1135446Strhodes<!-- 2193149Sdougb - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") 3153816Sdougb - Copyright (C) 2000, 2001 Internet Software Consortium. 4153816Sdougb - 5204619Sdougb - Permission to use, copy, modify, and/or distribute this software for any 6135446Strhodes - purpose with or without fee is hereby granted, provided that the above 7135446Strhodes - copyright notice and this permission notice appear in all copies. 8153816Sdougb - 9135446Strhodes - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10135446Strhodes - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11153816Sdougb - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12135446Strhodes - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13135446Strhodes - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14135446Strhodes - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15135446Strhodes - PERFORMANCE OF THIS SOFTWARE. 16135446Strhodes--> 17234010Sdougb<!-- $Id$ --> 18153816Sdougb<html> 19153816Sdougb<head> 20153816Sdougb<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 21153816Sdougb<title>lwresd</title> 22170222Sdougb<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> 23153816Sdougb</head> 24153816Sdougb<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> 25234010Sdougb<a name="id2476274"></a><div class="titlepage"></div> 26153816Sdougb<div class="refnamediv"> 27153816Sdougb<h2>Name</h2> 28153816Sdougb<p><span class="application">lwresd</span> — lightweight resolver daemon</p> 29153816Sdougb</div> 30153816Sdougb<div class="refsynopsisdiv"> 31153816Sdougb<h2>Synopsis</h2> 32174187Sdougb<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div> 33153816Sdougb</div> 34153816Sdougb<div class="refsect1" lang="en"> 35234010Sdougb<a name="id2543469"></a><h2>DESCRIPTION</h2> 36170222Sdougb<p><span><strong class="command">lwresd</strong></span> 37170222Sdougb is the daemon providing name lookup 38170222Sdougb services to clients that use the BIND 9 lightweight resolver 39170222Sdougb library. It is essentially a stripped-down, caching-only name 40170222Sdougb server that answers queries using the BIND 9 lightweight 41170222Sdougb resolver protocol rather than the DNS protocol. 42153816Sdougb </p> 43170222Sdougb<p><span><strong class="command">lwresd</strong></span> 44170222Sdougb listens for resolver queries on a 45170222Sdougb UDP port on the IPv4 loopback interface, 127.0.0.1. This 46170222Sdougb means that <span><strong class="command">lwresd</strong></span> can only be used by 47193149Sdougb processes running on the local machine. By default, UDP port 48170222Sdougb number 921 is used for lightweight resolver requests and 49170222Sdougb responses. 50153816Sdougb </p> 51153816Sdougb<p> 52170222Sdougb Incoming lightweight resolver requests are decoded by the 53170222Sdougb server which then resolves them using the DNS protocol. When 54170222Sdougb the DNS lookup completes, <span><strong class="command">lwresd</strong></span> encodes 55170222Sdougb the answers in the lightweight resolver format and returns 56170222Sdougb them to the client that made the request. 57153816Sdougb </p> 58153816Sdougb<p> 59170222Sdougb If <code class="filename">/etc/resolv.conf</code> contains any 60170222Sdougb <code class="option">nameserver</code> entries, <span><strong class="command">lwresd</strong></span> 61170222Sdougb sends recursive DNS queries to those servers. This is similar 62170222Sdougb to the use of forwarders in a caching name server. If no 63170222Sdougb <code class="option">nameserver</code> entries are present, or if 64170222Sdougb forwarding fails, <span><strong class="command">lwresd</strong></span> resolves the 65170222Sdougb queries autonomously starting at the root name servers, using 66170222Sdougb a built-in list of root server hints. 