named</command> will try to determine the

+ number of CPUs present and create one thread per CPU.

+ If it is unable to determine the number of CPUs, a

+ single worker thread will be created.

</para>

- </listitem>

+ </listitem>

</varlistentry>

- <term>-s</term>

- <listitem>

- <para>

- Write memory usage statistics to <filename>stdout</filename> on exit.

+ <term>-p <replaceable class="parameter">port</replaceable></term>

+ <listitem>

+ <para>

+ Listen for queries on port <replaceable class="parameter">port</replaceable>. If not

+ specified, the default is port 53.

</para>

- <note>

- <para>

- This option is mainly of interest to BIND 9 developers

- and may be removed or changed in a future release.

- </para>

- </note>

- </listitem>

+ </listitem>

</varlistentry>

- <term>-t <replaceable class="parameter">directory</replaceable></term>

- <listitem>

- <para>

- <function>chroot()</function> to <replaceable

- class="parameter">directory</replaceable> after

- processing the command line arguments, but before

- reading the configuration file.

+ <term>-s</term>

+ <listitem>

+ <para>

+ Write memory usage statistics to <filename>stdout</filename> on exit.

</para>

- <warning>

- <para>

- This option should be used in conjunction with the

- <option>-u</option> option, as chrooting a process

- running as root doesn't enhance security on most

- systems; the way <function>chroot()</function> is

- defined allows a process with root privileges to

- escape a chroot jail.

- </para>

- </warning>

- </listitem>

+ <note>

+ <para>

+ This option is mainly of interest to BIND 9 developers

+ and may be removed or changed in a future release.

+ </para>

+ </note>

+ </listitem>

</varlistentry>

- <term>-u <replaceable class="parameter">user</replaceable></term>

- <listitem>

- <para>

- <function>setuid()</function> to <replaceable

- class="parameter">user</replaceable> after completing

- privileged operations, such as creating sockets that

- listen on privileged ports.

+ <term>-t <replaceable class="parameter">directory</replaceable></term>

+ <listitem>

+ <para>Chroot

+ to <replaceable class="parameter">directory</replaceable> after

+ processing the command line arguments, but before

+ reading the configuration file.

</para>

- <note>

- <para>

- On Linux, <command>named</command> uses the kernel's

- capability mechanism to drop all root privileges

- except the ability to <function>bind()</function> to a

- privileged port and set process resource limits.

- Unfortunately, this means that the <option>-u</option>

- option only works when <command>named</command> is run

- on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or

- later, since previous kernels did not allow privileges

- to be retained after <function>setuid()</function>.

- </para>

- </note>

- </listitem>

+ <warning>

+ <para>

+ This option should be used in conjunction with the

+ <option>-u</option> option, as chrooting a process

+ running as root doesn't enhance security on most

+ systems; the way <function>chroot(2)</function> is

+ defined allows a process with root privileges to

+ escape a chroot jail.

+ </para>

+ </warning>

+ </listitem>

</varlistentry>

- <term>-v</term>

- <listitem>

- <para>

- Report the version number and exit.

+ <term>-u <replaceable class="parameter">user</replaceable></term>

+ <listitem>

+ <para>Setuid

+ to <replaceable class="parameter">user</replaceable> after completing

+ privileged operations, such as creating sockets that

+ listen on privileged ports.

</para>

- </listitem>

+ <note>

+ <para>

+ On Linux, <command>named</command> uses the kernel's

+ capability mechanism to drop all root privileges

+ except the ability to <function>bind(2)</function> to

+ a

+ privileged port and set process resource limits.

+ Unfortunately, this means that the <option>-u</option>

+ option only works when <command>named</command> is

+ run

+ on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or

+ later, since previous kernels did not allow privileges

+ to be retained after <function>setuid(2)</function>.

+ </para>

+ </note>

+ </listitem>

</varlistentry>

- <term>-x <replaceable class="parameter">cache-file</replaceable></term>

- <listitem>

- <para>

- Load data from <replaceable

- class="parameter">cache-file</replaceable> into the

- cache of the default view.

+ <term>-v</term>

+ <listitem>

+ <para>

+ Report the version number and exit.

</para>

- <warning>

- <para>

- This option must not be used. It is only of interest

- to BIND 9 developers and may be removed or changed in a

- future release.

- </para>

- </warning>

- </listitem>

+ </listitem>

+ </varlistentry>

+ <varlistentry>

+ <term>-x <replaceable class="parameter">cache-file</replaceable></term>

+ <listitem>

+ <para>

+ Load data from <replaceable class="parameter">cache-file</replaceable> into the

+ cache of the default view.

