Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
CREDNS(8)			 CREDNS	0.2.10			     CREDNS(8)

       credns -	version	0.2.10.

       credns  [-4] [-6] [-a ip-address[@port]]	[-c configfile]	[-d] [-f data-
       base] [-h] [-i identity]	[-I nsid] [-l logfile] [-N  server-count]  [-n
       noncurrent-tcp-count]  [-P  pidfile] [-p	port] [-s seconds] [-t chroot-
       dir] [-u	username] [-V level] [-v]

       Credns is a software program aimed at fortifying	DNSSEC	by  performing
       validation  in  the  DNS	 notify/transfer-chain.	 Currently credns is a
       fork of NSD(8) that has been extended with  the	possibility  to	 asses
       zones  -	 received  or updated by AXFR or IXFR -	by running an external
       verifier	and only serve those zones when	they are deemed	correct	by the
       verifier	associated with	that zone.  The	options	for setting a verifier
       for a zone and all related options can be given in  the	credns.conf(5)
       configuration file.

       All  the	options	can be specified in the	configfile ( -c	argument), ex-
       cept for	the -v and -h options. If options are specified	on the comman-
       dline,  the options on the commandline take precedence over the options
       in the configfile.

       Normally	credns should be started with the `crednsc(8)  start`  command
       invoked	from  a	/etc/rc.d/ script or similar at the operating
       system startup.

       -4     Only listen to IPv4 connections.

       -6     Only listen to IPv6 connections.

       -a ip-address[@port]
	      Listen to	the specified  ip-address.   The  ip-address  must  be
	      specified	in numeric format (using the standard IPv4 or IPv6 no-
	      tation). Optionally, a port number can be	given.	This flag  can
	      be  specified multiple times to listen to	multiple IP addresses.
	      If this flag is not specified, credns listens  to	 the  wildcard

       -c configfile
	      Read  specified  configfile  instead  of	the  default  /usr/lo-
	      cal/etc/credns/credns.conf.    For   format   description	   see

       -d     Turn on debugging	mode, do not fork, stay	in the foreground.

       -f database
	      Use   the	  specified   database	 instead  of  the  default  of
	      /var/db/nsd/nsd.db.  If a	zonesdir: is specified in  the	config
	      file this	path can be relative to	that directory.

       -h     Print help information and exit.

       -i identity
	      Return  the  specified  identity when asked for CH TXT ID.SERVER
	      (This option is used to determine	which server is	answering  the
	      queries  when  they  are multicast). The default is the name re-
	      turned by	gethostname(3).

       -I nsid
	      Add the specified	nsid to	the EDNS section of  the  answer  when
	      queried with an NSID EDNS	enabled	packet.

       -l logfile
	      Log messages to the specified logfile.  The default is to	log to
	      stderr and syslog. If a zonesdir:	is  specified  in  the	config
	      file this	path can be relative to	that directory.

       -N count
	      Start count credns servers. The default is 1. Starting more than
	      a	single server is only useful on	machines  with	multiple  CPUs
	      and/or network adapters.

       -n number
	      The maximum number of concurrent TCP connection that can be han-
	      dled by each server. The default is 10.

       -P pidfile
	      Use the specified	pidfile	instead	of the platform	 specific  de-
	      fault,  which is mostly /var/run/nsd/  If	a zonesdir: is
	      specified	in the config file, this path can be relative to  that

       -p port
	      Answer the queries on the	specified port.	 Normally this is port

       -s seconds
	      Produce statistics dump every seconds seconds. This is equal  to
	      sending SIGUSR1 to the daemon periodically.

       -t chroot
	      Specifies	a directory to chroot to upon startup. This option re-
	      quires you to ensure that	appropriate  syslogd(8)	 socket	 (e.g.
	      chrootdir	/dev/log) is available,	otherwise credns won't produce
	      any log output.

       -u username
	      Drop user	and group privileges to	those of username after	 bind-
	      ing  the	socket.	 The username must be one of: username,	id, or
	      id.gid. For example: credns, 80, or 80.80.

       -V level
	      This value specifies the verbosity level	for  (non-debug)  log-
	      ging.  Default is	0.

       -v     Print the	version	number of credns to standard error and exit.

       Credns reacts to	the following signals:

	      Stop answering queries, shutdown,	and exit normally.

       SIGHUP Reload the database.

	      Dump BIND8-style statistics into the log.	Ignored	otherwise.

	      default credns database

	      the process id of	the name server.

	      default credns configuration file

       will  log  all the problems via the standard syslog(8) daemon facility,
       unless the -d option is specified.

       crednsc(8),  credns.conf(5),   credns-checkconf(8),   credns-notify(8),
       credns-patch(8),	credns-xfer(8)

       Credns was written by NLnet Labs.

       NSD was written by NLnet	Labs and RIPE NCC joint	team. Please see CRED-
       ITS file	in the distribution for	further	details.

       Credns is a fork	of NSD(8) and inherits all its bugs.

       Because of credns is implemented	as a  fork  of	NSD(8),	 it  currently
       functions  as  a	 complete authoritative	DNS namservers.	 However, this
       functionality is	not strictly necessary of credns  type	operation  and
       might  disappear	in future releases. Credns has a different orientation
       as NSD and might	develop	into an	entirely different direction.

NLnet Labs			 jun 22, 2012			     CREDNS(8)


Want to link to this manual page? Use this URL:

home | help