67153816Sdougb </p> 68153816Sdougb</div> 69153816Sdougb<div class="refsect1" lang="en"> 70234010Sdougb<a name="id2543516"></a><h2>OPTIONS</h2> 71153816Sdougb<div class="variablelist"><dl> 72174187Sdougb<dt><span class="term">-4</span></dt> 73174187Sdougb<dd><p> 74174187Sdougb Use IPv4 only even if the host machine is capable of IPv6. 75174187Sdougb <code class="option">-4</code> and <code class="option">-6</code> are mutually 76174187Sdougb exclusive. 77174187Sdougb </p></dd> 78174187Sdougb<dt><span class="term">-6</span></dt> 79174187Sdougb<dd><p> 80174187Sdougb Use IPv6 only even if the host machine is capable of IPv4. 81174187Sdougb <code class="option">-4</code> and <code class="option">-6</code> are mutually 82174187Sdougb exclusive. 83174187Sdougb </p></dd> 84174187Sdougb<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt> 85174187Sdougb<dd><p> 86174187Sdougb Use <em class="replaceable"><code>config-file</code></em> as the 87174187Sdougb configuration file instead of the default, 88174187Sdougb <code class="filename">/etc/lwresd.conf</code>. 89174187Sdougb 90186462Sdougb <code class="option">-c</code> can not be used with <code class="option">-C</code>. 91174187Sdougb </p></dd> 92153816Sdougb<dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt> 93153816Sdougb<dd><p> 94170222Sdougb Use <em class="replaceable"><code>config-file</code></em> as the 95170222Sdougb configuration file instead of the default, 96170222Sdougb <code class="filename">/etc/resolv.conf</code>. 97186462Sdougb <code class="option">-C</code> can not be used with <code class="option">-c</code>. 98153816Sdougb </p></dd> 99153816Sdougb<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt> 100153816Sdougb<dd><p> 101170222Sdougb Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>. 102170222Sdougb Debugging traces from <span><strong class="command">lwresd</strong></span> become 103170222Sdougb more verbose as the debug level increases. 104153816Sdougb </p></dd> 105153816Sdougb<dt><span class="term">-f</span></dt> 106153816Sdougb<dd><p> 107170222Sdougb Run the server in the foreground (i.e. do not daemonize). 108153816Sdougb </p></dd> 109153816Sdougb<dt><span class="term">-g</span></dt> 110153816Sdougb<dd><p> 111170222Sdougb Run the server in the foreground and force all logging 112170222Sdougb to <code class="filename">stderr</code>. 113153816Sdougb </p></dd> 114174187Sdougb<dt><span class="term">-i <em class="replaceable"><code>pid-file</code></em></span></dt> 115174187Sdougb<dd><p> 116174187Sdougb Use <em class="replaceable"><code>pid-file</code></em> as the 117174187Sdougb PID file instead of the default, 118193149Sdougb <code class="filename">/var/run/lwresd/lwresd.pid</code>. 119174187Sdougb </p></dd> 120174187Sdougb<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt> 121174187Sdougb<dd><p> 122174187Sdougb Turn on memory usage debugging flags. Possible flags are 123174187Sdougb <em class="replaceable"><code>usage</code></em>, 124174187Sdougb <em class="replaceable"><code>trace</code></em>, 125174187Sdougb <em class="replaceable"><code>record</code></em>, 126174187Sdougb <em class="replaceable"><code>size</code></em>, and 127174187Sdougb <em class="replaceable"><code>mctx</code></em>. 128174187Sdougb These correspond to the ISC_MEM_DEBUGXXXX flags described in 129174187Sdougb <code class="filename"><isc/mem.h></code>. 130174187Sdougb </p></dd> 131153816Sdougb<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt> 132153816Sdougb<dd><p> 133170222Sdougb Create <em class="replaceable"><code>#cpus</code></em> worker threads 134170222Sdougb to take advantage of multiple CPUs. If not specified, 135170222Sdougb <span><strong class="command">lwresd</strong></span> will try to determine the 136170222Sdougb number of CPUs present and create one thread per CPU. 137170222Sdougb If it is unable to determine the number of CPUs, a 138170222Sdougb single worker thread will be created. 