dns-server - Domain Name Server service
Please see following description for synopsis
Standards, Environments, and Macros dns-server(8s)
NAME
dns-server - Domain Name Server service
DESCRIPTION
The dns-server service is a service management facility, under the ser-
vice identifier:
svc:/network/dns/server:default
The service starts, monitors and manages an instance of named(8) with
command line options as per service properties configured in the SMF
configuration repository. Use svcprop(1) to list the properties and
svccfg(8) to make changes. See EXAMPLES below.
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using svcadm(8). The service's
status can be queried using the svcs(1) command.
SERVICE
The dns-server SMF service supports the start, stop, refresh and
restart methods. The methods are invoked using svcadm(8).
start Reads SMF properties and creates relevant command line,
checks for existence of configuration file, and for rndc
configuration (/etc/rndc.conf) or key (/etc/rndc.key) file
(creating them if neither exist), starts named(8) with cre-
ated options and monitors process.
stop stops instance.
refresh Refreshes SMF options and sends named(8) instance a SIGHUP
signal, causing it to reload named.conf. Note, a running
instance will not pickup any SMF option changes until a
restart.
restart stops and the restarts instance.
SMF PROPERTIES
The following application configuration properties are available to
administrators:
options/chroot_dir
This option is not recommended and may be removed in a future
release! Using zones(7) and Role-Based Access Control, rbac(7), is
recommended rather than chroot environments.
chroot_dir specifies the directory to be used as the root directory
after processing SMF properties and the command line arguments but
before reading the configuration file. Use this property when using
a chroot(2) environment. Synonymous to command line option -t
directory.
This option should be used in conjunction with the start/user
option (see below), as chrooting a process running as root does not
enhance security on most systems; the way chroot() is defined
allows a process with root privileges to escape a chroot jail.
When using chroot(2), named(8) is unable to disable itself when
receiving rndc(8) stop or halt commands. Instead, you must use the
svcadm(8) disable command.
options/configuration_file
Specifies the configuration file to be used instead of the default,
/etc/named.conf. A directory option might be specified in the con-
figuration file. To ensure that reloading the configuration file
continues to work in such a situation, configuration_file should be
specified as an absolute pathname. This pathname should not include
the chroot_dir pathname. This property is the equivalent of the -c
config-file option.
options/crypto_engine
Specify an alternative crypto hardware (OpenSSL engine) for the
crypto operations. Equivalent command line option -E engine-name.
options/debug_level
Specifies the default debug level. The default is 0, which means no
debugging. The higher the number the more verbose debug information
becomes. Equivalent of the command line option -d debug_level.
options/ip_interfaces
Specifies over which IP transport, IPv4 or IPv6, BIND will trans-
mit. Possible values are IPv4 or IPv6. Any other setting assumes
all, the default. This property is the equivalent of command line
option -4 or -6
options/listen_on_port
Specifies the default UDP and TCP port to be used for listening to
DNS requests. This property is the equivalent of the command line
option -p port.
options/listener_threads
Specifies the number of listener worker threads to listen for
incoming UDP packets on each address. If not specified, named will
calculate a default value based on the number of detected CPUs: 1
for 1 CPU, 2 for 2-4 CPUs, and the number of detected CPUs divided
by 2 for values higher than 4. If options/threads has been set to
a higher value than the number of detected CPUs, then lis-
tener_threads may be increased as high as that value, but no
higher. Equivalent command line option -U #listeners'.
options/server
Specifies the server executable to be used instead of the default
server, /usr/sbin/named.
options/threads
Specifies the number of CPU worker threads to create. The default
of 0 causes named to try and determine the number of CPUs present
and create one thread per CPU. Equivalent of command line option -n
#cpus.
In the event of a configuration error originating in one of the above
SMF application options, an error message is logged which provides
information about the error and the parameters that need correcting.
dns-server then exits with exit code SMF_EXIT_ERR_CONFIG. In the event
of an error other than a configuration error, dns-server exits with
exit code SMF_EXIT_ERR_FATAL. Both non-successful exit codes cause the
start method, smf_method(7), to place the service in the maintenance
state, which can be observed with the svcs(1) command svcs -x.
In addition to the properties listed above, the following property can
be used to invoke named as a user other than root:
start/user
Specifies the identity of the user that is invoking named. See
smf_method(7). Note that the user must have solaris.smf.manage.bind
authorization. Without this role the named will be unable to manage
its SMF FMRI and named will automatically be restarted by the SMF
after an rndc(8) stop or halt command. See EXAMPLES for a sequence
of commands that establishes the correct authorization.
EXAMPLES
Example 1 Configuring named to Transmit Only over IPv4 Networks
The following command sequence configures named such that it will
transmit only over IPv4 networks.
# svccfg -s svc:network/dns/server:default setprop \
> options/ip_interfaces=IPv4
# svcadm refresh svc:network/dns/server:default
#
Example 2 Listing Current Configuration File and Setting an Alternative
File
The following sequence of commands lists the current named configura-
tion file and sets an alternative file.
# svcprop -p options/configuration_file dns/server:default
/etc/named.conf
# svccfg -s dns/server:default setprop \
> options/configuration_file=/var/named/named.conf
# svcadm refresh dns/server:default
# svcprop -p options/configuration_file dns/server:default
/var/named/named.conf
Example 3 Establishing Appropriate Authorization for named
To have named start with the solaris.smf.manage.bind authorization,
perform the steps shown below.
Add the user dnsadmin to the solaris.smf.manage.bind role:
# usermod -A solaris.smf.manage.bind dnsadmin
Observe effect of command:
# tail -1 /etc/user_attr
dnsadmin::::type=normal;auths=solaris.smf.manage.bind
Modify the service properties:
# svccfg
svc:> select svc:/network/dns/server:default
svc:/network/dns/server:default> setprop start/user = dnsadmin
svc:/network/dns/server:default> setprop start/group = dnsadmin
svc:/network/dns/server:default> exit
# svcadm refresh svc:/network/dns/server:default
# svcadm restart svc:/network/dns/server:default
Because only root has write access to create the default process-ID
file, /var/run/named/named.pid, named must be configured to use an
alternative path for the user dnsadmin. Here is an example of how to
accomplish this:
# mkdir /var/named/tmp
# chown dnsadmin /var/named/tmp
Shown below is what you must add to named.conf to make use of the
directory created above.
# head /etc/named.conf
options {
directory "/var/named";
pid-file "/var/named/tmp/named.pid";
};
FILES
/etc/named.conf
default configuration file
/etc/rndc.conf
Configuration file for rndc(8)
/etc/rndc.key
default key file used by rndc(8)
/var/run/named/named.pid
default process-ID file
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |service/network/dns/bind |
+-----------------------------+-----------------------------+
|Interface Stability |Volatile |
+-----------------------------+-----------------------------+
SEE ALSO
svcs(1), named(8), named-checkconf(8), named-checkzone(8), rndc(8),
rndc-confgen(8), svcadm(8), svccfg(8), svcprop(1), chroot(2),
setuid(2), bind(3c), attributes(7), smf(7), smf_method(7)
See the BIND 9 Administrator's Reference Manual. Available online or
optionally within package installation at
file:///usr/share/doc/bind/html/Bv9ARM.html and
file:///usr/share/doc/bind/Bv9ARM.pdf.
Note: some compile-time features documented in the ARM are not avail-
able; to see a list of enabled features run '/usr/sbin/named -V'.
Solaris 11.4 6 Feb 2019 dns-server(8s)