Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ named(1M) — Reliant UNIX 5.44c4

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

kill(1)

inetd(1M)

resolver(3N)

resolv.conf(4)

named(1M)                                                         named(1M)

NAME
     named - Internet name server

SYNOPSIS
     named [-d level] [-p port] [[-b] bootfile] [-q] [-r]

DESCRIPTION
     named is the name server of the Internet domain. It is used by the
     hosts on the Internet to provide access to the Internet distributed
     naming database. An operations guide ("BOG") can be found in
     /usr/lib/named. For more information, see RFC-1034 and RFC-1035.

     named provides negative caching. Negative caching means that the domain
     name server internally stores any negative responses that it receives
     from other domain name servers as a result of a query. In this way, the
     domain name server can answer its own queries for a certain amount of
     time, without having to access other domain name servers.

OPTIONS
     No option specified:
          named reads the file /etc/named.boot for any initial data and
          listens for queries on a privileged port.

     -d level
          level indicates the set of messages to be output. Each level
          includes the messages of any lower level, e.g. level 2 includes
          the messages of level 1.

          level:

           1   initialization information, syntax errors, DNS packet errors

           2   IP addresses of remote servers for lookup, round-trip
               values, duplicate and errored responses, system/user
               queries, zone transfers, negative caching

           3   detailed information: database file updates, duplicate
               queries, system queries, names of remote servers used during
               lookup, number of addresses for each server, SOA response

           4   query and response packets received

           5   internal error messages

           6   additional error messages

           7   no additional information

           8   no additional information

           9   no additional information




Page 1                       Reliant UNIX 5.44                Printed 11/98

named(1M)                                                         named(1M)

          10   query and response packets send by NFS

          11   additional error messages

     -p port
          Use non-standard port numbers. The default is the standard port
          number as returned by getservbyname(3N) for service "domain". The
          argument can specify two port numbers separated by a slash ("/") in
          which case the first port is that used when contacting remote
          servers, and the second one is the service port bound by the local
          instance of named. This is used mostly for debugging purposes.

     -b bootfile
          the bootfile file is used instead of /etc/named.boot for initial-
          izing.

     -q   Trace all incoming queries. NOTE: This option is deprecated in
          favor of the boot file directive options query-log.

     -r   Turns recursion off in the server. Answers can come only from
          local (primary or secondary) zones. This can be used on root
          servers. NOTE: This option is deprecated in favor of the boot
          file line options no-recursion.

     Any additional argument is taken as the name of the boot file. If mul-
     tiple boot files are specified, only the last is used.

     The boot file contains information about where the name server is to
     get its initial data. Lines in the boot file cannot be continued on
     subsequent lines. The following is a small example:

     ;
     ;    boot file for name server
     ;
     directory /usr/local/adm/named

     ; type     domain                source host/file          backup file
     cache      .                                               root.cache
     primary    Berkeley.EDU          berkeley.edu.zone
     primary    32.128.IN-ADDR.ARPA   ucbhosts.rev
     secondary  CC.Berkeley.EDU       128.32.137.8 128.32.137.3 cc.zone.bak
     secondary  6.32.128.IN-ADDR.ARPA 128.32.137.8 128.32.137.3 cc.rev.bak
     primary    0.0.127.IN-ADDR.ARPA                            localhost.rev
     forwarders 10.0.0.78 10.2.0.78
     limit      transfers-in 10
     limit      datasize 64M
     limit      transfers-per-ns 2
     options    forward-only query-log fake-iquery

     The "directory" line causes the server to change its working directory
     to the directory specified. This can be important for the correct pro-
     cessing of $INCLUDE files in primary zone files.


Page 2                       Reliant UNIX 5.44                Printed 11/98

named(1M)                                                         named(1M)

     The "cache" line specifies that data in "root.cache" is to be placed
     in the backup cache. Its main use is to specify data such as locations
     of root domain servers. This cache is not used during normal opera-
     tion, but is used as "hints" to find the current root servers. The
     file "root.cache" is in the same format as "berkeley.edu.zone". There
     can be more than one "cache" file specified. The "root.cache" file
     should be retrieved periodically from FTP.RS.INTERNIC.NET since it
     contains a list of root servers, and this list changes periodically.