139153816Sdougb </p></dd> 140153816Sdougb<dt><span class="term">-P <em class="replaceable"><code>port</code></em></span></dt> 141153816Sdougb<dd><p> 142170222Sdougb Listen for lightweight resolver queries on port 143170222Sdougb <em class="replaceable"><code>port</code></em>. If 144170222Sdougb not specified, the default is port 921. 145153816Sdougb </p></dd> 146153816Sdougb<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt> 147153816Sdougb<dd><p> 148170222Sdougb Send DNS lookups to port <em class="replaceable"><code>port</code></em>. If not 149170222Sdougb specified, the default is port 53. This provides a 150170222Sdougb way of testing the lightweight resolver daemon with a 151170222Sdougb name server that listens for queries on a non-standard 152170222Sdougb port number. 153153816Sdougb </p></dd> 154153816Sdougb<dt><span class="term">-s</span></dt> 155153816Sdougb<dd> 156153816Sdougb<p> 157170222Sdougb Write memory usage statistics to <code class="filename">stdout</code> 158170222Sdougb on exit. 159153816Sdougb </p> 160153816Sdougb<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> 161153816Sdougb<h3 class="title">Note</h3> 162153816Sdougb<p> 163170222Sdougb This option is mainly of interest to BIND 9 developers 164170222Sdougb and may be removed or changed in a future release. 165170222Sdougb </p> 166153816Sdougb</div> 167153816Sdougb</dd> 168153816Sdougb<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> 169153816Sdougb<dd> 170174187Sdougb<p>Chroot 171170222Sdougb to <em class="replaceable"><code>directory</code></em> after 172170222Sdougb processing the command line arguments, but before 173170222Sdougb reading the configuration file. 174153816Sdougb </p> 175153816Sdougb<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"> 176153816Sdougb<h3 class="title">Warning</h3> 177153816Sdougb<p> 178170222Sdougb This option should be used in conjunction with the 179170222Sdougb <code class="option">-u</code> option, as chrooting a process 180170222Sdougb running as root doesn't enhance security on most 181174187Sdougb systems; the way <code class="function">chroot(2)</code> is 182170222Sdougb defined allows a process with root privileges to 183170222Sdougb escape a chroot jail. 184170222Sdougb </p> 185153816Sdougb</div> 186153816Sdougb</dd> 187153816Sdougb<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt> 188174187Sdougb<dd><p>Setuid 189170222Sdougb to <em class="replaceable"><code>user</code></em> after completing 190170222Sdougb privileged operations, such as creating sockets that 191170222Sdougb listen on privileged ports. 192153816Sdougb </p></dd> 193153816Sdougb<dt><span class="term">-v</span></dt> 194153816Sdougb<dd><p> 195170222Sdougb Report the version number and exit. 196153816Sdougb </p></dd> 197153816Sdougb</dl></div> 198153816Sdougb</div> 199153816Sdougb<div class="refsect1" lang="en"> 200234010Sdougb<a name="id2543933"></a><h2>FILES</h2> 201153816Sdougb<div class="variablelist"><dl> 202153816Sdougb<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt> 203153816Sdougb<dd><p> 204170222Sdougb The default configuration file. 205153816Sdougb </p></dd> 206153816Sdougb<dt><span class="term"><code class="filename">/var/run/lwresd.pid</code></span></dt> 207153816Sdougb<dd><p> 208170222Sdougb The default process-id file. 209153816Sdougb </p></dd> 210153816Sdougb</dl></div> 211153816Sdougb</div> 212153816Sdougb<div class="refsect1" lang="en"> 213234010Sdougb<a name="id2543973"></a><h2>SEE ALSO</h2> 214170222Sdougb<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, 215170222Sdougb <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>, 216170222Sdougb <span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>. 217153816Sdougb </p> 218153816Sdougb</div> 219153816Sdougb<div class="refsect1" lang="en"> 220234010Sdougb<a name="id2544007"></a><h2>AUTHOR</h2> 221170222Sdougb<p><span class="corpauthor">Internet Systems Consortium</span> 222153816Sdougb </p> 223153816Sdougb</div> 224153816Sdougb</div></body> 225153816Sdougb</html> 226