sdfn
sdfoijdfio
sdig
+secnumdepth
secpoll
securitypolicy
securitypolling
servicemode
setaffinity
setcontent
+setcounter
setdomainmetadata
seting
setkey
EXTRA_DIST = \
dnsdist-configuration-yaml-items-generated-pre-in.cc \
dnsdist-configuration-yaml-items-generated.cc \
+ dnsdist-settings-documentation-generator.py \
dnsdist-settings-generator.py \
rust-pre-in.rs \
rust-middle-in.rs \
--- /dev/null
+#!/usr/bin/python3
+"""Load settings definitions and generates the corresponding documentation."""
+import os
+import sys
+import tempfile
+import yaml
+
+def quote(arg):
+ """Return a quoted string"""
+ return '"' + arg + '"'
+
+def get_vector_sub_type(rust_type):
+ return rust_type[4:-1]
+
+def is_vector_of(rust_type):
+ return rust_type.startswith('Vec<')
+
+def is_type_native(rust_type):
+ if is_vector_of(rust_type):
+ sub_type = get_vector_sub_type(rust_type)
+ return is_type_native(sub_type)
+ return rust_type in ['bool', 'u8', 'u16', 'u32', 'u64', 'f64', 'String']
+
+def get_definitions_from_file(def_file):
+ with open(def_file, 'rt', encoding="utf-8") as fd:
+ definitions = yaml.safe_load(fd.read())
+ return definitions
+
+def get_rust_object_name(name):
+ object_name = ''
+ capitalize = True
+ for char in name:
+ if char == '-':
+ capitalize = True
+ continue
+ if capitalize:
+ char = char.upper()
+ capitalize = False
+ object_name += char
+
+ return object_name
+
+def get_objects(def_file):
+ objects = {}
+ definitions = get_definitions_from_file(def_file)
+ for definition_name, keys in definitions.items():
+ object_name = get_rust_object_name(definition_name) + 'Configuration'
+ objects[object_name] = keys
+
+ return objects
+
+def rust_type_to_human_str(rust_type, entry_type, generate_ref=True):
+ if is_vector_of(rust_type):
+ return 'Sequence of ' + rust_type_to_human_str(get_vector_sub_type(rust_type), entry_type, generate_ref)
+ if rust_type in ['u8', 'u16', 'u32', 'u64']:
+ return 'Unsigned integer'
+ if rust_type == 'f64':
+ return 'Double'
+ if rust_type == 'bool':
+ return 'Boolean'
+ if rust_type == 'String':
+ return 'String'
+ if generate_ref:
+ return f':ref:`{rust_type} <yaml-{entry_type}-{rust_type}>`'
+ return f'{rust_type}'
+
+def print_structure(parameters, entry_type):
+ output = ''
+ # list
+ for parameter in parameters:
+ output += f'- **{parameter["name"]}**: '
+ ptype = parameter['type']
+ if 'rust-type' in parameter:
+ ptype = parameter['rust-type']
+ human_type = rust_type_to_human_str(ptype, entry_type)
+ output += f'{human_type}'
+
+ if 'default' in parameter:
+ default = parameter['default']
+ if default is not True:
+ if default == '':
+ output += ' ``("")``'
+ else:
+ output += f' ``({default})``'
+
+ if 'description' in parameter:
+ description = parameter['description']
+ output += ' - ' + description
+
+ output += '\n'
+
+ output += '\n'
+
+ return output
+
+def process_object(object_name, entries, entry_type, is_setting_struct=False, lua_equivalent=None):
+ output = f'.. _yaml-{entry_type}-{object_name}:\n\n'
+
+ output += f'{object_name}\n'
+ output += '-' * len(object_name) + '\n'
+ output += '\n'
+
+ if 'description' in entries:
+ description = entries['description']
+ output += description + '\n'
+ output += '\n'
+
+ if lua_equivalent is not None:
+ output += f'Lua equivalent: :func:`{lua_equivalent}`\n\n'
+
+ if 'parameters' in entries:
+ if not is_setting_struct:
+ output += "Parameters:\n\n"
+ parameters = entries['parameters']
+ output += print_structure(parameters, entry_type)
+ output += '\n'
+
+ return output
+
+def get_temporary_file_for_generated_content(directory):
+ generated_fp = tempfile.NamedTemporaryFile(mode='w+t', encoding='utf-8', dir=directory, delete=False)
+ generated_fp.write('.. THIS IS A GENERATED FILE. DO NOT EDIT. See dnsdist-settings-documentation-generator.py\n\n')
+ return generated_fp
+
+def process_settings():
+ output = '''.. raw:: latex
+
+ \\setcounter{secnumdepth}{-1}
+
+YAML configuration reference
+============================
+
+Since 2.0.0, :program:`dnsdist` supports the YAML configuration format in addition to the existing Lua one.
