Use IPv4 only even if the host machine is capable of
IPv6. -4 and -6 are mutually exclusive.
Use IPv6 only even if the host machine is capable of
IPv4. -4 and -6 are mutually exclusive.
Use config-file as the configuration file instead
of the default, /etc/named.conf. To ensure that reloading the
configuration file continues to work after the server has changed its working
directory due to to a possible directory option in the configuration
file, config-file should be an absolute pathname.
Set the daemon's debug level to debug-level.
Debugging traces from named become more verbose as the debug level
Specifies a string that is used to identify a instance of
named in a process listing. The contents of string are not
When applicable, specifies the hardware to use for
cryptographic operations, such as a secure key store used for signing.
When BIND is built with OpenSSL PKCS#11 support, this defaults to
the string "pkcs11", which identifies an OpenSSL engine that can
drive a cryptographic accelerator or hardware service module. When BIND is
built with native PKCS#11 cryptography (--enable-native-pkcs11), it defaults
to the path of the PKCS#11 provider library specified via
Run the server in the foreground (i.e. do not
Run the server in the foreground and force all logging to
Sets the default memory context options. Currently the
only supported option is external, which causes the internal memory
manager to be bypassed in favor of system-provided memory allocation
Turn on memory usage debugging flags. Possible flags are
usage, trace, record, size, and mctx. These
correspond to the ISC_MEM_DEBUGXXXX flags described in
Create #cpus worker threads to take advantage of
multiple CPUs. If not specified, named will try to determine the number
of CPUs present and create one thread per CPU. If it is unable to determine
the number of CPUs, a single worker thread will be created.
Listen for queries on port port. If not specified,
the default is port 53.
Write memory usage statistics to stdout
Note: This option is mainly of interest to BIND 9
developers and may be removed or changed in a future release.
to use up to #max-socks
sockets. The default value is 4096 on systems built with default configuration
options, and 21000 on systems built with "configure
Warning: This option should be unnecessary for the
vast majority of users. The use of this option could even be harmful because
the specified value may exceed the limitation of the underlying system API. It
is therefore set only when the default configuration causes exhaustion of file
descriptors and the operational environment is known to support the specified
number of sockets. Note also that the actual maximum number is normally a
little fewer than the specified value because named reserves some file
descriptors for its internal use.
Chroot to directory
after processing the command
line arguments, but before reading the configuration file.
This option should be used in conjunction
with the -u
option, as chrooting a process running as root doesn't
enhance security on most systems; the way chroot(2)
is defined allows a
process with root privileges to escape a chroot jail.
Use #listeners worker threads to listen for
incoming UDP packets on each address. If not specified, named will
calculate a default value based on the number of detected CPUs: 1 for 1 CPU, 2
for 2-4 CPUs, and the number of detected CPUs divided by 2 for values higher
than 4. If -n has been set to a higher value than the number of
detected CPUs, then -U may be increased as high as that value, but no
Setuid to user
after completing privileged
operations, such as creating sockets that listen on privileged ports.
On Linux, named
uses the kernel's
capability mechanism to drop all root privileges except the ability to
to a privileged port and set process resource limits.
Unfortunately, this means that the -u
option only works when
is run on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or later,
since previous kernels did not allow privileges to be retained after
Report the version number and exit.
Report the version number and build options, and
Load data from cache-file
into the cache of the
Warning: This option must not be used. It is only
of interest to BIND 9 developers and may be removed or changed in a future