# Autogenerated configuration file template ################################# # allow-from If set, only allow these comma separated netmasks to recurse # # allow-from=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10 ################################# # allow-from-file If set, load allowed netmasks from this file # # allow-from-file= ################################# # any-to-tcp Answer ANY queries with tc=1, shunting to TCP # # any-to-tcp=no ################################# # api-config-dir Directory where REST API stores config and zones # # api-config-dir= ################################# # api-key Static pre-shared authentication key for access to the REST API # # api-key= ################################# # auth-zones Zones for which we have authoritative data, comma separated domain=file pairs # # auth-zones= ################################# # carbon-instance If set overwrites the the instance name default # # carbon-instance=recursor ################################# # carbon-interval Number of seconds between carbon (graphite) updates # # carbon-interval=30 ################################# # carbon-namespace If set overwrites the first part of the carbon string # # carbon-namespace=pdns ################################# # carbon-ourname If set, overrides our reported hostname for carbon stats # # carbon-ourname= ################################# # carbon-server If set, send metrics in carbon (graphite) format to this server IP address # # carbon-server= ################################# # chroot switch to chroot jail # # chroot= ################################# # client-tcp-timeout Timeout in seconds when talking to TCP clients # # client-tcp-timeout=2 ################################# # config-dir Location of configuration directory (recursor.conf) # # config-dir=/etc/powerdns ################################# # config-name Name of this virtual configuration - will rename the binary image # # config-name= ################################# # daemon Operate as a daemon # # daemon=no ################################# # delegation-only Which domains we only accept delegations from # # delegation-only= ################################# # disable-packetcache Disable packetcache # # disable-packetcache=no ################################# # disable-syslog Disable logging to syslog, useful when running inside a supervisor that logs stdout # # disable-syslog=no ################################# # dnssec DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate # # dnssec=process-no-validate ################################# # dnssec-log-bogus Log DNSSEC bogus validations # # dnssec-log-bogus=no ################################# # dont-query If set, do not query these netmasks for DNS data # # dont-query=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, ::ffff:0:0/96, 100::/64, 2001:db8::/32 ################################# # ecs-ipv4-bits Number of bits of IPv4 address to pass for EDNS Client Subnet # # ecs-ipv4-bits=24 ################################# # ecs-ipv6-bits Number of bits of IPv6 address to pass for EDNS Client Subnet # # ecs-ipv6-bits=56 ################################# # edns-outgoing-bufsize Outgoing EDNS buffer size # # edns-outgoing-bufsize=1232 ################################# # edns-subnet-whitelist List of netmasks and domains that we should enable EDNS subnet for # # edns-subnet-whitelist= ################################# # entropy-source If set, read entropy from this file # # entropy-source=/dev/urandom ################################# # etc-hosts-file Path to 'hosts' file # # etc-hosts-file=/etc/hosts ################################# # export-etc-hosts If we should serve up contents from /etc/hosts # # export-etc-hosts=off ################################# # export-etc-hosts-search-suffix Also serve up the contents of /etc/hosts with this suffix # # export-etc-hosts-search-suffix= ################################# # forward-zones Zones for which we forward queries, comma separated domain=ip pairs # # forward-zones= ################################# # forward-zones-file File with (+)domain=ip pairs for forwarding # # forward-zones-file= ################################# # forward-zones-recurse Zones for which we forward queries with recursion bit, comma separated domain=ip pairs # # forward-zones-recurse= ################################# # hint-file If set, load root hints from this file # # hint-file= ################################# # include-dir Include *.conf files from this directory # # include-dir= ################################# # latency-statistic-size Number of latency values to calculate the qa-latency average # # latency-statistic-size=10000 ################################# # local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports. # # local-address=127.0.0.1 ################################# # local-port port to listen on # # local-port=53 ################################# # log-common-errors If we should log rather common errors # # log-common-errors=no ################################# # logging-facility Facility to log messages as. 0 corresponds to local0 # # logging-facility= ################################# # loglevel Amount of logging. Higher is more. Do not set below 3 # # loglevel=4 ################################# # lowercase-outgoing Force outgoing questions to lowercase # # lowercase-outgoing=no ################################# # lua-config-file More powerful configuration options # # lua-config-file= ################################# # lua-dns-script Filename containing an optional 'lua' script that will be used to modify dns answers # # lua-dns-script= ################################# # max-cache-entries If set, maximum number of entries in the main cache # # max-cache-entries=1000000 ################################# # max-cache-ttl maximum number of seconds to keep a cached entry in memory # # max-cache-ttl=86400 ################################# # max-mthreads Maximum number of simultaneous Mtasker threads # # max-mthreads=2048 ################################# # max-negative-ttl maximum number of seconds to keep a negative cached entry in memory # # max-negative-ttl=3600 ################################# # max-packetcache-entries maximum number of entries to keep in the packetcache # # max-packetcache-entries=500000 ################################# # max-qperq Maximum outgoing queries per query # # max-qperq=50 ################################# # max-recursion-depth Maximum number of internal recursion calls per query, 0 for unlimited # # max-recursion-depth=40 ################################# # max-tcp-clients Maximum number of simultaneous TCP clients # # max-tcp-clients=128 ################################# # max-tcp-per-client If set, maximum number of TCP sessions per client (IP address) # # max-tcp-per-client=0 ################################# # max-total-msec Maximum total wall-clock time per query in milliseconds, 0 for unlimited # # max-total-msec=7000 ################################# # minimum-ttl-override Set under adverse conditions, a minimum TTL # # minimum-ttl-override=0 ################################# # network-timeout Wait this number of milliseconds for network i/o # # network-timeout=1500 ################################# # no-shuffle Don't change # # no-shuffle=off ################################# # non-local-bind Enable binding to non-local addresses by using FREEBIND / BINDANY socket options # # non-local-bind=no ################################# # packetcache-servfail-ttl maximum number of seconds to keep a cached servfail entry in packetcache # # packetcache-servfail-ttl=60 ################################# # packetcache-ttl maximum number of seconds to keep a cached entry in packetcache # # packetcache-ttl=3600 ################################# # pdns-distributes-queries If PowerDNS itself should distribute queries over threads # # pdns-distributes-queries=yes ################################# # processes Launch this number of processes (EXPERIMENTAL, DO NOT CHANGE) # # processes=1 ################################# # query-local-address Source IP address for sending queries # # query-local-address=0.0.0.0 ################################# # query-local-address6 Source IPv6 address for sending queries. IF UNSET, IPv6 WILL NOT BE USED FOR OUTGOING QUERIES # # query-local-address6= ################################# # quiet Suppress logging of questions and answers # # quiet= ################################# # reuseport Enable SO_REUSEPORT allowing multiple recursors processes to listen to 1 address # # reuseport=no ################################# # root-nx-trust If set, believe that an NXDOMAIN from the root means the TLD does not exist # # root-nx-trust=yes ################################# # security-poll-suffix Domain name from which to query security update notifications # # security-poll-suffix=secpoll.powerdns.com. ################################# # serve-rfc1918 If we should be authoritative for RFC 1918 private IP space # # serve-rfc1918=yes ################################# # server-down-max-fails Maximum number of consecutive timeouts (and unreachables) to mark a server as down ( 0 => disabled ) # # server-down-max-fails=64 ################################# # server-down-throttle-time Number of seconds to throttle all queries to a server after being marked as down # # server-down-throttle-time=60 ################################# # server-id Returned when queried for 'id.server' TXT or NSID, defaults to hostname, set custom or 'disabled' # # server-id= ################################# # setgid If set, change group id to this gid for more security # setgid=powerdns ################################# # setuid If set, change user id to this uid for more security # setuid=powerdns ################################# # single-socket If set, only use a single socket for outgoing queries # # single-socket=off ################################# # soa-minimum-ttl Don't change # # soa-minimum-ttl=0 ################################# # socket-dir Where the controlsocket will live, /var/run when unset and not chrooted # # socket-dir= ################################# # socket-group Group of socket # # socket-group= ################################# # socket-mode Permissions for socket # # socket-mode= ################################# # socket-owner Owner of socket # # socket-owner= ################################# # spoof-nearmiss-max If non-zero, assume spoofing after this many near misses # # spoof-nearmiss-max=20 ################################# # stack-size stack size per mthread # # stack-size=200000 ################################# # stats-ringbuffer-entries maximum number of packets to store statistics for # # stats-ringbuffer-entries=10000 ################################# # threads Launch this number of threads # # threads=2 ################################# # trace if we should output heaps of logging. set to 'fail' to only log failing domains # # trace=off ################################# # udp-truncation-threshold Maximum UDP response size before we truncate # # udp-truncation-threshold=1680 ################################# # use-incoming-edns-subnet Pass along received EDNS Client Subnet information # # use-incoming-edns-subnet=no ################################# # version-string string reported on version.pdns or version.bind # # version-string=PowerDNS Recursor 4.3.0 ################################# # webserver Start a webserver (for REST API) # # webserver=no ################################# # webserver-address IP Address of webserver to listen on # # webserver-address=127.0.0.1 ################################# # webserver-allow-from Webserver access is only allowed from these subnets # # webserver-allow-from=0.0.0.0/0,::/0 ################################# # webserver-password Password required for accessing the webserver # # webserver-password= ################################# # webserver-port Port of webserver to listen on # # webserver-port=8082 ################################# # write-pid Write a PID file # # write-pid=yes