]>
Commit | Line | Data |
---|---|---|
0e2063c3 PL |
1 | Authoritative Server Settings |
2 | ============================= | |
3 | ||
4 | All PowerDNS Authoritative Server settings are listed here, excluding | |
5 | those that originate from backends, which are documented in the relevant | |
6 | chapters. These settings can be set inside ``pdns.conf`` or on the | |
7 | commandline when invoking the ``pdns`` binary. | |
8 | ||
9 | You can use ``+=`` syntax to set some variables incrementally, but this | |
10 | requires you to have at least one non-incremental setting for the | |
11 | variable to act as base setting. This is mostly useful for | |
12 | :ref:`setting-include-dir` directive. | |
13 | ||
14 | For boolean settings, specifying the name of the setting without a value | |
15 | means ``yes``. | |
16 | ||
17 | .. _setting-8bit-dns: | |
18 | ||
19 | ``8bit-dns`` | |
20 | ------------ | |
21 | ||
22 | - Allow 8 bit dns queries | |
23 | - Default: no | |
24 | ||
25 | .. versionadded:: 4.0.0 | |
26 | ||
27 | Allow 8 bit DNS queries. | |
28 | ||
29 | .. _setting-allow-axfr-ips: | |
30 | ||
31 | ``allow-axfr-ips`` | |
32 | ------------------ | |
33 | ||
34 | - IP ranges, separated by commas | |
35 | - Default: 127.0.0.0/8,::1 | |
36 | ||
37 | If set, only these IP addresses or netmasks will be able to perform | |
38 | AXFR. | |
39 | ||
40 | .. _setting-allow-dnsupdate-from: | |
41 | ||
42 | ``allow-dnsupdate-from`` | |
43 | ------------------------ | |
44 | ||
45 | - IP ranges, separated by commas | |
46 | ||
47 | Allow DNS updates from these IP ranges. | |
48 | ||
49 | .. _setting-allow-notify-from: | |
50 | ||
51 | ``allow-notify-from`` | |
52 | --------------------- | |
53 | ||
54 | - IP ranges, separated by commas | |
55 | - Default: 0.0.0.0/0,::/0 | |
56 | ||
57 | Allow AXFR NOTIFY from these IP ranges. Setting this to an empty string | |
58 | will drop all incoming notifies. | |
59 | ||
60 | .. _setting-allow-unsigned-notify: | |
61 | ||
62 | ``allow-unsigned-notify`` | |
63 | ------------------------- | |
64 | ||
65 | - Boolean | |
66 | - Default: yes | |
67 | ||
68 | .. versionadded:: 4.0.0 | |
69 | ||
70 | Turning this off requires all notifications that are received to be | |
71 | signed by valid TSIG signature for the zone. | |
72 | ||
73 | .. _setting-allow-unsigned-supermaster: | |
74 | ||
75 | ``allow-unsigned-supermaster`` | |
76 | ------------------------------ | |
77 | ||
78 | - Boolean | |
79 | - Default: yes | |
80 | ||
81 | .. versionadded:: 4.0.0 | |
82 | ||
83 | Turning this off requires all supermaster notifications to be signed by | |
84 | valid TSIG signature. It will accept any existing key on slave. | |
85 | ||
86 | .. _setting-allow-recursion: | |
87 | ||
88 | ``allow-recursion`` | |
89 | ------------------- | |
90 | ||
91 | - IP ranges, separated by commas | |
92 | - Default: 0.0.0.0/0 | |
93 | - Removed in: 4.1.0 | |
94 | ||
95 | By specifying ``allow-recursion``, recursion can be restricted to | |
96 | netmasks specified. The default is to allow recursion from everywhere. | |
97 | Example: ``allow-recursion=198.51.100.0/24, 10.0.0.0/8, 192.0.2.4``. | |
98 | ||
99 | .. _setting-also-notify: | |
100 | ||
101 | ``also-notify`` | |
102 | --------------- | |
103 | ||
104 | - IP addresses, separated by commas | |
105 | ||
106 | When notifying a domain, also notify these nameservers. Example: | |
107 | ``also-notify=192.0.2.1, 203.0.113.167``. The IP addresses listed in | |
108 | ``also-notify`` always receive a notification. Even if they do not match | |
109 | the list in :ref:`setting-only-notify`. | |
110 | ||
111 | .. _setting-any-to-tcp: | |
112 | ||
113 | ``any-to-tcp`` | |
114 | -------------- | |
115 | ||
116 | - Boolean | |
117 | - Default: yes | |
118 | ||
119 | .. versionchanged:: 4.0.1, was 'no' before. | |
120 | ||
121 | Answer questions for the ANY on UDP with a truncated packet that refers | |
122 | the remote server to TCP. Useful for mitigating reflection attacks. | |
123 | ||
124 | .. _setting-api: | |
125 | ||
126 | ``api`` | |
127 | ------- | |
128 | ||
129 | - Boolean | |
130 | - Default: no | |
131 | ||
132 | Enable/disable the :doc:`http-api/index`. | |
133 | ||
134 | .. _setting-api-key: | |
135 | ||
136 | ``api-key`` | |
137 | ----------- | |
138 | ||
139 | - String | |
140 | ||
141 | .. versionadded:: 4.0.0 | |
142 | ||
143 | Static pre-shared authentication key for access to the REST API. | |
144 | ||
145 | .. _setting-api-readonly: | |
146 | ||
147 | ``api-readonly`` | |
148 | ---------------- | |
149 | ||
150 | - Boolean | |
151 | - Default: no | |
152 | ||
153 | .. versionadded:: 4.0.0 | |
154 | ||
155 | Disallow data modification through the REST API when set. | |
156 | ||
157 | .. _setting-axfr-lower-serial: | |
158 | ||
159 | ``axfr-lower-serial`` | |
160 | --------------------- | |
161 | ||
162 | - Boolean | |
163 | - Default: no | |
164 | ||
165 | .. versionadded:: 4.0.4 | |
166 | ||
167 | Also AXFR a zone from a master with a lower serial. | |
168 | ||
169 | .. _setting-cache-ttl: | |
170 | ||
171 | ``cache-ttl`` | |
172 | ------------- | |
173 | ||
174 | - Integer | |
175 | - Default: 20 | |
176 | ||
177 | Seconds to store packets in the :ref:`packet-cache`. | |
178 | ||
179 | .. _setting-carbon-ourname: | |
180 | ||
181 | ``carbon-ourname`` | |
182 | ------------------ | |
183 | ||
184 | - String | |
185 | - Default: the hostname of the server | |
186 | ||
187 | If sending carbon updates, if set, this will override our hostname. Be | |
188 | careful not to include any dots in this setting, unless you know what | |
189 | you are doing. See :ref:`metricscarbon` | |
190 | ||
191 | .. _setting-carbon-server: | |
192 | ||
193 | ``carbon-server`` | |
194 | ----------------- | |
