NSD(8) NSD 4.12.0 NSD(8)
NAME
nsd - Name Server Daemon (NSD) version 4.12.0.
SYNOPSIS
nsd [-4] [-6] [-a ip-address[@port]] [-c configfile] [-d] [-h] [-i
identity] [-I nsid] [-l logfile] [-N server-count] [-n noncur-
rent-tcp-count] [-P pidfile] [-p port] [-s seconds] [-t chrootdir] [-u
username] [-V level] [-v]
DESCRIPTION
NSD is a complete implementation of an authoritative DNS nameserver.
Upon startup, NSD will read the configuration file and put itself into
the background and answers queries on port 53 or a different port spec-
ified with -p port option. By default, NSD will bind to all local in-
terfaces available. Use the -a ip-address[@port] option to specify a
single particular interface address to be bound. If this option is
given more than once, NSD will bind its UDP and TCP sockets to all the
specified ip-addresses separately. If IPv6 is enabled when NSD is com-
piled an IPv6 address can also be specified.
OPTIONS
All the options can be specified in the configfile ( -c argument), ex-
cept for the -v and -h options. If options are specified on the comman-
dline, the options on the commandline take precedence over the options
in the configfile.
Normally NSD should be started with the `nsd-control(8) start` command
invoked from a /etc/rc.d/nsd.sh script or similar at the operating sys-
tem startup.
-4 Only listen to IPv4 connections.
-6 Only listen to IPv6 connections.
-a ip-address[@port]
Listen to the specified ip-address. The ip-address must be
specified in numeric format (using the standard IPv4 or IPv6 no-
tation). Optionally, a port number can be given. This flag can
be specified multiple times to listen to multiple IP addresses.
If this flag is not specified, NSD listens to the wildcard in-
terface.
-c configfile
Read specified configfile instead of the default
/etc/nsd/nsd.conf. For format description see nsd.conf(5).
-d Do not fork, stay in the foreground.
-h Print help information and exit.
-i identity
Return the specified identity when asked for CH TXT ID.SERVER
(This option is used to determine which server is answering the
queries when they are anycast). The default is the name returned
by gethostname(3).
-I nsid
Add the specified nsid to the EDNS section of the answer when
queried with an NSID EDNS enabled packet. As a sequence of hex
characters or with ascii_ prefix and then an ascii string.
-l logfile
Log messages to the specified logfile. The default is to log to
stderr and syslog. If a zonesdir: is specified in the config
file this path can be relative to that directory.
-N count
Start count NSD servers. The default is 1. Starting more than a
single server is only useful on machines with multiple CPUs
and/or network adapters.
-n number
The maximum number of concurrent TCP connection that can be han-
dled by each server. The default is 100.
-P pidfile
Use the specified pidfile instead of the platform specific de-
fault, which is mostly /var/run/nsd.pid. If a zonesdir: is
specified in the config file, this path can be relative to that
directory.
-p port
Answer the queries on the specified port. Normally this is port
53.
-s seconds
Produce statistics dump every seconds seconds. This is equal to
sending SIGUSR1 to the daemon periodically.
-t chroot
Specifies a directory to chroot to upon startup. This option re-
quires you to ensure that appropriate syslogd(8) socket (e.g.
chrootdir /dev/log) is available, otherwise NSD won't produce
any log output.
-u username
Drop user and group privileges to those of username after bind-
ing the socket. The username must be one of: username, id, or
id.gid. For example: nsd, 80, or 80.80.
-V level
This value specifies the verbosity level for (non-debug) log-
ging. Default is 0.
-v Print the version number of NSD to standard error and exit.
NSD reacts to the following signals:
SIGTERM
Stop answering queries, shutdown, and exit normally.
SIGHUP
Reopen logfile (assists rotation) and optionally update TSIG
keys and zones.
SIGUSR1
Dump BIND8-style statistics into the log. Ignored otherwise.
FILES
/var/run/nsd.pid
the process id of the name server.
/etc/nsd/nsd.conf
default NSD configuration file
DIAGNOSTICS
NSD will log all the problems via the standard syslog(8) daemon facil-
ity, unless the -d option is specified.
SEE ALSO
nsd.conf(5), nsd-checkconf(8), nsd-control(8)
AUTHORS
NSD was written by NLnet Labs and RIPE NCC joint team. Please see CRED-
ITS file in the distribution for further details.
NLnet Labs Apr 24, 2025 NSD(8)