     The first example "primary" line states that the file
     "berkeley.edu.zone" contains authoritative data for the "Berkeley.EDU"
     zone. The file "berkeley.edu.zone" contains data in the master file for-
     mat described in RFC 883. All domain names are relative to the origin,
     in this case, "Berkeley.EDU" (see below for a more detailed descrip-
     tion). The second "primary" line states that the file "ucbhosts.rev"
     contains authoritative data for the domain "32.128.IN-ADDR.ARPA", which
     is used to translate addresses in network 128.32 to hostnames. Each mas-
     ter file should begin with an SOA record for the zone (see below).

     The first example "secondary" line specifies that all authoritative
     data under "CC.Berkeley.EDU" is to be transferred from the name server
     at 128.32.137.8. If the transfer fails it will try 128.32.137.3 and
     continue trying the addresses, up to 10, listed on this line. The
     secondary copy is also authoritative for the specified domain. The
     first non-dotted-quad address on this line will be taken as a filename
     in which to backup the transferred zone. The name server will load the
     zone from this backup file if it exists when it boots, providing a
     complete copy even if the master servers are unreachable. Whenever a
     new copy of the domain is received by automatic zone transfer from one
     of the master servers, this file will be updated. If no file name is
     given, a temporary file will be used, and will be deleted after each
     successful zone transfer. This is not recommended since it is a need-
     less waste of bandwidth. The second example "secondary" line states
     that the address-to-hostname mapping for the subnet 128.32.136 should
     be obtained from the same list of master servers as the previous zone.

     The "forwarders" line specifies the addresses of site-wide servers
     that will accept recursive queries from other servers. If the boot
     file specifies one or more forwarders, then the server will send all
     queries for data not in the cache to the forwarders first. Each for-
     warder will be asked in turn until an answer is returned or the list
     is exhausted. If no answer is forthcoming from a forwarder, the server
     will continue as it would have without the forwarders line unless it
     is in "forward-only" mode. The forwarding facility is useful to cause
     a large site-wide cache to be generated on a master, and to reduce
     traffic over links to outside servers. It can also be used to allow
     servers to run that do not have direct access to the Internet, but
     wish to look up exterior names anyway.

     The "slave" line (deprecated) is allowed for backward compatibility.
     Its meaning is identical to "options forward-only".



Page 3                       Reliant UNIX 5.44                Printed 11/98

named(1M)                                                         named(1M)

     The "sortlist" line (not shown) can be used to indicate networks that
     are to be preferred over other networks. Queries for host addresses
     from hosts on the same network as the server will receive responses
     with local network addresses listed first, then addresses on the sort
     list, then other addresses.

     The "xfrnets" line (not shown) can be used to implement primitive
     access control. If this line is given, then your name server will only
     answer zone transfer requests from hosts which are on networks listed
     in your "xfrnets" lines. This line may also be given as "tcplist" for
     compatibility with older, interim servers.

     The "include" line (not shown) can be used to process the contents of
     some other file as though they appeared in place of the "include"
     line. This is useful if you have a lot of zones or if you have logical
     groupings of zones which are maintained by different people. The
     "include" line takes one argument, that being the name of the file
     whose contents are to be included. No quotes are necessary around the
     file name.

     The "bogusns" line (not shown) tells BIND that no queries are to be
     sent to the specified name server addresses (which are specified as
     dotted quads, not as domain names). This is useful when you know that
     some popular server has bad data in a zone or cache, and you want to
     avoid contamination while the problem is being fixed.

     The "limit" line can be used to change BIND's internal limits, some of
     which (datasize, for example) are implemented by the system and others
     (like transfers-in) by BIND itself. The number following the limit
     name can be scaled by postfixing a "k", "m", or "g" for kilobytes,
     megabytes, and gigabytes respectively. datasize's argument sets the
     process data size enforced by the kernel. transfers-in's argument is
     the number of named-xfer(1M) subprocesses which BIND will spawn at any
     one time. transfers-per-ns's argument is the maximum number of zone
     transfers (default: 2) to be simultaneously initiated to any given
     remote name server.

