named

Read the default configuration file /etc/named.conf, read any initial data and listen for queries

$ named

$ named -c [path/to/named.conf]

$ named [-4|-6]

$ named -p [port]

$ named -f

named [options]

-c config-file
    Specifies the path to the configuration file, overriding the default /etc/named.conf.

-f
    Runs named in the foreground, useful for debugging. Logging will typically go to stderr.

-g
    Equivalent to -f, but also sends all log messages to stderr. This option implies -f.

-m memory-debugging-options
    Enables memory usage debugging. Options include 'stats', 'trace', 'full', 'record', etc., or 'no'.

-p port
    Specifies the port on which named should listen for queries, overriding the default port 53.

-s
    Writes log messages to syslog. This option is largely deprecated as syslog logging is often the default behavior or configured directly in named.conf.

-t chrootdir
    Changes the root directory of the server process to chrootdir after startup. This enhances security by limiting file system access.

-u user
    Runs named as the specified user and group after startup, improving security by dropping root privileges.

-v
    Prints the version information of named to standard output and exits.

-V
    Prints verbose version information, including build options and libraries used, to standard output and exits.

The named (Name Domain) daemon is the core component of the Berkeley Internet Name Domain (BIND) system, serving as the primary DNS (Domain Name System) server program. Its fundamental role is to translate human-readable domain names (like example.com) into machine-readable IP addresses (like 192.0.2.1) and vice-versa, which is crucial for internet communication.

named listens for DNS queries, resolves them by looking up information in its configured zone files, or by recursively querying other DNS servers. It can operate in various modes: as an authoritative server for zones it masters, a recursive resolver that finds answers for clients, or a caching server to speed up future queries. It typically listens on UDP port 53 for standard queries and TCP port 53 for zone transfers and larger responses. Configuration is primarily managed via the named.conf file, which defines its operational behavior, zones, logging, and security settings, including support for DNSSEC.

Configuring named requires a deep understanding of DNS concepts, zone files, and security best practices. Misconfigurations can lead to significant issues, including DNS resolution failures, security vulnerabilities (e.g., DNS amplification attacks, cache poisoning), or high resource consumption. Implementing DNSSEC correctly also adds a layer of complexity.

While named is robust, it can be resource-intensive, particularly under heavy query loads or with large numbers of zones. Regular monitoring and careful tuning are essential for production environments.

The primary configuration for named is stored in the named.conf file (default: /etc/named.conf). This file defines global settings, logging, access control lists (ACLs), and most importantly, the zones that named is authoritative for or that it will recursively resolve queries for.

For domains where named acts as an authoritative server, the actual DNS records (A, AAAA, MX, NS, CNAME, SOA, PTR, etc.) are stored in separate zone files. These files are referenced within named.conf and contain the mappings between domain names and IP addresses or other resources.

named can be configured to operate in several ways:

Authoritative-only: Serves DNS records for zones it masters, but does not perform recursive queries for clients.

Recursive-only (Caching Resolver): Primarily performs recursive lookups for clients, caching responses to improve performance, but does not host its own zones.

Combined: Acts as both an authoritative server for some zones and a recursive resolver for clients. This is a common setup for enterprise networks.

One of named's critical features is its comprehensive support for DNS Security Extensions (DNSSEC). DNSSEC adds cryptographic signatures to DNS data, allowing DNS resolvers to verify the authenticity and integrity of responses, thereby protecting against cache poisoning and other forms of DNS manipulation.

named originated from the Berkeley Internet Name Domain (BIND) software, which was developed at the University of California, Berkeley, in the 1980s. It became a fundamental component of the internet's infrastructure, initially distributed with BSD Unix. Over decades, named has undergone significant evolution through various major versions (e.g., BIND 4, BIND 8, BIND 9). BIND 9, released in 2000, represented a major rewrite focused on scalability, security (with robust DNSSEC support), and advanced features. It remains the most widely used DNS server software globally, continuously updated by the Internet Systems Consortium (ISC) to address performance, security, and protocol standard enhancements.

rndc(8), dig(1), host(1), nslookup(1), named.conf(5), named-checkconf(8), named-checkzone(8)