Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
NSD(8)				   NSD 4.3.7				NSD(8)

       nsd - Name Server Daemon	(NSD) version 4.3.7.

       nsd [-4]	[-6] [-a ip-address[@port]] [-c	configfile] [-d] [-f database]
       [-h] [-i	identity] [-I nsid] [-l	logfile] [-N server-count] [-n noncur-
       rent-tcp-count]	[-P pidfile] [-p port] [-s seconds] [-t	chrootdir] [-u
       username] [-V level] [-v]

       NSD is a	complete implementation	of an  authoritative  DNS  nameserver.
       Upon startup, NSD will read the database	specified with -f database ar-
       gument and put itself into background and answers queries on port 53 or
       a different port	specified with -p port option. The database is created
       if it does not exist. By	default, NSD will bind to all local interfaces
       available. Use the -a ip-address[@port] option to specify a single par-
       ticular interface address to be bound. If this  option  is  given  more
       than  once,  NSD	will bind its UDP and TCP sockets to all the specified
       ip-addresses separately.	If IPv6	is enabled when	 NSD  is  compiled  an
       IPv6 address can	also be	specified.

       All  the	options	can be specified in the	configfile ( -c	argument), ex-
       cept for	the -v and -h options. If options are specified	on the comman-
       dline,  the options on the commandline take precedence over the options
       in the configfile.

       Normally	NSD should be started with the `nsd-control(8) start`  command
       invoked from a /etc/rc.d/ script or similar at the	operating sys-
       tem startup.

       -4     Only listen to IPv4 connections.

       -6     Only listen to IPv6 connections.

       -a ip-address[@port]
	      Listen to	the specified  ip-address.   The  ip-address  must  be
	      specified	in numeric format (using the standard IPv4 or IPv6 no-
	      tation). Optionally, a port number can be	given.	This flag  can
	      be  specified multiple times to listen to	multiple IP addresses.
	      If this flag is not specified, NSD listens to the	 wildcard  in-

       -c configfile
	      Read  specified  configfile  instead  of	the  default  /usr/lo-
	      cal/etc/nsd/nsd.conf.  For format	description see	nsd.conf(5).

       -d     Do not fork, stay	in the foreground.

       -f database
	      Use  the	specified  database  instead   of   the	  default   of
	      '/var/db/nsd/nsd.db'.  If	a zonesdir: is specified in the	config
	      file this	path can be relative to	that directory.

       -h     Print help information and exit.

       -i identity
	      Return the specified identity when asked for  CH	TXT  ID.SERVER
	      (This  option is used to determine which server is answering the
	      queries when they	are anycast). The default is the name returned
	      by gethostname(3).

       -I nsid
	      Add  the	specified  nsid	to the EDNS section of the answer when
	      queried with an NSID EDNS	enabled	packet.	 As a sequence of  hex
	      characters or with ascii_	prefix and then	an ascii string.

       -l logfile
	      Log messages to the specified logfile.  The default is to	log to
	      stderr and syslog. If a zonesdir:	is  specified  in  the	config
	      file this	path can be relative to	that directory.

       -N count
	      Start  count NSD servers.	The default is 1. Starting more	than a
	      single server is only useful  on	machines  with	multiple  CPUs
	      and/or network adapters.

       -n number
	      The maximum number of concurrent TCP connection that can be han-
	      dled by each server. The default is 100.

       -P pidfile
	      Use the specified	pidfile	instead	of the platform	 specific  de-
	      fault,  which is mostly /var/run/nsd/  If	a zonesdir: is
	      specified	in the config file, this path can be relative to  that

       -p port
	      Answer the queries on the	specified port.	 Normally this is port

       -s seconds
	      Produce statistics dump every seconds seconds. This is equal  to
	      sending SIGUSR1 to the daemon periodically.

       -t chroot
	      Specifies	a directory to chroot to upon startup. This option re-
	      quires you to ensure that	appropriate  syslogd(8)	 socket	 (e.g.
	      chrootdir	 /dev/log)  is	available, otherwise NSD won't produce
	      any log output.

       -u username
	      Drop user	and group privileges to	those of username after	 bind-
	      ing  the	socket.	 The username must be one of: username,	id, or
	      id.gid. For example: nsd,	80, or 80.80.

       -V level
	      This value specifies the verbosity level	for  (non-debug)  log-
	      ging.  Default is	0.

       -v     Print the	version	number of NSD to standard error	and exit.

       NSD reacts to the following signals:

	      Stop answering queries, shutdown,	and exit normally.

       SIGHUP Reload.	Scans zone files and if	changed	(mtime)	reads them in.
	      Also reopens the logfile (assists	logrotation).

	      Dump BIND8-style statistics into the log.	Ignored	otherwise.

	      default NSD database

	      the process id of	the name server.

	      default NSD configuration	file

       NSD will	log all	the problems via the standard syslog(8)	daemon	facil-
       ity, unless the -d option is specified.

       nsd.conf(5), nsd-checkconf(8), nsd-control(8)

       NSD was written by NLnet	Labs and RIPE NCC joint	team. Please see CRED-
       ITS file	in the distribution for	further	details.

NLnet Labs			 Jul 22, 2021				NSD(8)


Want to link to this manual page? Use this URL:

home | help