Open System Services Shell and Utilities Reference Manual (G06.27+, H06.04+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

791

792

793

794

795

796

797

798

799

800

Administrator Commands and Files dnssec_lwresd(8)

NAME

lwresd - Starts the secure BIND 9 lightweight resolver demon

SYNOPSIS

/etc/dns_secure/lwresd

[ -C conﬁg_ﬁle ]

[ -d debug_level ]

[ -f ]

[ -g ]

[ -n ncpus ]

[ -P port1 ]

[ -p port2 ]

[ -s ]

[ -t directory ]

[ -T tcpip_process_name ]

[ -u user ]

[ -v ]

FLAGS

-C config_file Use conﬁg_ﬁle as the resolver conﬁguration ﬁle instead of the default,

/etc/resolv.conf. To ensure that reloading the conﬁguration ﬁle continues to

work after the server has changed its working directory because of a possible

directory option in the conﬁguration ﬁle, conﬁg_ﬁle should be an absolute path-

name.

-d debug_level Set the server’s debug level to debug_level. Debugging traces from lwresd

become more verbose as the debug level increases.

-f Run the server in the foreground (that is, do not run as a demon).

-g Run the server in the foreground and force all logging to stderr.

-n ncpus Create ncpus worker threads to take advantage of multiple processors. If not

speciﬁed, lwresd tries to determine the number of processors present and create

one thread per processor. If it is unable to determine the number of processors, a

single worker thread is created.

-P port1 Listen for lightweight resolver queries on port port1. If this ﬂag is not speciﬁed,

the default is port 921.

-p port2 Send DNS lookups to port port2. If this ﬂag is not speciﬁed, the default is port

53.

This ﬂag provides a way of testing the lightweight resolver server with a name

server that listens for queries on a nonstandard port number.

-s Write memory usage statistics to stdout on exit.

This option is mainly of interest to BIND 9 developers and might be removed or

changed in a future release.

-t directory Make the speciﬁed directory the current directory after processing the command

line arguments, but before reading the conﬁguration ﬁle.

Caution: This option should be used in conjunction with the -u option, because

changing the root directory for a process running as the super ID does not

enhance security on most systems; the way chroot() is deﬁned allows a process

with root user privileges to escape a chroot jail.

527188-004 Hewlett-Packard Company 12−19