195 | ||
196 | - IP Address | |
197 | ||
198 | Send all available metrics to this server via the carbon protocol, which | |
199 | is used by graphite and metronome. It has to be an address (no | |
200 | hostnames). You may specify an alternate port by appending :port, ex: | |
201 | 127.0.0.1:2004. See :ref:`metricscarbon`. | |
202 | ||
203 | .. _setting-carbon-interval: | |
204 | ||
205 | ``carbon-interval`` | |
206 | ------------------- | |
207 | ||
208 | - Integer | |
209 | - Default: 30 | |
210 | ||
211 | If sending carbon updates, this is the interval between them in seconds. | |
212 | See :ref:`metricscarbon`. | |
213 | ||
214 | .. _setting-chroot: | |
215 | ||
216 | ``chroot`` | |
217 | ---------- | |
218 | ||
219 | - Path | |
220 | ||
221 | If set, chroot to this directory for more security. See :doc:`security`. | |
222 | ||
223 | Make sure that ``/dev/log`` is available from within the chroot. Logging | |
224 | will silently fail over time otherwise (on logrotate). | |
225 | ||
226 | When setting ``chroot``, all other paths in the config (except for | |
227 | :ref:`setting-config-dir` and :ref:`setting-module-dir`) | |
228 | set in the configuration are relative to the new root. | |
229 | ||
230 | When running on a system where systemd manages services, ``chroot`` does | |
231 | not work out of the box, as PowerDNS cannot use the ``NOTIFY_SOCKET``. | |
232 | Either don't ``chroot`` on these systems or set the 'Type' of the this | |
233 | service to 'simple' instead of 'notify' (refer to the systemd | |
234 | documentation on how to modify unit-files) | |
235 | ||
236 | .. _setting-config-dir: | |
237 | ||
238 | ``config-dir`` | |
239 | -------------- | |
240 | ||
241 | - Path | |
242 | ||
243 | Location of configuration directory (``pdns.conf``). Usually | |
244 | ``/etc/powerdns``, but this depends on ``SYSCONFDIR`` during | |
245 | compile-time. | |
246 | ||
247 | .. _setting-config-name: | |
248 | ||
249 | ``config-name`` | |
250 | --------------- | |
251 | ||
252 | - String | |
253 | ||
254 | Name of this virtual configuration - will rename the binary image. See | |
255 | :doc:`guides/virtual-instances`. | |
256 | ||
257 | .. _setting-control-console: | |
258 | ||
259 | ``control-console`` | |
260 | ------------------- | |
261 | ||
262 | Debugging switch - don't use. | |
263 | ||
264 | .. _setting-daemon: | |
265 | ||
266 | ``daemon`` | |
267 | ---------- | |
268 | ||
269 | - Boolean | |
270 | - Default: no | |
271 | ||
272 | Operate as a daemon. | |
273 | ||
274 | .. _setting-default-ksk-algorithms: | |
275 | ||
276 | ``default-ksk-algorithms`` | |
277 | -------------------------- | |
278 | ||
279 | - String | |
280 | - Default: ecdsa256 | |
281 | ||
282 | The algorithm that should be used for the KSK when running | |
283 | :doc:`pdnsutil secure-zone <manpages/pdnsutil.1>`. Must be one | |
284 | of: | |
285 | ||
286 | * rsamd5 | |
287 | * dh | |
288 | * dsa | |
289 | * ecc | |
290 | * rsasha1 | |
291 | * rsasha256 | |
292 | * rsasha512 | |
293 | * ecc-gost | |
294 | * ecdsa256 (ECDSA P-256 with SHA256) | |
295 | * ecdsa384 (ECDSA P-384 with SHA384) | |
296 | * ed25519 | |
297 | ||
298 | .. _setting-default-ksk-size: | |
299 | ||
300 | ``default-ksk-size`` | |
301 | -------------------- | |
302 | ||
303 | - Integer | |
304 | - Default: whichever is default for ``default-ksk-algorithms`` | |
305 | ||
306 | The default keysize for the KSK generated with :doc:`pdnsutil secure-zone <dnssec/pdnsutil>`. | |
307 | ||
308 | .. _setting-default-soa-name: | |
309 | ||
310 | ``default-soa-name`` | |
311 | -------------------- | |
312 | ||
313 | - String | |
314 | - Default: a.misconfigured.powerdns.server | |
315 | ||
316 | Name to insert in the SOA record if none set in the backend. | |
317 | ||
318 | .. _setting-default-soa-edit: | |
319 | ||
320 | ``default-soa-edit`` | |
321 | -------------------- | |
322 | ||
323 | - String | |
324 | - Default: empty | |
325 | ||
326 | Use this soa-edit value for all zones if no | |
327 | :ref:`metadata-soa-edit` metadata value is set. | |
328 | ||
329 | .. _setting-default-soa-edit-signed: | |
330 | ||
331 | ``default-soa-edit-signed`` | |
332 | --------------------------- | |
333 | ||
334 | - String | |
335 | - Default: empty | |
336 | ||
337 | Use this soa-edit value for all signed zones if no | |
338 | :ref:`metadata-soa-edit` metadata value is set. | |
339 | Overrides :ref:`setting-default-soa-edit` | |
340 | ||
341 | .. _setting-default-soa-mail: | |
342 | ||
343 | ``default-soa-mail`` | |
344 | -------------------- | |
345 | ||
346 | - String | |
347 | ||
348 | Mail address to insert in the SOA record if none set in the backend. | |
349 | ||
350 | .. _setting-default-ttl: | |
351 | ||
352 | ``default-ttl`` | |
353 | --------------- | |
354 | ||
355 | - Integer | |
356 | - Default: 3600 | |
357 | ||
358 | TTL to use when none is provided. | |
359 | ||
360 | .. _setting-default-zsk-algorithms: | |
361 | ||
362 | ``default-zsk-algorithms`` | |
363 | -------------------------- | |
364 | ||
365 | - String | |
366 | - Default: (empty) | |
367 | ||
368 | The algorithm that should be used for the ZSK when running | |
369 | :doc:`pdnsutil secure-zone <manpages/pdnsutil.1>`. Must be one | |
370 | of: | |
371 | ||
372 | * rsamd5 | |
373 | * dh | |
374 | * dsa | |
375 | * ecc | |
376 | * rsasha1 | |
377 | * rsasha256 | |
378 | * rsasha512 | |
379 | * ecc-gost | |
380 | * ecdsa256 (ECDSA P-256 with SHA256) | |
381 | * ecdsa384 (ECDSA P-384 with SHA384) | |
382 | * ed25519 | |
383 | ||
384 | .. _setting-default-zsk-size: | |
385 | ||
386 | ``default-zsk-size`` | |
387 | -------------------- | |
388 | ||
389 | - Integer | |
390 | - Default: whichever is default for ``default-zsk-algorithms`` | |