+ </para>

+ <warning>

+ <para>

+ This option must not be used. It is only of interest

+ to BIND 9 developers and may be removed or changed in a

+ future release.

+ </para>

+ </warning>

+ </listitem>

</varlistentry>

</variablelist>

@@ -242,35 +310,35 @@

<title>SIGNALS</title>

<para>

- In routine operation, signals should not be used to control

- the nameserver; <command>rndc</command> should be used

- instead.

+ In routine operation, signals should not be used to control

+ the nameserver; <command>rndc</command> should be used

+ instead.

</para>

- <term>SIGHUP</term>

- <listitem>

- <para>

- Force a reload of the server.

+ <term>SIGHUP</term>

+ <listitem>

+ <para>

+ Force a reload of the server.

</para>

- </listitem>

+ </listitem>

</varlistentry>

- <term>SIGINT, SIGTERM</term>

- <listitem>

- <para>

- Shut down the server.

+ <term>SIGINT, SIGTERM</term>

+ <listitem>

+ <para>

+ Shut down the server.

</para>

- </listitem>

+ </listitem>

</varlistentry>

</variablelist>

<para>

- The result of sending any other signals to the server is undefined.

+ The result of sending any other signals to the server is undefined.

</para>

</refsect1>

@@ -278,10 +346,23 @@

<title>CONFIGURATION</title>

<para>

- The <command>named</command> configuration file is too complex

- to describe in detail here. A complete description is

- provided in the <citetitle>BIND 9 Administrator Reference

- Manual</citetitle>.

+ The <command>named</command> configuration file is too complex

+ to describe in detail here. A complete description is provided

+ in the

+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.

+ </para>

+ </refsect1>

+ <refsect1>

+ <title>CAVEATS</title>

+ <para>

+ <command>named</command> runs privilege separated for binding

+ the privileged ports after an interface or address

+ change. The privileged process will only allow

+ <command>named</command> to <function>bind(2)</function> to

+ default ports. Make sure you use unprivileged (>1024) ports if

+ you change any of the default ports in <command>named</command>'s

+ configuration or on the command-line.

</para>

</refsect1>

@@ -291,21 +372,21 @@

- <term><filename>/etc/named.conf</filename></term>

- <listitem>

- <para>

- The default configuration file.

+ <term><filename>/etc/named.conf</filename></term>

+ <listitem>

+ <para>

+ The default configuration file.

</para>

- </listitem>

+ </listitem>

</varlistentry>

- <term><filename>/var/run/named.pid</filename></term>

- <listitem>

- <para>

- The default process-id file.

+ <term><filename>/var/run/named.pid</filename></term>

+ <listitem>

+ <para>

+ The default process-id file.

</para>

- </listitem>

+ </listitem>

</varlistentry>

</variablelist>

@@ -314,33 +395,40 @@

- <para>

- <citetitle>RFC 1033</citetitle>,

- <citetitle>RFC 1034</citetitle>,

- <citetitle>RFC 1035</citetitle>,

- <citerefentry>

- <refentrytitle>rndc</refentrytitle>

- <manvolnum>8</manvolnum>

- </citerefentry>,

- <citerefentry>

- <refentrytitle>lwresd</refentrytitle>

- <manvolnum>8</manvolnum>

- </citerefentry>,

- <citetitle>BIND 9 Administrator Reference Manual</citetitle>.

+ <para><citetitle>RFC 1033</citetitle>,

+ <citetitle>RFC 1034</citetitle>,

+ <citetitle>RFC 1035</citetitle>,

+ <citerefentry>

+ <refentrytitle>named-checkconf</refentrytitle>

+ <manvolnum>8</manvolnum>

+ </citerefentry>,

+ <citerefentry>

+ <refentrytitle>named-checkzone</refentrytitle>

+ <manvolnum>8</manvolnum>

+ </citerefentry>,

+ <citerefentry>

+ <refentrytitle>rndc</refentrytitle>

+ <manvolnum>8</manvolnum>

+ </citerefentry>,

+ <citerefentry>

+ <refentrytitle>lwresd</refentrytitle>

+ <manvolnum>8</manvolnum>

+ </citerefentry>,

+ <citerefentry>

+ <refentrytitle>named.conf</refentrytitle>

+ <manvolnum>5</manvolnum>

+ </citerefentry>,

+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.

</para>

</refsect1>

<title>AUTHOR</title>

- <para>

- <corpauthor>Internet Software Consortium</corpauthor>

+ <para><corpauthor>Internet Systems Consortium</corpauthor>

</para>

</refsect1>

-</refentry>

-<!--

+</refentry><!--

- Local variables:

- mode: sgml

- End: