Lines 1-50
Link Here
|
1 |
# MySQL |
|
|
2 |
#launch=gmysql |
3 |
#gmysql-host=127.0.0.1 |
4 |
#gmysql-dbname=pdns |
5 |
#gmysql-user=pdns |
6 |
#gmysql-password=pdns |
7 |
|
8 |
# PostgreSQL |
9 |
#launch=gpgsql |
10 |
#gpgsql-host=127.0.0.1 |
11 |
#gpgsql-dbname=pdns |
12 |
#gpgsql-user=pdns |
13 |
#gpgsql-password=pdns |
14 |
|
15 |
# SQLite 2 |
16 |
#launch=gsqlite |
17 |
#gsqlite-database=<path to your SQLite database> |
18 |
|
19 |
# SQLite 3 |
20 |
#launch=gsqlite3 |
21 |
#gsqlite3-database=<path to your SQLite database> |
22 |
|
23 |
# LDAP (check http://www.linuxnetworks.de for more information) |
24 |
#launch=ldap |
25 |
#ldap-host (default "127.0.0.1:389") |
26 |
#ldap-starttls (default "no") |
27 |
#ldap-basedn (default "") |
28 |
#ldap-binddn (default "") |
29 |
#ldap-secret (default "") |
30 |
#ldap-method (default "simple") |
31 |
#ldap-filter-axfr (default "(:target:)" ) |
32 |
#ldap-filter-lookup (default "(:target:)" ) |
33 |
|
34 |
# OpenDBX (check http://www.linuxnetworks.de for more information) |
35 |
#launch=opendbx |
36 |
#opendbx-backend (default "mysql") |
37 |
#opendbx-host-read (default "127.0.0.1") |
38 |
#opendbx-host-write (default "127.0.0.1") |
39 |
#opendbx-database (default "powerdns") |
40 |
#opendbx-username (default "powerdns") |
41 |
#opendbx-password (default "") |
42 |
|
43 |
# Autogenerated configuration file template |
1 |
# Autogenerated configuration file template |
44 |
################################# |
2 |
################################# |
45 |
# allow-axfr-ips Allow zonetransfers only to these subnets |
3 |
# allow-axfr-ips Allow zonetransfers only to these subnets |
46 |
# |
4 |
# |
47 |
# allow-axfr-ips=0.0.0.0/0,::/0 |
5 |
# allow-axfr-ips=127.0.0.0/8,::1 |
|
|
6 |
|
7 |
################################# |
8 |
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges. |
9 |
# |
10 |
# allow-dnsupdate-from=127.0.0.0/8,::1 |
48 |
|
11 |
|
49 |
################################# |
12 |
################################# |
50 |
# allow-recursion List of subnets that are allowed to recurse |
13 |
# allow-recursion List of subnets that are allowed to recurse |
Lines 52-60
Link Here
|
52 |
# allow-recursion=0.0.0.0/0 |
15 |
# allow-recursion=0.0.0.0/0 |
53 |
|
16 |
|
54 |
################################# |
17 |
################################# |
55 |
# allow-recursion-override Set this so that local data fully overrides the recursor |
18 |
# also-notify When notifying a domain, also notify these nameservers |
56 |
# |
19 |
# |
57 |
# allow-recursion-override=no |
20 |
# also-notify= |
|
|
21 |
|
22 |
################################# |
23 |
# any-to-tcp Answer ANY queries with tc=1, shunting to TCP |
24 |
# |
25 |
# any-to-tcp=no |
58 |
|
26 |
|
59 |
################################# |
27 |
################################# |
60 |
# cache-ttl Seconds to store packets in the PacketCache |
28 |
# cache-ttl Seconds to store packets in the PacketCache |
Lines 62-67
Link Here
|
62 |
# cache-ttl=20 |
30 |
# cache-ttl=20 |
63 |
|
31 |
|
64 |
################################# |
32 |
################################# |
|
|
33 |
# carbon-interval Number of seconds between carbon (graphite) updates |
34 |
# |
35 |
# carbon-interval=30 |
36 |
|
37 |
################################# |
38 |
# carbon-ourname If set, overrides our reported hostname for carbon stats |
39 |
# |
40 |
# carbon-ourname= |
41 |
|
42 |
################################# |
43 |
# carbon-server If set, send metrics in carbon (graphite) format to this server |
44 |
# |
45 |
# carbon-server= |
46 |
|
47 |
################################# |
65 |
# chroot If set, chroot to this directory for more security |
48 |
# chroot If set, chroot to this directory for more security |
66 |
# |
49 |
# |
67 |
# chroot= |
50 |
# chroot= |
Lines 69-75
Link Here
|
69 |
################################# |
52 |
################################# |
70 |
# config-dir Location of configuration directory (pdns.conf) |
53 |
# config-dir Location of configuration directory (pdns.conf) |
71 |
# |
54 |
# |
72 |
# config-dir=/usr/local/etc/pdns |
55 |
# config-dir=/usr/local/etc |
73 |
|
56 |
|
74 |
################################# |
57 |
################################# |
75 |
# config-name Name of this virtual configuration - will rename the binary image |
58 |
# config-name Name of this virtual configuration - will rename the binary image |
Lines 87-92
Link Here
|
87 |
# daemon=no |
70 |
# daemon=no |
88 |
|
71 |
|
89 |
################################# |
72 |
################################# |
|
|
73 |
# default-ksk-algorithms Default KSK algorithms |
74 |
# |
75 |
# default-ksk-algorithms=rsasha256 |
76 |
|
77 |
################################# |
78 |
# default-ksk-size Default KSK size (0 means default) |
79 |
# |
80 |
# default-ksk-size=0 |
81 |
|
82 |
################################# |
83 |
# default-soa-mail mail address to insert in the SOA record if none set in the backend |
84 |
# |
85 |
# default-soa-mail= |
86 |
|
87 |
################################# |
90 |
# default-soa-name name to insert in the SOA record if none set in the backend |
88 |
# default-soa-name name to insert in the SOA record if none set in the backend |
91 |
# |
89 |
# |
92 |
# default-soa-name=a.misconfigured.powerdns.server |
90 |
# default-soa-name=a.misconfigured.powerdns.server |
Lines 97-107
Link Here
|
97 |
# default-ttl=3600 |
95 |
# default-ttl=3600 |
98 |
|
96 |
|
99 |
################################# |
97 |
################################# |
|
|
98 |
# default-zsk-algorithms Default ZSK algorithms |
99 |
# |
100 |
# default-zsk-algorithms=rsasha256 |
101 |
|
102 |
################################# |
103 |
# default-zsk-size Default ZSK size (0 means default) |
104 |
# |
105 |
# default-zsk-size=0 |
106 |
|
107 |
################################# |
108 |
# direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis |
109 |
# |
110 |
# direct-dnskey=no |
111 |
|
112 |
################################# |
100 |
# disable-axfr Disable zonetransfers but do allow TCP queries |
113 |
# disable-axfr Disable zonetransfers but do allow TCP queries |
101 |
# |
114 |
# |
102 |
# disable-axfr=no |
115 |
# disable-axfr=no |
103 |
|
116 |
|
104 |
################################# |
117 |
################################# |
|
|
118 |
# disable-axfr-rectify Disable the rectify step during an outgoing AXFR. Only required for regression testing. |
119 |
# |
120 |
# disable-axfr-rectify=no |
121 |
|
122 |
################################# |
105 |
# disable-tcp Do not listen to TCP queries |
123 |
# disable-tcp Do not listen to TCP queries |
106 |
# |
124 |
# |
107 |
# disable-tcp=no |
125 |
# disable-tcp=no |
Lines 114-125
Link Here
|
114 |
################################# |
132 |
################################# |
115 |
# do-ipv6-additional-processing Do AAAA additional processing |
133 |
# do-ipv6-additional-processing Do AAAA additional processing |
116 |
# |
134 |
# |
117 |
# do-ipv6-additional-processing=no |
135 |
# do-ipv6-additional-processing=yes |
118 |
|
|
|
119 |
################################# |
120 |
# edns-subnet-option-number EDNS option number to use |
121 |
# |
122 |
# edns-subnet-option-number=20730 |
123 |
|
136 |
|
124 |
################################# |
137 |
################################# |
125 |
# edns-subnet-processing If we should act on EDNS Subnet options |
138 |
# edns-subnet-processing If we should act on EDNS Subnet options |
Lines 132-140
Link Here
|
132 |
# entropy-source=/dev/urandom |
145 |
# entropy-source=/dev/urandom |
133 |
|
146 |
|
134 |
################################# |
147 |
################################# |
135 |
# fancy-records Process URL and MBOXFW records |
148 |
# experimental-api-readonly If the JSON API should disallow data modification |
136 |
# |
149 |
# |
137 |
# fancy-records=no |
150 |
# experimental-api-readonly=no |
|
|
151 |
|
152 |
################################# |
153 |
# experimental-dname-processing If we should support DNAME records |
154 |
# |
155 |
# experimental-dname-processing=no |
156 |
|
157 |
################################# |
158 |
# experimental-dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no. |
159 |
# |
160 |
# experimental-dnsupdate=no |
161 |
|
162 |
################################# |
163 |
# experimental-json-interface If the webserver should serve JSON data |
164 |
# |
165 |
# experimental-json-interface=no |
166 |
|
167 |
################################# |
168 |
# experimental-logfile Filename of the log file for JSON parser |
169 |
# |
170 |
# experimental-logfile=/var/log/pdns.log |
171 |
|
172 |
################################# |
173 |
# forward-dnsupdate A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master. |
174 |
# |
175 |
# forward-dnsupdate=yes |
138 |
|
176 |
|
139 |
################################# |
177 |
################################# |
140 |
# guardian Run within a guardian process |
178 |
# guardian Run within a guardian process |
Lines 142-155
Link Here
|
142 |
# guardian=no |
180 |
# guardian=no |
143 |
|
181 |
|
144 |
################################# |
182 |
################################# |
145 |
# launch Which backends to launch and order to query them in |
183 |
# include-dir Include *.conf files from this directory |
146 |
# |
184 |
# |
147 |
# launch= |
185 |
# include-dir= |
148 |
|
186 |
|
149 |
################################# |
187 |
################################# |
150 |
# lazy-recursion Only recurse if question cannot be answered locally |
188 |
# launch Which backends to launch and order to query them in |
151 |
# |
189 |
# |
152 |
# lazy-recursion=yes |
190 |
# launch= |
153 |
|
191 |
|
154 |
################################# |
192 |
################################# |
155 |
# load-modules Load this module - supply absolute or relative path |
193 |
# load-modules Load this module - supply absolute or relative path |
Lines 162-172
Link Here
|
162 |
# local-address=0.0.0.0 |
200 |
# local-address=0.0.0.0 |
163 |
|
201 |
|
164 |
################################# |
202 |
################################# |
|
|
203 |
# local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server |
204 |
# |
205 |
# local-address-nonexist-fail=yes |
206 |
|
207 |
################################# |
165 |
# local-ipv6 Local IP address to which we bind |
208 |
# local-ipv6 Local IP address to which we bind |
166 |
# |
209 |
# |
167 |
# local-ipv6= |
210 |
# local-ipv6= |
168 |
|
211 |
|
169 |
################################# |
212 |
################################# |
|
|
213 |
# local-ipv6-nonexist-fail Fail to start if one or more of the local-ipv6 addresses do not exist on this server |
214 |
# |
215 |
# local-ipv6-nonexist-fail=yes |
216 |
|
217 |
################################# |
170 |
# local-port The port on which we listen |
218 |
# local-port The port on which we listen |
171 |
# |
219 |
# |
172 |
# local-port=53 |
220 |
# local-port=53 |
Lines 174-180
Link Here
|
174 |
################################# |
222 |
################################# |
175 |
# log-dns-details If PDNS should log DNS non-erroneous details |
223 |
# log-dns-details If PDNS should log DNS non-erroneous details |
176 |
# |
224 |
# |
177 |
# log-dns-details= |
225 |
# log-dns-details=no |
178 |
|
226 |
|
179 |
################################# |
227 |
################################# |
180 |
# log-dns-queries If PDNS should log all incoming DNS queries |
228 |
# log-dns-queries If PDNS should log all incoming DNS queries |
Lines 182-197
Link Here
|
182 |
# log-dns-queries=no |
230 |
# log-dns-queries=no |
183 |
|
231 |
|
184 |
################################# |
232 |
################################# |
185 |
# log-failed-updates If PDNS should log failed update requests |
|
|
186 |
# |
187 |
# log-failed-updates= |
188 |
|
189 |
################################# |
190 |
# logfile Logfile to use (Windows only) |
191 |
# |
192 |
# logfile=pdns.log |
193 |
|
194 |
################################# |
195 |
# logging-facility Log under a specific facility |
233 |
# logging-facility Log under a specific facility |
196 |
# |
234 |
# |
197 |
# logging-facility= |
235 |
# logging-facility= |
Lines 202-207
Link Here
|
202 |
# loglevel=4 |
240 |
# loglevel=4 |
203 |
|
241 |
|
204 |
################################# |
242 |
################################# |
|
|
243 |
# lua-prequery-script Lua script with prequery handler |
244 |
# |
245 |
# lua-prequery-script= |
246 |
|
247 |
################################# |
205 |
# master Act as a master |
248 |
# master Act as a master |
206 |
# |
249 |
# |
207 |
# master=no |
250 |
# master=no |
Lines 212-222
Link Here
|
212 |
# max-cache-entries=1000000 |
255 |
# max-cache-entries=1000000 |
213 |
|
256 |
|
214 |
################################# |
257 |
################################# |
|
|
258 |
# max-ent-entries Maximum number of empty non-terminals in a zone |
259 |
# |
260 |
# max-ent-entries=100000 |
261 |
|
262 |
################################# |
263 |
# max-nsec3-iterations Limit the number of NSEC3 hash iterations |
264 |
# |
265 |
# max-nsec3-iterations=500 |
266 |
|
267 |
################################# |
215 |
# max-queue-length Maximum queuelength before considering situation lost |
268 |
# max-queue-length Maximum queuelength before considering situation lost |
216 |
# |
269 |
# |
217 |
# max-queue-length=5000 |
270 |
# max-queue-length=5000 |
218 |
|
271 |
|
219 |
################################# |
272 |
################################# |
|
|
273 |
# max-signature-cache-entries Maximum number of signatures cache entries |
274 |
# |
275 |
# max-signature-cache-entries= |
276 |
|
277 |
################################# |
220 |
# max-tcp-connections Maximum number of TCP connections |
278 |
# max-tcp-connections Maximum number of TCP connections |
221 |
# |
279 |
# |
222 |
# max-tcp-connections=10 |
280 |
# max-tcp-connections=10 |
Lines 224-233
Link Here
|
224 |
################################# |
282 |
################################# |
225 |
# module-dir Default directory for modules |
283 |
# module-dir Default directory for modules |
226 |
# |
284 |
# |
227 |
# module-dir=/usr/local/lib |
285 |
# module-dir=/usr/local/lib/pdns |
228 |
|
286 |
|
229 |
################################# |
287 |
################################# |
230 |
# negquery-cache-ttl Seconds to store packets in the PacketCache |
288 |
# negquery-cache-ttl Seconds to store negative query results in the QueryCache |
231 |
# |
289 |
# |
232 |
# negquery-cache-ttl=60 |
290 |
# negquery-cache-ttl=60 |
233 |
|
291 |
|
Lines 237-242
Link Here
|
237 |
# no-shuffle=off |
295 |
# no-shuffle=off |
238 |
|
296 |
|
239 |
################################# |
297 |
################################# |
|
|
298 |
# only-notify Only send AXFR NOTIFY to these IP addresses or netmasks |
299 |
# |
300 |
# only-notify=0.0.0.0/0,::/0 |
301 |
|
302 |
################################# |
240 |
# out-of-zone-additional-processing Do out of zone additional processing |
303 |
# out-of-zone-additional-processing Do out of zone additional processing |
241 |
# |
304 |
# |
242 |
# out-of-zone-additional-processing=yes |
305 |
# out-of-zone-additional-processing=yes |
Lines 247-263
Link Here
|
247 |
# overload-queue-length=0 |
310 |
# overload-queue-length=0 |
248 |
|
311 |
|
249 |
################################# |
312 |
################################# |
250 |
# per-zone-axfr-acls When set, backends that implement it perform per-zone AXFL ACL checks |
313 |
# pipebackend-abi-version Version of the pipe backend ABI |
251 |
# |
314 |
# |
252 |
# per-zone-axfr-acls=off |
315 |
# pipebackend-abi-version=1 |
253 |
|
316 |
|
254 |
################################# |
317 |
################################# |
255 |
# pipebackend-abi-version Version of the pipe backend ABI |
318 |
# prevent-self-notification Don't send notifications to what we think is ourself |
256 |
# |
319 |
# |
257 |
# pipebackend-abi-version=1 |
320 |
# prevent-self-notification=yes |
258 |
|
321 |
|
259 |
################################# |
322 |
################################# |
260 |
# query-cache-ttl Seconds to store packets in the PacketCache |
323 |
# query-cache-ttl Seconds to store query results in the QueryCache |
261 |
# |
324 |
# |
262 |
# query-cache-ttl=20 |
325 |
# query-cache-ttl=20 |
263 |
|
326 |
|
Lines 282-293
Link Here
|
282 |
# queue-limit=1500 |
345 |
# queue-limit=1500 |
283 |
|
346 |
|
284 |
################################# |
347 |
################################# |
285 |
# receiver-threads Default number of Distributor (backend) threads to start |
348 |
# receiver-threads Default number of receiver threads to start |
286 |
# |
349 |
# |
287 |
# receiver-threads=1 |
350 |
# receiver-threads=1 |
288 |
|
351 |
|
289 |
################################# |
352 |
################################# |
290 |
# recursive-cache-ttl Seconds to store packets in the PacketCache |
353 |
# recursive-cache-ttl Seconds to store packets for recursive queries in the PacketCache |
291 |
# |
354 |
# |
292 |
# recursive-cache-ttl=10 |
355 |
# recursive-cache-ttl=10 |
293 |
|
356 |
|
Lines 302-313
Link Here
|
302 |
# retrieval-threads=2 |
365 |
# retrieval-threads=2 |
303 |
|
366 |
|
304 |
################################# |
367 |
################################# |
|
|
368 |
# reuseport Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket |
369 |
# |
370 |
# reuseport=no |
371 |
|
372 |
################################# |
305 |
# send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority |
373 |
# send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority |
306 |
# |
374 |
# |
307 |
# send-root-referral=no |
375 |
# send-root-referral=no |
308 |
|
376 |
|
309 |
################################# |
377 |
################################# |
310 |
# server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname |
378 |
# server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom |
311 |
# |
379 |
# |
312 |
# server-id= |
380 |
# server-id= |
313 |
|
381 |
|
Lines 327-337
Link Here
|
327 |
# signing-threads=3 |
395 |
# signing-threads=3 |
328 |
|
396 |
|
329 |
################################# |
397 |
################################# |
330 |
# skip-cname Do not perform CNAME indirection for each query |
|
|
331 |
# |
332 |
# skip-cname=no |
333 |
|
334 |
################################# |
335 |
# slave Act as a slave |
398 |
# slave Act as a slave |
336 |
# |
399 |
# |
337 |
# slave=no |
400 |
# slave=no |
Lines 347-363
Link Here
|
347 |
# slave-renotify=no |
410 |
# slave-renotify=no |
348 |
|
411 |
|
349 |
################################# |
412 |
################################# |
350 |
# smtpredirector Our smtpredir MX host |
|
|
351 |
# |
352 |
# smtpredirector=a.misconfigured.powerdns.smtp.server |
353 |
|
354 |
################################# |
355 |
# soa-expire-default Default SOA expire |
413 |
# soa-expire-default Default SOA expire |
356 |
# |
414 |
# |
357 |
# soa-expire-default=604800 |
415 |
# soa-expire-default=604800 |
358 |
|
416 |
|
359 |
################################# |
417 |
################################# |
360 |
# soa-minimum-ttl Default SOA mininum ttl |
418 |
# soa-minimum-ttl Default SOA minimum ttl |
361 |
# |
419 |
# |
362 |
# soa-minimum-ttl=3600 |
420 |
# soa-minimum-ttl=3600 |
363 |
|
421 |
|
Lines 372-392
Link Here
|
372 |
# soa-retry-default=3600 |
430 |
# soa-retry-default=3600 |
373 |
|
431 |
|
374 |
################################# |
432 |
################################# |
375 |
# soa-serial-offset Make sure that no SOA serial is less than this number |
|
|
376 |
# |
377 |
# soa-serial-offset=0 |
378 |
|
379 |
################################# |
380 |
# socket-dir Where the controlsocket will live |
433 |
# socket-dir Where the controlsocket will live |
381 |
# |
434 |
# |
382 |
# socket-dir=/var/run |
435 |
# socket-dir=/var/run |
383 |
|
436 |
|
384 |
################################# |
437 |
################################# |
385 |
# strict-rfc-axfrs Perform strictly rfc compliant axfrs (very slow) |
|
|
386 |
# |
387 |
# strict-rfc-axfrs=no |
388 |
|
389 |
################################# |
390 |
# tcp-control-address If set, PowerDNS can be controlled over TCP on this address |
438 |
# tcp-control-address If set, PowerDNS can be controlled over TCP on this address |
391 |
# |
439 |
# |
392 |
# tcp-control-address= |
440 |
# tcp-control-address= |
Lines 407-425
Link Here
|
407 |
# tcp-control-secret= |
455 |
# tcp-control-secret= |
408 |
|
456 |
|
409 |
################################# |
457 |
################################# |
410 |
# trusted-notification-proxy IP address of incoming notification proxy |
458 |
# traceback-handler Enable the traceback handler (Linux only) |
411 |
# |
459 |
# |
412 |
# trusted-notification-proxy= |
460 |
# traceback-handler=yes |
413 |
|
461 |
|
414 |
################################# |
462 |
################################# |
415 |
# urlredirector Where we send hosts to that need to be url redirected |
463 |
# trusted-notification-proxy IP address of incoming notification proxy |
416 |
# |
464 |
# |
417 |
# urlredirector=127.0.0.1 |
465 |
# trusted-notification-proxy= |
418 |
|
466 |
|
419 |
################################# |
467 |
################################# |
420 |
# use-logfile Use a log file (Windows only) |
468 |
# udp-truncation-threshold Maximum UDP response size before we truncate |
421 |
# |
469 |
# |
422 |
# use-logfile=no |
470 |
# udp-truncation-threshold=1680 |
423 |
|
471 |
|
424 |
################################# |
472 |
################################# |
425 |
# version-string PowerDNS version in packets - full, anonymous, powerdns or custom |
473 |
# version-string PowerDNS version in packets - full, anonymous, powerdns or custom |
Lines 437-442
Link Here
|
437 |
# webserver-address=127.0.0.1 |
485 |
# webserver-address=127.0.0.1 |
438 |
|
486 |
|
439 |
################################# |
487 |
################################# |
|
|
488 |
# webserver-allow-from Webserver access is only allowed from these subnets |
489 |
# |
490 |
# webserver-allow-from=0.0.0.0/0,::/0 |
491 |
|
492 |
################################# |
440 |
# webserver-password Password required for accessing the webserver |
493 |
# webserver-password Password required for accessing the webserver |
441 |
# |
494 |
# |
442 |
# webserver-password= |
495 |
# webserver-password= |
Lines 451-464
Link Here
|
451 |
# |
504 |
# |
452 |
# webserver-print-arguments=no |
505 |
# webserver-print-arguments=no |
453 |
|
506 |
|
454 |
################################# |
|
|
455 |
# wildcard-url Process URL and MBOXFW records |
456 |
# |
457 |
# wildcard-url=no |
458 |
|
459 |
################################# |
460 |
# wildcards Honor wildcards in the database |
461 |
# |
462 |
# wildcards= |
463 |
|
464 |
|
507 |
|