     The "options" line introduces a boolean specifier that changes the
     behavior of BIND. More than one option can be specified in a single
     line. The currently defined options are as follows: no-recursion,
     which will cause BIND to answer with a referral rather than actual
     data whenever it receives a query for a name it is not authoritative
     for - don't set this on a server that is listed in any host's
     resolv.conf(4) file; no-fetch-glue, which keeps BIND from fetching
     missing glue when constructing the "additional data" section of a
     response; this can be used in conjunction with no-recursion to prevent
     BIND's cache from ever growing in size or becoming corrupted;
     query-log, which causes all queries to be logged via syslogd(1M) -
     this is a lot of data, don't turn it on lightly; forward-only, which
     causes the server to query only its forwarders - this option is nor-
     mally used on machine that wishes to run a server but for physical or
     administrative reasons cannot be given access to the Internet; and


Page 4                       Reliant UNIX 5.44                Printed 11/98

named(1M)                                                         named(1M)

     fake-iquery, which tells BIND to send back a useless and bogus reply
     to "inverse queries" rather than responding with an error - this is
     helpful if you have a lot of microcomputers or SunOS hosts or both.

     The "max-fetch" line (not shown) is allowed for backward compatibil-
     ity; its meaning is identical to "limit transfers-in".

     The master file consists of control information and a list of resource
     records for objects in the zone of the forms:

          $INCLUDE filename optdomain
          $ORIGIN domain
          domain optttl optclass type resourcerecorddata

     where domain is "." for root, "@" for the current origin, or a stan-
     dard domain name. If domain is a standard domain name that does not
     end with ".", the current origin is appended to the domain. Domain
     names ending with "." are unmodified. The optdomain field is used to
     define an origin for the data in an included file. It is equivalent to
     placing a $ORIGIN statement before the first line of the included
     file. The field is optional. Neither the optdomain field nor $ORIGIN
     statements in the included file modify the current origin for this
     file. The optttl field is an optional integer number for the time-
     to-live field. It defaults to zero, meaning the minimum value speci-
     fied in the SOA record for the zone. The optclass field is the object
     address type; currently only one type is supported, IN, for objects
     connected to the DARPA Internet. The type field contains one of the
     following tokens; the format of data expected in the
     resourcerecorddata field is in parentheses in the following list:

     A       A host address (dotted quad).

     NS      An authoritative name server (domain).

     MX      A mail exchanger (domain), preceded by a preference value
             (0..32767), with lower numeric values representing higher log-
             ical preferences.

     CNAME   The canonical name for an alias (domain).

     SOA     Marks the start of a zone of authority (domain of originating
             host, domain address of maintainer, a serial number and the
             following parameters in seconds: refresh, retry, expire and
             minimum TTL [see RFC 883]).

     NULL    A null resource record (no format or data).

     RP      A Responsible Person for some domain name (mailbox, TXT-
             referral).

     PTR     A domain name pointer (domain).



Page 5                       Reliant UNIX 5.44                Printed 11/98

named(1M)                                                         named(1M)

     HINFO   Host information (CPU type, OS type).

     TXT     Free-form textual data; define secure zones (see below).

     Resource records normally end at the end of a line, but may be contin-
     ued across lines between opening and closing parentheses. Comments are
     introduced by semicolons and continue to the end of the line.

     Note that there are other resource record types, not shown here. You
     should consult the BIND Operations Guide ("BOG"; see /usr/lib/named)
     for the complete list. Some resource record types may have been stand-
     ardized in newer RFC's but not yet implemented in this version of
     BIND.

