| .\" Copyright (c) 1997 Martin Schulze (joey@infodrom.north.de) |
| .\" |
| .\" This is free documentation; you can redistribute it and/or |
| .\" modify it under the terms of the GNU General Public License as |
| .\" published by the Free Software Foundation; either version 2 of |
| .\" the License, or (at your option) any later version. |
| .\" |
| .\" The GNU General Public License's references to "object code" |
| .\" and "executables" are to be interpreted as the output of any |
| .\" document formatting or typesetting system, including |
| .\" intermediate and printed output. |
| .\" |
| .\" This manual is distributed in the hope that it will be useful, |
| .\" but WITHOUT ANY WARRANTY; without even the implied warranty of |
| .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| .\" GNU General Public License for more details. |
| .\" |
| .\" You should have received a copy of the GNU General Public |
| .\" License along with this manual; if not, write to the Free |
| .\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, |
| .\" USA. |
| .\" |
| .\" Much of the text is copied from the manpage of resolv+(8). |
| .\" |
| .\" 2003-08-23 Martin Schulze <joey@infodrom.org> Updated according to glibc 2.3.2 |
| .TH HOST.CONF 5 2003-08-23 "Debian GNU/Linux" "Linux System Administration" |
| .SH NAME |
| host.conf \- resolver configuration file |
| .SH DESCRIPTION |
| The file |
| .I /etc/host.conf |
| contains configuration information specific to the resolver library. |
| It should contain one configuration keyword per line, followed by |
| appropriate configuration information. The keywords recognized are |
| .IR order ", " trim ", " multi ", " nospoof ", " spoof ", and " reorder . |
| These keywords are described below. |
| |
| .TP |
| .I order |
| This keyword specifies how host lookups are to be performed. It |
| should be followed by one or more lookup methods, separated by commas. |
| Valid methods are |
| .IR bind ", " hosts ", and " nis . |
| .TP |
| .I trim |
| This keyword may be listed more than once. Each time it should be |
| followed by a list of domains, separated by colons (`:'), semicolons |
| (`;') or commas (`,'), with the leading dot. When set, the |
| resolv+ library will automatically trim the given domain name from the |
| end of any hostname resolved via DNS. This is intended for use with |
| local hosts and domains. (Related note: trim will not affect hostnames |
| gathered via NIS or the hosts file. Care should be taken to |
| ensure that the first hostname for each entry in the hosts file is |
| fully qualified or non-qualified, as appropriate for the local |
| installation.) |
| .TP |
| .I multi |
| Valid values are |
| .IR on " and " off . |
| If set to |
| .IR on , |
| the resolv+ library will return all valid addresses for a host that |
| appears in the |
| .I /etc/hosts |
| file, |
| instead of only the first. This is |
| .I off |
| by default, as it may cause a substantial performance loss at sites |
| with large hosts files. |
| .TP |
| .I nospoof |
| Valid values are |
| .IR on " and " off . |
| If set to |
| .IR on , |
| the resolv+ library will attempt to prevent hostname spoofing to |
| enhance the security of |
| .BR rlogin " and " rsh . |
| It works as follows: after performing a host address lookup, resolv+ |
| will perform a hostname lookup for that address. If the two hostnames |
| do not match, the query will fail. |
| The default value is |
| .IR off . |
| .TP |
| .I spoofalert |
| Valid values are |
| .IR on " and " off . |
| If this option is set to |
| .I on |
| and the |
| .I nospoof |
| option is also set, resolv+ will log a warning of the error via the |
| syslog facility. The default value is |
| .IR off . |
| .TP |
| .I spoof |
| Valid values are |
| .IR off ", " nowarn " and " warn . |
| If this option is set to |
| .IR off , |
| spoofed addresses are permitted and no warnings will be emitted |
| via the syslog facility. |
| If this option is set to |
| .IR warn , |
| resolv+ will attempt to prevent hostname spoofing to |
| enhance the security and log a warning of the error via the syslog |
| facility. |
| If this option is set to |
| .IR nowarn , |
| the resolv+ library will attempt to prevent hostname spoofing to |
| enhance the security but not emit warnings via the syslog facility. |
| Setting this option to anything else is equal to setting it to |
| .IR nowarn . |
| .TP |
| .I reorder |
| Valid values are |
| .IR on " and " off . |
| If set to |
| .IR on , |
| resolv+ will attempt to reorder host addresses so that local addresses |
| (i.e., on the same subnet) are listed first when a |
| .BR gethostbyname (3) |
| is performed. Reordering is done for all lookup methods. The default |
| value is |
| .IR off . |
| .SH ENVIRONMENT |
| There are six environment variables that can be used to allow users to |
| override the behavior which is configured in |
| .IR /etc/host.conf . |
| .TP |
| .B RESOLV_HOST_CONF |
| If set this variable points to a file that should be read instead of |
| .IR /etc/host.conf . |
| .TP |
| .B RESOLV_SERV_ORDER |
| Overrides the |
| .I order |
| command. |
| .TP |
| .B RESOLV_SPOOF_CHECK |
| Overrides the |
| .IR nospoof ", " spoofalert " and " spoof |
| commands in the same way as the |
| .I spoof |
| command is parsed. Valid values are |
| .IR off ", " nowarn " and " warn . |
| .TP |
| .B RESOLV_MULTI |
| Overrides the |
| .I multi |
| command. |
| .TP |
| .B RESOLV_REORDER |
| Overrides the |
| .I reorder |
| command. |
| .TP |
| .B RESOLV_ADD_TRIM_DOMAINS |
| A list of domains, separated by colons (`:'), semicolons (`;') or |
| commas (`,'), with the leading dot, which will be added to the list of |
| domains that should be trimmed. |
| .TP |
| .B RESOLV_OVERRIDE_TRIM_DOMAINS |
| A list of domains, separated by colons (`:'), semicolons (`;') or |
| commas (`,'), with the leading dot, which will replace the list of |
| domains that should be trimmed. Overrides the |
| .I trim |
| command. |
| .SH FILES |
| .TP |
| .I /etc/host.conf |
| Resolver configuration file |
| .TP |
| .I /etc/resolv.conf |
| Resolver configuration file |
| .TP |
| .I /etc/hosts |
| Local hosts database |
| .SH NOTES |
| The following differences exist compared to the original implementation. |
| A new command |
| .I spoof |
| and a new environment variable |
| .B RESOLV_SPOOF_CHECK |
| can take arguments like |
| .IR off ", " nowarn " and " warn . |
| Line comments can appear anywhere and not only at the beginning of a line. |
| .SH "SEE ALSO" |
| .BR gethostbyname (3), |
| .BR hostname (7), |
| .BR named (8), |
| .BR resolv+ (8) |