-4 This option tells named to use only IPv4, even if the host machine is capable of IPv6. -4 and -6
are mutually exclusive.
-6 This option tells named to use only IPv6, even if the host machine is capable of IPv4. -4 and -6
are mutually exclusive.
-cconfig-file
This option tells named to use config-file as its configuration file instead of the default,
/etc/bind/named.conf. To ensure that the configuration file can be reloaded after the server has
changed its working directory due to to a possible directory option in the configuration file,
config-file should be an absolute pathname.
-C This option prints out the default built-in configuration and exits.
NOTE: This is for debugging purposes only and is not an accurate representation of the actual
configuration used by named at runtime.
-ddebug-level
This option sets the daemon's debug level to debug-level. Debugging traces from named become more
verbose as the debug level increases.
-Dstring
This option specifies a string that is used to identify a instance of named in a process listing.
The contents of string are not examined.
-Eengine-name
When applicable, this option specifies the hardware to use for cryptographic operations, such as a
secure key store used for signing.
When BIND 9 is built with OpenSSL, this needs to be set to the OpenSSL engine identifier that
drives the cryptographic accelerator or hardware service module (usually pkcs11).
-f This option runs the server in the foreground (i.e., do not daemonize).
-F This options turns on FIPS (US Federal Information Processing Standards) mode if the underlying
crytographic library supports running in FIPS mode.
-g This option runs the server in the foreground and forces all logging to stderr.
-Llogfile
This option sets the log to the file logfile by default, instead of the system log.
-Moption
This option sets the default (comma-separated) memory context options. The possible flags are:
• fill: fill blocks of memory with tag values when they are allocated or freed, to assist
debugging of memory problems; this is the implicit default if named has been compiled with
--enable-developer.
• nofill: disable the behavior enabled by fill; this is the implicit default unless named has been
compiled with --enable-developer.
-mflag
This option turns on memory usage debugging flags. Possible flags are usage, trace and record.
These correspond to the ISC_MEM_DEBUGXXXX flags described in <isc/mem.h>.
-n#cpus
This option creates #cpus worker threads to take advantage of multiple CPUs. If not specified,
named tries to determine the number of CPUs present and creates one thread per CPU. If it is
unable to determine the number of CPUs, a single worker thread is created.
-pvalue
This option specifies the port(s) on which the server will listen for queries. If value is of the
form <portnum> or dns=<portnum>, the server will listen for DNS queries on portnum; if not not
specified, the default is port 53. If value is of the form tls=<portnum>, the server will listen
for TLS queries on portnum; the default is 853. If value is of the form https=<portnum>, the
server will listen for HTTPS queries on portnum; the default is 443. If value is of the form
http=<portnum>, the server will listen for HTTP queries on portnum; the default is 80.
-s This option writes memory usage statistics to stdout on exit.
NOTE:
This option is mainly of interest to BIND 9 developers and may be removed or changed in a future
release.
-tdirectory
This option tells named to chroot to directory after processing the command-line arguments, but
before reading the configuration file.
WARNING:
This option should be used in conjunction with the -u option, as chrooting a process running as root
doesn't enhance security on most systems; the way chroot is defined allows a process with root
privileges to escape a chroot jail.
-U#listeners
This option has been removed. Attempts to use it now result in a warning.
-uuser
This option sets the setuid to user after completing privileged operations, such as creating
sockets that listen on privileged ports.
NOTE:
On Linux, named uses the kernel's capability mechanism to drop all root privileges except the ability
to bind to a privileged port and set process resource limits. Unfortunately, this means that the -u
option only works when named is run on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or later, since
previous kernels did not allow privileges to be retained after setuid.
-v This option reports the version number and exits.
-V This option reports the version number, build options, supported cryptographics algorithms, and
exits.
-Xlock-file
This option has been removed and using it will cause a fatal error.
Install Now
PNG Icons
Emojis