     Each master zone file should begin with an SOA record for the zone. An
     example SOA record is as follows:

     @    IN   SOA  ucbvax.Berkeley.EDU. rwh.ucbvax.Berkeley.EDU. (
                         1989020501     ; serial
                         10800     ; refresh
                         3600 ; retry
                         3600000   ; expire
                         86400 )   ; minimum

     The SOA specifies a serial number, which should be changed each time
     the master file is changed. Note that the serial number can be given
     as a dotted number, but this is a very unwise thing to do since the
     translation to normal integers is via concatenation rather than multi-
     plication and addition. You can spell out the year, month, day of
     month, and 0..99 version number and still fit inside the unsigned 32-
     bit size of this field. It's true that we will have to rethink this
     strategy in the year 4294 (Greg.) but we're not worried about it.
     Secondary servers check the serial number at intervals specified by
     the refresh time in seconds; if the serial number changes, a zone
     transfer will be done to load the new data. If a master server cannot
     be contacted when a refresh is due, the retry time specifies the
     interval at which refreshes should be attempted. If a master server
     cannot be contacted within the interval given by the expire time, all
     data from the zone is discarded by secondary servers. The minimum
     value is the time-to-live ("TTL") used by records in the file with no
     explicit time-to-live value.

     Secure zones implement named security on a zone by zone basis. It is
     designed to use a permission list of networks or hosts which may
     obtain particular information from the zone.

     In order to use zone security you must have at least one "secure_zone"
     TXT resource record. Unless a "secure_zone" record exists for a given
     zone, no restrictions will be applied to the data in that zone. The
     format of the "secure_zone" TXT resource record is:

          securezone     addr-class     TXT     string


Page 6                       Reliant UNIX 5.44                Printed 11/98

named(1M)                                                         named(1M)

     The addr-class may be either HS or IN. The syntax for the string is
     either "network address:netmask" or "host IP address:H".

     "network address:netmask" allows queries from an entire network. If
     the netmask is omitted, named will use the default netmask for the
     network address specified.

     "host IP address:H" allows queries from a host. The "H" after the ":"
     is required to differentiate the host address from a network address.
     Multiple "secure_zone" TXT resource records are allowed in the same
     zone file.

     For example, you can set up a zone to only answer Hesiod requests from
     the masked class B network 130.215.0.0 and from host 128.23.10.56 by
     adding the following two TXT resource record's:

     securezone     HS     TXT     "130.215.0.0:255.255.0.0"
     securezone     HS     TXT     "128.23.10.56:H"

     This feature can be used to restrict access to a Hesiod password map
     or to separate internal and external internet address resolution on a
     firewall machine without needing to run a separate named for internal
     and external address resolution.

     Note that you will need to include your loopback interface (127.0.0.1)
     in your "secure_zone" record, or your local clients won't be able to
     resolve names.

   Signal handling

     The following signals have the specified effect when sent to the
     server process using the kill(1) command.

     SIGHUP     Causes server to read /etc/named.boot and reload the data-
                base. SIGHUP will also cause the server to check the serial
                number on all secondary zones. Normally the serial numbers
                are only checked at the SOA-specified intervals.

     SIGINT     Dumps the current database and cache to
                /var/tmp/nameddump.db.

     SIGUSR1    Turns on debugging; each subsequent SIGUSR1 increments the
                debug level (up to level 11).

     SIGUSR2    Turns off debugging (debug level 0).

     SIGIOT     Dumps statistics data into /var/tmp/named.stats. Statistics
                data is appended to the file.

     SIGWINCH   Toggles logging of all incoming queries via syslogd(1M).




Page 7                       Reliant UNIX 5.44                Printed 11/98

named(1M)                                                         named(1M)

FILES
     /etc/named.boot
          name server configuration boot file

     /etc/named.pid
          the process ID

     /var/tmp/named.run
          debug output

     /var/tmp/nameddump.db
          dump of the name servers database

     /var/tmp/named.stats
          name server statistics data

     /usr/lib/named/bog.ascii
     /usr/lib/named/bog.ps
          Name Server Operations Guide for BIND ("BOG"); ASCII and
          PostScript format

SEE ALSO
     kill(1), inetd(1M), resolver(3N), resolv.conf(4).































Page 8                       Reliant UNIX 5.44                Printed 11/98

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026