391 | ||
392 | The default keysize for the ZSK generated with :doc:`pdnsutil secure-zone <dnssec/pdnsutil>`. | |
393 | ||
394 | .. _setting-direct-dnskey: | |
395 | ||
396 | ``direct-dnskey`` | |
397 | ----------------- | |
398 | ||
399 | - Boolean | |
400 | - Default: no | |
401 | ||
402 | Read additional ZSKs from the records table/your BIND zonefile. If not | |
403 | set, DNSKEY records in the zonefiles are ignored. | |
404 | ||
405 | .. _setting-disable-axfr: | |
406 | ||
407 | ``disable-axfr`` | |
408 | ---------------- | |
409 | ||
410 | - Boolean | |
411 | - Default: no | |
412 | ||
413 | Do not allow zone transfers. | |
414 | ||
415 | .. _setting-disable-axfr-rectify: | |
416 | ||
417 | ``disable-axfr-rectify`` | |
418 | ------------------------ | |
419 | ||
420 | - Boolean | |
421 | - Default: no | |
422 | ||
423 | Disable the rectify step during an outgoing AXFR. Only required for | |
424 | regression testing. | |
425 | ||
426 | .. _setting-disable-syslog: | |
427 | ||
428 | ``disable-syslog`` | |
429 | ------------------ | |
430 | ||
431 | - Boolean | |
432 | - Default: no | |
433 | ||
434 | Do not log to syslog, only to stdout. Use this setting when running | |
435 | inside a supervisor that handles logging (like systemd). | |
436 | ||
437 | ..warning:: | |
438 | Do not use this setting in combination with :ref:`setting-daemon` as all | |
439 | logging will disappear. | |
440 | ||
441 | .. _setting-disable-tcp: | |
442 | ||
443 | ``disable-tcp`` | |
444 | --------------- | |
445 | ||
446 | - Boolean | |
447 | - Default: no | |
448 | ||
449 | Do not listen to TCP queries. Breaks RFC compliance. | |
450 | ||
451 | .. _setting-distributor-threads: | |
452 | ||
453 | ``distributor-threads`` | |
454 | ----------------------- | |
455 | ||
456 | - Integer | |
457 | - Default: 3 | |
458 | ||
459 | Number of Distributor (backend) threads to start per receiver thread. | |
460 | See :doc:`performance`. | |
461 | ||
462 | .. _setting-dname-processing: | |
463 | ||
464 | ``dname-processing`` | |
465 | -------------------- | |
466 | ||
467 | - Boolean | |
468 | - Default: no | |
469 | ||
470 | Synthesise CNAME records from DNAME records as required. This | |
471 | approximately doubles query load. **Do not combine with DNSSEC!** | |
472 | ||
473 | .. _setting-dnssec-key-cache-ttl: | |
474 | ||
475 | ``dnssec-key-cache-ttl`` | |
476 | ------------------------ | |
477 | ||
478 | - Integer | |
479 | - Default: 30 | |
480 | ||
481 | Seconds to cache DNSSEC keys from the database. A value of 0 disables | |
482 | caching. | |
483 | ||
484 | .. _setting-dnsupdate: | |
485 | ||
486 | ``dnsupdate`` | |
487 | ------------- | |
488 | ||
489 | - Boolean | |
490 | - Default: no | |
491 | ||
492 | Enable/Disable DNS update (RFC2136) support. See :doc:`dnsupdate` for more. | |
493 | ||
494 | .. _setting-do-ipv6-additional-processing: | |
495 | ||
496 | ``do-ipv6-additional-processing`` | |
497 | --------------------------------- | |
498 | ||
499 | - Boolean | |
500 | - Default: yes | |
501 | ||
502 | Perform AAAA additional processing. This sends AAAA records in the | |
503 | ADDITIONAL section when sending a referral. | |
504 | ||
505 | .. _setting-domain-metadata-cache-ttl: | |
506 | ||
507 | ``domain-metadata-cache-ttl`` | |
508 | ----------------------------- | |
509 | ||
510 | - Integer | |
511 | - Default: 60 | |
512 | ||
513 | Seconds to cache domain metadata from the database. A value of 0 | |
514 | disables caching. | |
515 | ||
516 | .. _setting-edns-subnet-processing: | |
517 | ||
518 | ``edns-subnet-processing`` | |
519 | -------------------------- | |
520 | ||
521 | - Boolean | |
522 | - Default: no | |
523 | ||
524 | Enables EDNS subnet processing, for backends that support it. | |
525 | ||
526 | .. _setting-entropy-source: | |
527 | ||
528 | ``entropy-source`` | |
529 | ------------------ | |
530 | ||
531 | - Path | |
532 | - Default: /dev/urandom | |
533 | ||
534 | Entropy source file to use. | |
535 | ||
536 | .. _setting-expand-alias: | |
537 | ||
538 | ``expand-alias`` | |
539 | ---------------- | |
540 | ||
541 | - Boolean | |
542 | - Default: no | |
543 | - Since: 4.1.0 | |
544 | ||
545 | If this is enabled, ALIAS records are expanded (synthesised to their | |
546 | A/AAAA). | |
547 | ||
548 | If this is disabled (the default), ALIAS records will not expanded and | |
549 | the server will will return NODATA for A/AAAA queries for such names. | |
550 | ||
551 | **note**: :ref:`setting-resolver` must also be set for ALIAS | |
552 | expansion to work! | |
553 | ||
554 | **note**: In PowerDNS Authoritative Server 4.0.x, this setting did not | |
555 | exist and ALIAS was always expanded. | |
556 | ||
557 | .. _setting-forward-dnsupdate: | |
558 | ||
559 | ``forward-dnsupdate`` | |
560 | --------------------- | |
561 | ||
562 | - Boolean | |
563 | - Default: no | |
564 | ||
565 | Forward DNS updates sent to a slave to the master. | |
566 | ||
567 | .. _setting-forward-notify: | |
568 | ||
569 | ``forward-notify`` | |
570 | ------------------ | |
571 | ||
572 | - IP addresses, separated by commas | |
573 | ||
574 | IP addresses to forward received notifications to regardless of master | |
575 | or slave settings. | |
576 | ||
577 | .. note:: | |
578 | The intended use is in anycast environments where it might be | |
579 | necessary for a proxy server to perform the AXFR. The usual checks are | |
580 | performed before any received notification is forwarded. | |
581 | ||
582 | .. _setting-guardian: | |
583 | ||
584 | ``guardian`` | |
585 | ------------ | |
586 | ||
587 | - Boolean | |
588 | - Default: no | |
589 | ||
590 | Run within a guardian process. See :ref:`running-guardian`. | |
591 | ||
592 | .. _setting-include-dir: | |
593 | ||
594 | ``include-dir`` | |
595 | --------------- | |
596 | ||
597 | - Path | |
598 | ||
599 | Directory to scan for additional config files. All files that end with | |
600 | .conf are loaded in order using ``POSIX`` as locale. | |
601 | ||
602 | .. _setting-launch: | |
603 | ||
604 | ``launch`` | |
605 | ---------- | |
606 | ||
607 | - Backend names, separated by commas | |
608 | ||
609 | Which backends to launch and order to query them in. Launches backends. | |
610 | In its most simple form, supply all backends that need to be launched. | |
611 | e.g. | |
612 | ||
613 | :: | |
614 | ||
615 | launch=bind,gmysql,remote | |
616 | ||
617 | If you find that you need to query a backend multiple times with | |
618 | different configuration, you can specify a name for later | |
619 | instantiations. e.g.: | |
620 | ||
621 | :: | |
622 | ||
623 | launch=gmysql,gmysql:server2 | |
624 | ||
625 | In this case, there are 2 instances of the gmysql backend, one by the | |
626 | normal name and the second one is called 'server2'. The backend | |
627 | configuration item names change: e.g. ``gmysql-host`` is available to | |
628 | configure the ``host`` setting of the first or main instance, and | |
629 | ``gmysql-server2-host`` for the second one. | |
630 | ||
631 | .. _setting-load-modules: | |
632 | ||
633 | ``load-modules`` | |
634 | ---------------- | |
635 | ||
636 | - Paths, separated by commas | |
637 | ||
638 | If backends are available in nonstandard directories, specify their | |
639 | location here. Multiple files can be loaded if separated by commas. Only | |
640 | available in non-static distributions. | |
641 | ||
642 | .. _setting-local-address: | |
643 | ||
644 | ``local-address`` | |
645 | ----------------- | |
646 | ||
647 | - IPv4 Addresses, separated by commas or whitespace | |
648 | - Default: 0.0.0.0 | |
649 | ||
650 | Local IP address to which we bind. It is highly advised to bind to | |
651 | specific interfaces and not use the default 'bind to any'. This causes | |
652 | big problems if you have multiple IP addresses. Unix does not provide a | |
653 | way of figuring out what IP address a packet was sent to when binding to | |
654 | any. | |
655 | ||
656 | .. _setting-non-local-bind: | |
657 | ||
658 | ``non-local-bind`` | |
659 | ------------------ | |
660 | ||
661 | - Boolean | |
662 | - Default: no | |
663 | ||
664 | Bind to addresses even if one or more of the | |
665 | :ref:`setting-local-address`'s do not exist on this server. | |
666 | Setting this option will enable the needed socket options to allow | |
667 | binding to non-local addresses. This feature is intended to facilitate | |
668 | ip-failover setups, but it may also mask configuration issues and for | |
669 | this reason it is disabled by default. | |
670 | ||
671 | .. _setting-lua-axfr-script: | |
672 | ||
673 | ``lua-axfr-script`` | |
674 | ------------------- | |
675 | ||
676 | - String | |
677 | - Default: empty | |
678 | ||
679 | .. versionadded:: 4.1.0 | |
680 | ||
681 | Script to be used to edit incoming AXFRs, see :ref:_modes-of-operation-axfrfilter` | |
682 | ||
683 | .. _setting-local-address-nonexist-fail: | |
684 | ||
685 | ``local-address-nonexist-fail`` | |
686 | ------------------------------- | |
687 | ||
688 | - Boolean | |
689 | - Default: no | |
690 | ||
691 | Fail to start if one or more of the | |
692 | :ref:`setting-local-address`'s do not exist on this server. | |
693 | ||
694 | .. _setting-local-ipv6: | |
695 | ||
696 | ``local-ipv6`` | |
697 | -------------- | |
698 | ||
699 | - IPv6 Addresses, separated by commas or whitespace | |
700 | - Default: '::' | |
701 | ||
702 | Local IPv6 address to which we bind. It is highly advised to bind to | |
703 | specific interfaces and not use the default 'bind to any'. This causes | |
704 | big problems if you have multiple IP addresses. | |
705 | ||
706 | .. _setting-local-ipv6-nonexist-fail: | |
707 | ||
708 | ``local-ipv6-nonexist-fail`` | |
709 | ---------------------------- | |
710 | ||
711 | - Boolean | |
712 | - Default: no | |
713 | ||
714 | Fail to start if one or more of the :ref:`setting-local-ipv6` | |
715 | addresses do not exist on this server. | |
716 | ||
717 | .. _setting-local-port: | |
718 | ||
719 | ``local-port`` | |
720 | -------------- | |
721 | ||
722 | - Integer | |
723 | - Default: 53 | |
724 | ||
725 | The port on which we listen. Only one port possible. | |
726 | ||
727 | .. _setting-log-dns-details: | |
728 | ||
729 | ``log-dns-details`` | |
730 | ------------------- | |
731 | ||
732 | - Boolean | |
733 | - Default: no | |
734 | ||
735 | If set to 'no', informative-only DNS details will not even be sent to | |
736 | syslog, improving performance. | |
737 | ||
738 | .. _setting-logging-facility: | |
739 | ||
740 | ``logging-facility`` | |
741 | -------------------- | |
742 | ||
743 | If set to a digit, logging is performed under this LOCAL facility. See :ref:`logging-to-syslog`. | |
744 | Do not pass names like 'local0'! | |
745 | ||
746 | .. _setting-loglevel: | |
747 | ||
748 | ``loglevel`` | |
749 | ------------ | |
750 | ||
751 | - Integer | |
752 | - Default: 4 | |
753 | ||
754 | Amount of logging. Higher is more. Do not set below 3 | |
755 | ||
756 | .. _setting-log-dns-queries: | |
757 | ||
758 | ``log-dns-queries`` | |
759 | ------------------- | |
760 | ||
761 | - Boolean | |
762 | - Default: no | |
763 | ||
764 | Tell PowerDNS to log all incoming DNS queries. This will lead to a lot | |
765 | of logging! Only enable for debugging! Set :ref:`setting-loglevel` | |
766 | to at least 5 to see the logs. | |
767 | ||
768 | .. _setting-lua-prequery-script: | |
769 | ||
770 | ``lua-prequery-script`` | |
771 | ----------------------- | |
772 | ||
773 | - Path | |
774 | ||
775 | Lua script to run before answering a query. This is a feature used | |
776 | internally for regression testing. The API of this functionality is not | |
777 | guaranteed to be stable, and is in fact likely to change. | |
778 | ||
779 | .. _setting-master: | |
780 | ||
781 | ``master`` | |
782 | ---------- | |
783 | ||
784 | - Boolean | |
785 | - Default: no | |
786 | ||
787 | Turn on master support. See :ref:`master-operation`. | |
788 | ||
789 | .. _setting-max-cache-entries: | |
790 | ||
791 | ``max-cache-entries`` | |
792 | --------------------- | |
793 | ||
794 | - Integer | |
795 | - Default: 1000000 | |
796 | ||
797 | Maximum number of entries in the query cache. 1 million (the default) | |
798 | will generally suffice for most installations. Starting with 4.1, the | |
799 | packet and query caches are distinct so you might also want to see | |
800 | ``max-packet-cache-entries``. | |
801 | ||
802 | .. _setting-max-ent-entries: | |
803 | ||
804 | ``max-ent-entries`` | |
805 | ------------------- | |
806 | ||
807 | - Integer | |
808 | - Default: 100000 | |
809 | ||
810 | Maximum number of empty non-terminals to add to a zone. This is a | |
811 | protection measure to avoid database explosion due to long names. | |
812 | ||
813 | .. _setting-max-nsec3-iterations: | |
814 | ||
815 | ``max-nsec3-iterations`` | |
816 | ------------------------ | |
817 | ||
818 | - Integer | |
819 | - Default: 500 | |
820 | ||
821 | Limit the number of NSEC3 hash iterations | |
822 | ||
823 | .. _setting-max-packet-cache-entries: | |
824 | ||
825 | ``max-packet-cache-entries`` | |
826 | ---------------------------- | |
827 | ||
828 | - Integer | |
829 | - Default: 1000000 | |
830 | ||
831 | Maximum number of entries in the packet cache. 1 million (the default) | |
832 | will generally suffice for most installations. This setting has been | |
833 | introduced in 4.1, previous used the ``max-cache-entries`` setting for | |
834 | both the packet and query caches. | |
835 | ||
836 | .. _setting-max-queue-length: | |
837 | ||
838 | ``max-queue-length`` | |
839 | -------------------- | |
840 | ||
841 | - Integer | |
842 | - Default: 5000 | |
843 | ||
844 | If this many packets are waiting for database attention, consider the | |
845 | situation hopeless and respawn. | |
846 | ||
847 | .. _setting-max-signature-cache-entries: | |
848 | ||
849 | ``max-signature-cache-entries`` | |
850 | ------------------------------- | |
851 | ||
852 | - Integer | |
853 | - Default: 2^64 (on 64-bit systems) | |
854 | ||
855 | Maximum number of signatures cache entries | |
856 | ||
857 | .. _setting-max-tcp-connection-duration: | |
858 | ||
859 | ``max-tcp-connection-duration`` | |
860 | ------------------------------- | |
861 | ||
862 | - Integer | |
863 | - Default: 0 | |
864 | ||
865 | Maximum time in seconds that a TCP DNS connection is allowed to stay | |
866 | open. 0 means unlimited. Note that exchanges related to an AXFR or IXFR | |
867 | are not affected by this setting. | |
868 | ||
869 | .. _setting-max-tcp-connections: | |
870 | ||
871 | ``max-tcp-connections`` | |
872 | ----------------------- | |
873 | ||
874 | - Integer | |
875 | - Default: 20 | |
876 | ||
877 | Allow this many incoming TCP DNS connections simultaneously. | |
878 | ||
879 | .. _setting-max-tcp-connections-per-client: | |
880 | ||
881 | ``max-tcp-connections-per-client`` | |
882 | ---------------------------------- | |
883 | ||
884 | - Integer | |
885 | - Default: 0 | |
886 | ||
887 | Maximum number of simultaneous TCP connections per client. 0 means | |
888 | unlimited. | |
889 | ||
890 | .. _setting-max-tcp-transactions-per-conn: | |
891 | ||
892 | ``max-tcp-transactions-per-conn`` | |
893 | --------------------------------- | |
894 | ||
895 | - Integer | |
896 | - Default: 0 | |
897 | ||
898 | Allow this many DNS queries in a single TCP transaction. 0 means | |
899 | unlimited. Note that exchanges related to an AXFR or IXFR are not | |
900 | affected by this setting. | |
901 | ||
902 | .. _setting-module-dir: | |
903 | ||
904 | ``module-dir`` | |
905 | -------------- | |
906 | ||
907 | - Path | |
908 | ||
909 | Directory for modules. Default depends on ``PKGLIBDIR`` during | |
910 | compile-time. | |
911 | ||
912 | .. _setting-negquery-cache-ttl: | |
913 | ||
914 | ``negquery-cache-ttl`` | |
915 | ---------------------- | |
916 | ||
917 | - Integer | |
918 | - Default: 60 | |
919 | ||
920 | Seconds to store queries with no answer in the Query Cache. See ref:`query-cache`. | |
921 | ||
922 | .. _setting-no-config: | |
923 | ||
924 | ``no-config`` | |
925 | ------------- | |
926 | ||
927 | - Boolean | |
928 | - Default: no | |
929 | ||
930 | Do not attempt to read the configuration file. | |
931 | ||
932 | .. _setting-no-shuffle: | |
933 | ||
934 | ``no-shuffle`` | |
935 | -------------- | |
936 | ||
937 | - Boolean | |
938 | - Default: no | |
939 | ||
940 | Do not attempt to shuffle query results, used for regression testing. | |
941 | ||
942 | .. _setting-overload-queue-length: | |
943 | ||
944 | ``overload-queue-length`` | |
945 | ------------------------- | |
946 | ||
947 | - Integer | |
948 | - Default: 0 (disabled) | |
949 | ||
950 | If this many packets are waiting for database attention, answer any new | |
951 | questions strictly from the packet cache. | |
952 | ||
953 | .. _setting-reuseport: | |
954 | ||
955 | ``reuseport`` | |
956 | ------------- | |
957 | ||
958 | - Boolean | |
959 | - Default: No | |
960 | ||
961 | On Linux 3.9 and some BSD kernels the ``SO_REUSEPORT`` option allows | |
962 | each receiver-thread to open a new socket on the same port which allows | |
963 | for much higher performance on multi-core boxes. Setting this option | |
964 | will enable use of ``SO_REUSEPORT`` when available and seamlessly fall | |
965 | back to a single socket when it is not available. A side-effect is that | |
966 | you can start multiple servers on the same IP/port combination which may | |
967 | or may not be a good idea. You could use this to enable transparent | |
968 | restarts, but it may also mask configuration issues and for this reason | |
969 | it is disabled by default. | |
970 | ||
971 | .. _setting-security-poll-suffix: | |
972 | ||
973 | ``security-poll-suffix`` | |
974 | ------------------------ | |
975 | ||
976 | - String | |
977 | - Default: secpoll.powerdns.com. | |
978 | ||
979 | Domain name from which to query security update notifications. Setting | |
980 | this to an empty string disables secpoll. | |
981 | ||
982 | .. _setting-server-id: | |
983 | ||
984 | ``server-id`` | |
985 | ------------- | |
986 | ||
987 | - String | |
988 | - Default: The hostname of the server | |
989 | ||
990 | This is the server ID that will be returned on an EDNS NSID query. | |
991 | ||
992 | .. _setting-only-notify: | |
993 | ||
994 | ``only-notify`` | |
995 | --------------- | |
996 | ||
997 | - IP Ranges, separated by commas or whitespace | |
998 | - Default: 0.0.0.0/0, ::/0 | |
999 | ||
1000 | For type=MASTER zones (or SLAVE zones with slave-renotify enabled) | |
1001 | PowerDNS automatically sends NOTIFYs to the name servers specified in | |
1002 | the NS records. By specifying networks/mask as whitelist, the targets | |
1003 | can be limited. The default is to notify the world. To completely | |
1004 | disable these NOTIFYs set ``only-notify`` to an empty value. Independent | |
1005 | of this setting, the IP addresses or netmasks configured with | |
1006 | :ref:`setting-also-notify` and ``ALSO-NOTIFY`` domain metadata | |
1007 | always receive AXFR NOTIFYs. | |
1008 | ||
1009 | .. note:: | |
1010 | Even if NOTIFYs are limited by a netmask, PowerDNS first has to | |
1011 | resolve all the hostnames to check their IP addresses against the | |
1012 | specified whitelist. The resolving may take considerable time, | |
1013 | especially if those hostnames are slow to resolve. If you do not need to | |
1014 | NOTIFY the slaves defined in the NS records (e.g. you are using another | |
1015 | method to distribute the zone data to the slaves), then set | |
1016 | :ref:`setting-only-notify` to an empty value and specify the notification targets | |
1017 | explicitly using :ref:`setting-also-notify` and/or | |
1018 | :ref:`metadata-also-notify` domain metadata to avoid this potential bottleneck. | |
1019 | ||
1020 | .. _setting-out-of-zone-additional-processing: | |
1021 | ||
1022 | ``out-of-zone-additional-processing`` | |
1023 | ------------------------------------- | |
1024 | ||
1025 | - Boolean | |
1026 | - Default: yes | |
1027 | ||
1028 | Do out of zone additional processing. This means that if a malicious | |
1029 | user adds a '.com' zone to your server, it is not used for other domains | |
1030 | and will not contaminate answers. Do not enable this setting if you run | |
1031 | a public DNS service with untrusted users. | |
1032 | ||
1033 | The docs had previously indicated that the default was "no", but the | |
1034 | default has been "yes" since 2005. | |
1035 | ||
1036 | .. _setting-outgoing-axfr-expand-alias: | |
1037 | ||
1038 | ``outgoing-axfr-expand-alias`` | |
1039 | ------------------------------ | |
1040 | ||
1041 | - Boolean | |
1042 | - Default: no | |
1043 | ||
1044 | If this is enabled, ALIAS records are expanded (synthesised to their | |
1045 | A/AAAA) during outgoing AXFR. This means slaves will not automatically | |
1046 | follow changes in those A/AAAA records unless you AXFR regularly! | |
1047 | ||
1048 | If this is disabled (the default), ALIAS records are sent verbatim | |
1049 | during outgoing AXFR. Note that if your slaves do not support ALIAS, | |
1050 | they will return NODATA for A/AAAA queries for such names. | |
1051 | ||
1052 | .. _setting-prevent-self-notification: | |
1053 | ||
1054 | ``prevent-self-notification`` | |
1055 | ----------------------------- | |
1056 | ||
1057 | - Boolean | |
1058 | - Default: yes | |
1059 | ||
1060 | PowerDNS Authoritative Server attempts to not send out notifications to | |
1061 | itself in master mode. In very complicated situations we could guess | |
1062 | wrong and not notify a server that should be notified. In that case, set | |
1063 | prevent-self-notification to "no". | |
1064 | ||
1065 | .. _setting-query-cache-ttl: | |
1066 | ||
1067 | ``query-cache-ttl`` | |
1068 | ------------------- | |
1069 | ||
1070 | - Integer | |
1071 | - Default: 20 | |
1072 | ||
1073 | Seconds to store queries with an answer in the Query Cache. See :ref:`query-cache`. | |
1074 | ||
1075 | .. _setting-query-local-address: | |
1076 | ||
1077 | ``query-local-address`` | |
1078 | ----------------------- | |
1079 | ||
1080 | - IPv4 Address | |
1081 | - Default: 0.0.0.0 | |
1082 | ||
1083 | The IP address to use as a source address for sending queries. Useful if | |
1084 | you have multiple IPs and PowerDNS is not bound to the IP address your | |
1085 | operating system uses by default for outgoing packets. | |
1086 | ||
1087 | .. _setting-query-local-address6: | |
1088 | ||
1089 | ``query-local-address6`` | |
1090 | ------------------------ | |
1091 | ||
1092 | - IPv6 Address | |
1093 | - Default: '::' | |
1094 | ||
1095 | Source IP address for sending IPv6 queries. | |
1096 | ||
1097 | .. _setting-query-logging: | |
1098 | ||
1099 | ``query-logging`` | |
1100 | ----------------- | |
1101 | ||
1102 | - Boolean | |
1103 | - Default: no | |
1104 | ||
1105 | Boolean, hints to a backend that it should log a textual representation | |
1106 | of queries it performs. Can be set at runtime. | |
1107 | ||
1108 | .. _setting-queue-limit: | |
1109 | ||
1110 | ``queue-limit`` | |
1111 | --------------- | |
1112 | ||
1113 | - Integer | |
1114 | - Default: 1500 | |
1115 | ||
1116 | Maximum number of milliseconds to queue a query. See :doc:`performance`. | |
1117 | ||
1118 | .. _setting-receiver-threads: | |
1119 | ||
1120 | ``receiver-threads`` | |
1121 | -------------------- | |
1122 | ||
1123 | - Integer | |
1124 | - Default: 1 | |
1125 | ||
1126 | Number of receiver (listening) threads to start. See :doc:`performance`. | |
1127 | ||
1128 | .. _setting-recursive-cache-ttl: | |
1129 | ||
1130 | ``recursive-cache-ttl`` | |
1131 | ----------------------- | |
1132 | ||
1133 | - Integer | |
1134 | - Default: 10 | |
1135 | - Removed in: 4.1.0 | |
1136 | ||
1137 | Seconds to store recursive packets in the :ref:`packet-cache`. | |
1138 | ||
1139 | .. _setting-recursor: | |
1140 | ||
1141 | ``recursor`` | |
1142 | ------------ | |
1143 | ||
1144 | - IP Address | |
1145 | ||
1146 | .. deprecated:: 4.1.0 | |
1147 | ||
1148 | If set, recursive queries will be handed to the recursor specified here. | |
1149 | ||
1150 | .. _setting-resolver: | |
1151 | ||
1152 | ``resolver`` | |
1153 | ------------ | |
1154 | ||
1155 | - IP Addresses with optional port, separated by commas | |
1156 | - Added in: 4.1.0 | |
1157 | ||
1158 | Use these resolver addresses for ALIAS and the internal stub resolver. | |
1159 | If this is not set, ``/etc/resolv.conf`` is parsed for upstream | |
1160 | resolvers. | |
1161 | ||
1162 | .. _setting-retrieval-threads: | |
1163 | ||
1164 | ``retrieval-threads`` | |
1165 | --------------------- | |
1166 | ||
1167 | - Integer | |
1168 | - Default: 2 | |
1169 | ||
1170 | Number of AXFR slave threads to start. | |
1171 | ||
1172 | .. _setting-setgid: | |
1173 | ||
1174 | ``setgid`` | |
1175 | ---------- | |
1176 | ||
1177 | - String | |
1178 | ||
1179 | If set, change group id to this gid for more security. See :doc:`security`. | |
1180 | ||
1181 | .. _setting-setuid: | |
1182 | ||
1183 | ``setuid`` | |
1184 | ---------- | |
1185 | ||
1186 | - String | |
1187 | ||
1188 | If set, change user id to this uid for more security. See :doc:`security`. | |
1189 | ||
1190 | .. _setting-slave: | |
1191 | ||
1192 | ``slave`` | |
1193 | --------- | |
1194 | ||
1195 | - Boolean | |
1196 | - Default: no | |
1197 | ||
1198 | Turn on slave support. See :ref:`slave-operation`. | |
1199 | ||
1200 | .. _setting-slave-cycle-interval: | |
1201 | ||
1202 | ``slave-cycle-interval`` | |
1203 | ------------------------ | |
1204 | ||
1205 | - Integer | |
1206 | - 60 | |
1207 | ||
1208 | On a master, this is the amounts of seconds between the master checking | |
1209 | the SOA serials in its database to determine to send out NOTIFYs to the | |
1210 | slaves. On slaves, this is the number of seconds between the slave | |
1211 | checking for updates to zones. | |
1212 | ||
1213 | .. _setting-slave-renotify: | |
1214 | ||
1215 | ``slave-renotify`` | |
1216 | ------------------ | |
1217 | ||
1218 | - Boolean | |
1219 | - Default: no | |
1220 | ||
1221 | This setting will make PowerDNS renotify the slaves after an AXFR is | |
1222 | *received* from a master. This is useful when using when running a | |
1223 | signing-slave. | |
1224 | ||
1225 | .. _setting-signing-threads: | |
1226 | ||
1227 | ``signing-threads`` | |
1228 | ------------------- | |
1229 | ||
1230 | - Integer | |
1231 | - Default: 3 | |
1232 | ||
1233 | Tell PowerDNS how many threads to use for signing. It might help improve | |
1234 | signing speed by changing this number. | |
1235 | ||
1236 | .. _setting-soa-expire-default: | |
1237 | ||
1238 | ``soa-expire-default`` | |
1239 | ---------------------- | |
1240 | ||
1241 | - Integer | |
1242 | - Default: 604800 | |
1243 | ||
1244 | Default :ref:`types-soa` expire. | |
1245 | ||
1246 | .. _setting-soa-minimum-ttl: | |
1247 | ||
1248 | ``soa-minimum-ttl`` | |
1249 | ------------------- | |
1250 | ||
1251 | - Integer | |
1252 | - Default: 3600 | |
1253 | ||
1254 | Default :ref:`types-soa` minimum ttl. | |
1255 | ||
1256 | .. _setting-soa-refresh-default: | |
1257 | ||
1258 | ``soa-refresh-default`` | |
1259 | ----------------------- | |
1260 | ||
1261 | - Integer | |
1262 | - Default: 10800 | |
1263 | ||
1264 | Default :ref:`types-soa` refresh. | |
1265 | ||
1266 | .. _setting-soa-retry-default: | |
1267 | ||
1268 | ``soa-retry-default`` | |
1269 | --------------------- | |
1270 | ||
1271 | - Integer | |
1272 | - Default: 3600 | |
1273 | ||
1274 | Default :ref:`types-soa` retry. | |
1275 | ||
1276 | .. _setting-socket-dir: | |
1277 | ||
1278 | ``socket-dir`` | |
1279 | -------------- | |
1280 | ||
1281 | - Path | |
1282 | ||
1283 | Where the controlsocket will live. The default depends on | |
1284 | ``LOCALSTATEDIR`` during compile-time (usually ``/var/run`` or | |
1285 | ``/run``). See :ref:`control-socket`. | |
1286 | ||
1287 | This path will also contain the pidfile for this instance of PowerDNS | |
1288 | called ``pdns.pid`` by default. See :ref:`setting-config-name` | |
1289 | and :doc:`Virtual Hosting <guides/virtual-instances>` how this can differ. | |
1290 | ||
1291 | .. _setting-tcp-control-address: | |
1292 | ||
1293 | ``tcp-control-address`` | |
1294 | ----------------------- | |
1295 | ||
1296 | - IP Address | |
1297 | ||
1298 | Address to bind to for TCP control. | |
1299 | ||
1300 | .. _setting-tcp-control-port: | |
1301 | ||
1302 | ``tcp-control-port`` | |
1303 | -------------------- | |
1304 | ||
1305 | - Integer | |
1306 | - Default: 53000 | |
1307 | ||
1308 | Port to bind to for TCP control. | |
1309 | ||
1310 | .. _setting-tcp-control-range: | |
1311 | ||
1312 | ``tcp-control-range`` | |
1313 | --------------------- | |
1314 | ||
1315 | - IP Ranges, separated by commas or whitespace | |
1316 | ||
1317 | Limit TCP control to a specific client range. | |
1318 | ||
1319 | .. _setting-tcp-control-secret: | |
1320 | ||
1321 | ``tcp-control-secret`` | |
1322 | ---------------------- | |
1323 | ||
1324 | - String | |
1325 | ||
1326 | Password for TCP control. | |
1327 | ||
1328 | .. _setting-tcp-fast-open: | |
1329 | ||
1330 | ``tcp-fast-open`` | |
1331 | ----------------- | |
1332 | ||
1333 | - Integer | |
1334 | - Default: 0 (Disabled) | |
1335 | ||
1336 | .. versionadded:: 4.1.0 | |
1337 | ||
1338 | Enable TCP Fast Open support, if available, on the listening sockets. | |
1339 | The numerical value supplied is used as the queue size, 0 meaning | |
1340 | disabled. | |
1341 | ||
1342 | .. _setting-tcp-idle-timeout: | |
1343 | ||
1344 | ``tcp-idle-timeout`` | |
1345 | -------------------- | |
1346 | ||
1347 | - Integer | |
1348 | - Default: 5 | |
1349 | ||
1350 | Maximum time in seconds that a TCP DNS connection is allowed to stay | |
1351 | open while being idle, meaning without PowerDNS receiving or sending | |
1352 | even a single byte. | |
1353 | ||
1354 | .. _setting-traceback-handler: | |
1355 | ||
1356 | ``traceback-handler`` | |
1357 | --------------------- | |
1358 | ||
1359 | - Boolean | |
1360 | - Default: yes | |
1361 | ||
1362 | Enable the Linux-only traceback handler. | |
1363 | ||
1364 | .. _setting-trusted-notification-proxy: | |
1365 | ||
1366 | ``trusted-notification-proxy`` | |
1367 | ------------------------------ | |
1368 | ||
1369 | - String | |
1370 | ||
1371 | IP address of incoming notification proxy | |
1372 | ||
1373 | .. _setting-udp-truncation-threshold: | |
1374 | ||
1375 | ``udp-truncation-threshold`` | |
1376 | ---------------------------- | |
1377 | ||
1378 | - Integer | |
1379 | - Default: 1680 | |
1380 | ||
1381 | EDNS0 allows for large UDP response datagrams, which can potentially | |
1382 | raise performance. Large responses however also have downsides in terms | |
1383 | of reflection attacks. Up till PowerDNS Authoritative Server 3.3, the | |
1384 | truncation limit was set at 1680 bytes, regardless of EDNS0 buffer size | |
1385 | indications from the client. Beyond 3.3, this setting makes our | |
1386 | truncation limit configurable. Maximum value is 65535, but values above | |
1387 | 4096 should probably not be attempted. | |
1388 | ||
1389 | .. _setting-version-string: | |
1390 | ||
1391 | ``version-string`` | |
1392 | ------------------ | |
1393 | ||
1394 | - Any of: ``anonymous``, ``powerdns``, ``full``, String | |
1395 | - Default: full | |
1396 | ||
1397 | When queried for its version over DNS | |
1398 | (``dig chaos txt version.bind @pdns.ip.address``), PowerDNS normally | |
1399 | responds truthfully. With this setting you can overrule what will be | |
1400 | returned. Set the ``version-string`` to ``full`` to get the default | |
1401 | behaviour, to ``powerdns`` to just make it state | |
1402 | ``served by PowerDNS - http://www.powerdns.com``. The ``anonymous`` | |
1403 | setting will return a ServFail, much like Microsoft nameservers do. You | |
1404 | can set this response to a custom value as well. | |
1405 | ||
1406 | .. _setting-webserver: | |
1407 | ||
1408 | ``webserver`` | |
1409 | ------------- | |
1410 | ||
1411 | - Boolean | |
1412 | - Default: no | |
1413 | ||
1414 | Start a webserver for monitoring. See :doc:`performance`". | |
1415 | ||
1416 | .. versionchanged:: 4.1.0 | |
1417 | It was necessary to enable the webserver to use the REST API, this is no longer the case. | |
1418 | ||
1419 | .. _setting-webserver-address: | |
1420 | ||
1421 | ``webserver-address`` | |
1422 | --------------------- | |
1423 | ||
1424 | - IP Address | |
1425 | - Default: 127.0.0.1 | |
1426 | ||
1427 | IP Address for webserver/API to listen on. | |
1428 | ||
1429 | .. _setting-webserver-allow-from: | |
1430 | ||
1431 | ``webserver-allow-from`` | |
1432 | ------------------------ | |
1433 | ||
1434 | - IP ranges, separated by commas or whitespace | |
be3e1477 RG |
1435 | - Default: 127.0.0.1,::1 |
1436 | ||
1437 | .. versionchanged:: 4.1.0 | |
1438 | ||
1439 | Default is now 127.0.0.1,::1, was 0.0.0.0,::/0 before. | |
0e2063c3 PL |
1440 | |
1441 | Webserver/API access is only allowed from these subnets. | |
1442 | ||
1443 | .. _setting-webserver-password: | |
1444 | ||
1445 | ``webserver-password`` | |
1446 | ---------------------- | |
1447 | ||
1448 | - String | |
1449 | ||
1450 | The plaintext password required for accessing the webserver. | |
1451 | ||
1452 | .. _setting-webserver-port: | |
1453 | ||
1454 | ``webserver-port`` | |
1455 | ------------------ | |
1456 | ||
1457 | - Integer | |
1458 | - Default: 8001 | |
1459 | ||
1460 | The port where webserver/API will listen on. | |
1461 | ||
1462 | .. _setting-webserver-print-arguments: | |
1463 | ||
1464 | ``webserver-print-arguments`` | |
1465 | ----------------------------- | |
1466 | ||
1467 | - Boolean | |
1468 | - Default: no | |
1469 | ||
1470 | If the webserver should print arguments. | |
1471 | ||
1472 | .. _setting-write-pid: | |
1473 | ||
1474 | ``write-pid`` | |
1475 | ------------- | |
1476 | ||
1477 | - Boolean | |
1478 | - Default: yes | |
1479 | ||
1480 | If a PID file should be written. | |
1481 | ||
1482 | .. _setting-xfr-max-received-mbytes: | |
1483 | ||
1484 | ``xfr-max-received-mbytes`` | |
1485 | --------------------------- | |
1486 | ||
1487 | - Integer | |
1488 | - Default: 100 | |
1489 | ||
1490 | Specifies the maximum number of received megabytes allowed on an | |
1491 | incoming AXFR/IXFR update, to prevent resource exhaustion. A value of 0 | |
1492 | means no restriction. |