named Daemon

Edit online

BIND version 9.4

Purpose

Provides the server function for the Domain Name Protocol.

Syntax

Refer to the syntax for either the named8 or the named9 daemon.

Description

AIX® 7.1 supports only BIND version 9. By default, the named daemon links to the nsupdate or nsupdate4, named-xfer to named-xfer4. To use a different version of the named daemon, you must relink the symbolic links for the named and named-xfer daemons.

For example, to use the named8 daemon: 
ln -fs /usr/sbin/named8 /usr/sbin/named 
ln -fs /usr/sbin/named8-xfer /usr/sbin/named-xfer

The nsupdate4 command can be used with the named8 command, but the nsupdate9 command must be used with the named9 command because the security process is different. It does not matter what named-xfer is linked to when the named9 command is used because the daemon does not use it.

Files
Table 1. Files
Item Description
/usr/sbin/named Contains the named daemon.
/usr/sbin/named9 Contains the named9 daemon.
/etc/resolv.conf Specifies the use of domain name services.
/etc/services Defines socket service assignments.
/usr/samples/tcpip/named.boot Contains the sample named.boot file with directions for its use.
/usr/samples/tcpip/named.data Contains the sample DOMAIN data file with directions for its use.
/usr/samples/tcpip/hosts.awk Contains the sample awk script for converting an /etc/hosts file to an /etc/named.rev file. This file also contains directions for its use.
/usr/samples/tcpip/named.dynamic Contains a dynamic database setup.

BIND Version 9.18

Purpose

Provides the server function for the Domain Name Protocol.

Syntax

named [ [-4] | [-6] ] [-c config-file] [-C] [-d debug-level] [-D string] [-E engine-name] [-f] [-g] [-L logfile] [-M option] [-m flag] [-n #cpus] [-p port] [-s] [-t directory] [-U #listeners] [-u user] [-v] [-V] [-X lock-file]

Description

AIX 7.2 supports BIND version 9.4.1, and optionally supports BIND version 9.18. By default, the named daemon and other files link to BIND version 9.4.1. To update the named daemon to BIND 9.18, you must install the bind.rte fileset that is available as part of the web download and expansion pack. The bind.rte fileset is not installed by default. After the bind.rte fileset is installed, it removes BIND version 9.4.1 and replaces it with BIND 9.18 files.

Flags
Table 2. Flags
Item Description
-4 Forces Domain Name System (DNS) resolution of host names to the IP version 4 (IPv4) namespace.
-6 Forces DNS resolution of host names to the IP version 6 (IPv6) namespace.
-c config-file Specifies the path of the configuration file that must be used instead of the default /etc/named.conf file. To ensure that the configuration file is reloaded correctly after the server changes its working directory due to a possible directory option in the configuration file, the config-file must be an absolute path name.
-C Prints the default built-in configuration and exits.
Note: This option is for debugging purposes only and is not an accurate representation of the actual configuration that is used by the named daemon at run time
-d debug-level Sets the debug level of the named daemon to the level specified by the debug-level variable. Debugging traces from the named daemon become more verbose as the debug level increases.
-D string Specifies a string that is used to identify an instance of the named daemon in a process listing. The contents of the string variable are not examined.
-E engine-name Specifies the hardware to use for cryptographic operations, such as a secure keystore that is used for signing.

When BIND 9 is built with OpenSSL, this option needs to be set to the OpenSSL engine identifier that drives the cryptographic accelerator or hardware service module (usually pkcs11).
-f Runs the server in the foreground
-g Runs the server in the foreground and forces all the login attempts to stderr.
-L logfile Sets the log to the file specified by the logfile variable by default, instead of the system log.
-M option Sets the default (comma-separated) memory context options. The following values are the valid values for the option variable:
  • fill: Fills the blocks of memory with tag values when they are allocated or freed. This option is helpful to debug the memory problems. The fill option is the default option, when the named daemon is compiled with the --enable-developer option.
  • nofill: Disable the behavior enabled by the fill option. This option is the default option unless the named daemon is compiled with the --enable-developer option.
-m flag Turns on the debugging flags of the memory usage. Possible flags are usage, trace, record, size, and mctx. These values correspond to the ISC_MEM_DEBUGXXXX flags that are described in the isc/mem.h file.
-n #cpus Creates worker threads to take advantage of multiple CPUs. The #cpus variable specifies the number of worker threads to be created. If this option is not specified, the named daemon tries to determine the number of CPUs present and creates one thread per CPU. If the named daemon is unable to determine the number of CPUs, a single worker thread is created.
-p value Specifies one or more ports on which the server listens for queries. The following formats are the valid formats of the value variable:
  • <portnum> or dns=<portnum>: The server listens for DNS queries on the port that is specified by the portnum variable. The default port number is 53.
  • tls=<portnum>: The server listens for Transport Layer Security (TLS) queries on the port that is specified by the portnum variable. The default port number is 853.
  • https=<portnum>: The server listens for Hypertext Transfer Protocol Secure (HTTPS) queries on the port that is specified by the portnum variable. The default port number is 443.
  • http=<portnum>: The server listens for Hypertext Transfer Protocol (HTTP) queries on the port that is specified by the portnum variable. The default port number is 80.
-s Writes memory usage statistics to the standard output stdout on exit.
-t directory Instructs the named daemon to change the root directory (chroot) to the directory specified by the directory variable after the command-line arguments are processed, but before reading the configuration file.
Note: This option must be used with the -u option, as changing the root directory of a process that runs as root does not enhance security on most systems. The chroot operation is defined in such a way that it allows a process with root privileges to escape a chroot jail.
-U #listeners Specifies the number of worker threads the named daemon must listen to. The #listeners variable specifies the number of worked threads. If this option is not specified, the named daemon calculates a default value based on the number of detected CPUs. The named daemon applies the following rules to calculate a default value of worker threads:
  • If only one CPU is detected, the default number of worker thread is one.
  • If more than one CPU is detected, the default number of worked thread is calculated as the number of detected CPUs minus one.
The number of worker threads cannot be greater than the number of detected CPUs.
Note: If the -n parameter sets a higher value of the number of CPUs than the number of detected CPUs, the number of worker threads might be increased as high as the number of CPUs specified by the -n parameter.
-u user Sets the process user ID by using the setuid subroutine after completing privileged operations, such as creating sockets that listen on privileged ports. The user variable specifies the new process user ID.
-v Reports the version number and exits.
-V Reports the version number, build options, supported cryptographic algorithms, and exits.
-X lock-file Acquires a lock on the specified file at run time. This lock prevents duplicate named instances from running simultaneously. Use of this option overrides the lock-file option in the named.conf file. If set to none, the lock file check is disabled.
Files
Table 3. Files
Item Description
/etc/named.conf The default configuration file.
/run/named.pid The default process-ID file.