pdns/ixfrdist.example.yml

   1 # Listen addresses. ixfrdist will listen on both UDP and TCP.
   2 # When no port is specified, 53 is used. When specifying ports for IPv6, use the
   3 # "bracket" notation:
   4 #
   5 #    listen:
   6 #      - '127.0.0.1'
   7 #      - '::1'
   8 #      - '192.0.2.3:5300'
   9 #      - '[2001:DB8:1234::334]:5353'
  10 #
  11 # By default, or when unset, ixfrdist listens on local loopback addresses.
  12 listen:
  13   - '127.0.0.1'
  14   - '::1'
  15
  16 # Netmasks or IP addresses of hosts that are allowed to query ixfrdist. Hosts
  17 # do not need a netmask:
  18 #
  19 #    acl:
  20 #      - '127.0.0.0/8'
  21 #      - '::1'
  22 #      - '192.0.2.55'
  23 #      - '2001:DB8:ABCD::/48'
  24 #
  25 # By default (or when unset), only loopback addresses are allowed.
  26 #
  27 acl:
  28   - '127.0.0.0/8'
  29   - '::1'
  30
  31 # Maximum number of records allowed in a single zone. ixfrdist will abort the
  32 # zone transfer from the master when more than this number of records have been
  33 # received. A value of 0 (the default) means unlimited
  34 #
  35 axfr-max-records: 0
  36
  37 # Timeout in seconds an AXFR transaction requested by ixfrdist may take.
  38 # Increase this when the network to the authoritative servers is slow or the
  39 # domains are very large and you experience timeouts. Set to 20 by default or
  40 # when unset.
  41 #
  42 axfr-timeout: 20
  43
  44 # Amount of older copies/IXFR diffs to keep for every domain. This is set to
  45 # 20 by default or when unset.
  46 #
  47 keep: 20
  48
  49 # Number of threads to spawn for TCP connections (AXFRs) from downstream hosts.
  50 # This is set to 10 by default or when unset.
  51 #
  52 tcp-in-threads: 10
  53
  54 # The directory where the domain data is stored. When unset, the current
  55 # working directory is used. Note that this directory must be writable for the
  56 # user or group ixfrdist runs as.
  57 #
  58 # work-dir: '/var/lib/ixfrdist'
  59
  60 # User to drop privileges to once all listen-sockets are bound. May be either
  61 # a username or numerical ID.
  62 #
  63 # uid: ixfrdist
  64
  65 # Group to drop privileges to once all listen-sockets are bound. May be either
  66 # a username or numerical ID.
  67 #
  68 # gid: ixfrdist
  69
  70 # The domains to redistribute, the 'master' and 'domains' keys are mandatory.
  71 # When no port is specified, 53 is used. When specifying ports for IPv6, use the
  72 # "bracket" notation:
  73 #
  74 #    domains:
  75 #      - domain: example.com
  76 #        master: 192.0.2.15
  77 #      - domain: rpz.example
  78 #        master: [2001:DB8:a34:543::53]:5353
  79 #
  80 domains: []