CREDNS(8) CREDNS 0.2.10 CREDNS(8)NAMEcredns - version 0.2.10.
SYNOPSIScredns [-4] [-6] [-a ip-address[@port]] [-c configfile] [-d] [-f data‐
base] [-h] [-i identity] [-I nsid] [-l logfile] [-N server-count] [-n
noncurrent-tcp-count] [-P pidfile] [-p port] [-s seconds] [-t chroot‐
dir] [-u username] [-V level] [-v]
DESCRIPTION
Credns is a software program aimed at fortifying DNSSEC by performing
validation in the DNS notify/transfer-chain. Currently credns is a
fork of NSD(8) that has been extended with the possibility to asses
zones - received or updated by AXFR or IXFR - by running an external
verifier and only serve those zones when they are deemed correct by the
verifier associated with that zone. The options for setting a verifier
for a zone and all related options can be given in the credns.conf(5)
configuration file.
OPTIONS
All the options can be specified in the configfile ( -c argument),
except for the -v and -h options. If options are specified on the com‐
mandline, the options on the commandline take precedence over the
options in the configfile.
Normally credns should be started with the `crednsc(8) start` command
invoked from a /etc/rc.d/credns.sh script or similar at the operating
system startup.
-4 Only listen to IPv4 connections.
-6 Only listen to IPv6 connections.
-a ip-address[@port]
Listen to the specified ip-address. The ip-address must be
specified in numeric format (using the standard IPv4 or IPv6
notation). Optionally, a port number can be given. This flag
can be specified multiple times to listen to multiple IP
addresses. If this flag is not specified, credns listens to the
wildcard interface.
-c configfile
Read specified configfile instead of the default
/usr/local/etc/credns/credns.conf. For format description see
credns.conf(5).
-d Turn on debugging mode, do not fork, stay in the foreground.
-f database
Use the specified database instead of the default of
/var/db/nsd/nsd.db. If a zonesdir: is specified in the config
file this path can be relative to that directory.
-h Print help information and exit.
-i identity
Return the specified identity when asked for CH TXT ID.SERVER
(This option is used to determine which server is answering the
queries when they are multicast). The default is the name
returned by gethostname(3).
-I nsid
Add the specified nsid to the EDNS section of the answer when
queried with an NSID EDNS enabled packet.
-l logfile
Log messages to the specified logfile. The default is to log to
stderr and syslog. If a zonesdir: is specified in the config
file this path can be relative to that directory.
-N count
Start count credns servers. The default is 1. Starting more than
a single server is only useful on machines with multiple CPUs
and/or network adapters.
-n number
The maximum number of concurrent TCP connection that can be han‐
dled by each server. The default is 10.
-P pidfile
Use the specified pidfile instead of the platform specific
default, which is mostly /var/run/nsd/nsd.pid. If a zonesdir:
is specified in the config file, this path can be relative to
that directory.
-p port
Answer the queries on the specified port. Normally this is port
53.
-s seconds
Produce statistics dump every seconds seconds. This is equal to
sending SIGUSR1 to the daemon periodically.
-t chroot
Specifies a directory to chroot to upon startup. This option
requires you to ensure that appropriate syslogd(8) socket (e.g.
chrootdir /dev/log) is available, otherwise credns won't produce
any log output.
-u username
Drop user and group privileges to those of username after bind‐
ing the socket. The username must be one of: username, id, or
id.gid. For example: credns, 80, or 80.80.
-V level
This value specifies the verbosity level for (non-debug) log‐
ging. Default is 0.
-v Print the version number of credns to standard error and exit.
Credns reacts to the following signals:
SIGTERM
Stop answering queries, shutdown, and exit normally.
SIGHUP Reload the database.
SIGUSR1
Dump BIND8-style statistics into the log. Ignored otherwise.
FILES
/var/db/nsd/nsd.db
default credns database
/var/run/nsd/nsd.pid
the process id of the name server.
/usr/local/etc/credns/credns.conf
default credns configuration file
DIAGNOSTICS
will log all the problems via the standard syslog(8) daemon facility,
unless the -d option is specified.
SEE ALSOcrednsc(8), credns.conf(5), credns-checkconf(8), credns-notify(8),
credns-patch(8), credns-xfer(8)AUTHORS
Credns was written by NLnet Labs.
NSD was written by NLnet Labs and RIPE NCC joint team. Please see CRED‐
ITS file in the distribution for further details.
BUGS
Credns is a fork of NSD(8) and inherits all its bugs.
WARNING
Because of credns is implemented as a fork of NSD(8), it currently
functions as a complete authoritative DNS namservers. However, this
functionality is not strictly necessary of credns type operation and
might disappear in future releases. Credns has a different orientation
as NSD and might develop into an entirely different direction.
NLnet Labs jun 22, 2012 CREDNS(8)