+
+If the configuration file passed to :program:`dnsdist` via the ``-C`` command-line switch ends in ``.yml``, it is assumed to be in the new YAML format, and an attempt to load a Lua configuration file with the same name but the ``.lua`` will be done before loading the YAML configuration. If the names ends in ``.lua``, there will also be an attempt to find a file with the same name but ending in ``.yml``. Otherwise the existing Lua configuration format is assumed.
+
+A YAML configuration file contains several sections, that are described below.
+
+.. code-block:: yaml\n
+'''
+
+ objects = get_objects('../dnsdist-settings-definitions.yml')
+ for object_name, entries in sorted(objects.items()):
+ if object_name == 'GlobalConfiguration':
+ output += process_object(object_name, entries, 'settings', True)
+ break
+
+ output += '\n'
+
+ for object_name, entries in sorted(objects.items()):
+ if object_name != 'GlobalConfiguration':
+ output += process_object(object_name, entries, 'settings', True, entries['lua-name'] if 'lua-name' in entries else None)
+
+ return output
+
+def process_selectors_or_actions(def_file, entry_type):
+ title = f'YAML {entry_type} reference'
+ object_name = get_rust_object_name(entry_type)
+ output = f'''.. raw:: latex
+
+ \\setcounter{{secnumdepth}}{{-1}}
+
+.. _yaml-settings-{object_name}:
+
+{title}
+'''
+ output += len(title)*'=' + '\n\n'
+ entries = get_definitions_from_file(def_file)
+
+ suffix = object_name
+ for entry in entries:
+ object_name = get_rust_object_name(entry['name'])
+ lua_equivalent = object_name + ('Rule' if entry_type == 'selector' else suffix)
+ if 'no-lua-equivalent' in entry:
+ lua_equivalent = None
+ output += process_object(object_name + suffix, entry, 'settings', lua_equivalent=lua_equivalent)
+
+ return output
+
+def main():
+ generated_fp = get_temporary_file_for_generated_content('../docs/')
+ output = process_settings()
+ generated_fp.write(output)
+ os.rename(generated_fp.name, '../docs/reference/yaml-settings.rst')
+
+ generated_fp = get_temporary_file_for_generated_content('../docs/')
+ output = process_selectors_or_actions('../dnsdist-actions-definitions.yml', 'action')
+ generated_fp.write(output)
+ os.rename(generated_fp.name, '../docs/reference/yaml-actions.rst')
+
+ generated_fp = get_temporary_file_for_generated_content('../docs/')
+ output = process_selectors_or_actions('../dnsdist-response-actions-definitions.yml', 'response-action')
+ generated_fp.write(output)
+ os.rename(generated_fp.name, '../docs/reference/yaml-response-actions.rst')
+
+ generated_fp = get_temporary_file_for_generated_content('../docs/')
+ output = process_selectors_or_actions('../dnsdist-selectors-definitions.yml', 'selector')
+ generated_fp.write(output)
+ os.rename(generated_fp.name, '../docs/reference/yaml-selectors.rst')
+
+if __name__ == '__main__':
+ main()
svc
custommetrics
xsk
+ yaml-settings
+ yaml-selectors
+ yaml-actions
+ yaml-response-actions
+ yaml-support-structures
--- /dev/null
+.. THIS IS A GENERATED FILE. DO NOT EDIT. See dnsdist-settings-documentation-generator.py
+
+.. raw:: latex
+
+ \setcounter{secnumdepth}{-1}
+
+.. _yaml-settings-Action:
+
+YAML action reference
+=====================
+
+.. _yaml-settings-AllowAction:
+
+AllowAction
+-----------
+
+Let these packets go through
+
+Lua equivalent: :func:`AllowAction`
+
+.. _yaml-settings-ContinueAction:
+
+ContinueAction
+--------------
+
+Execute the specified action and override its return with None, making it possible to continue the processing. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`ContinueAction`
+
+Parameters:
+
+- **action**: :ref:`Action <yaml-settings-Action>`
+
+
+.. _yaml-settings-DelayAction:
+
+DelayAction
+-----------
+
+Delay the response by the specified amount of milliseconds (UDP-only). Note that the sending of the query to the backend, if needed, is not delayed. Only the sending of the response to the client will be delayed. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`DelayAction`
+
+Parameters:
+
+- **msec**: Unsigned integer
+
+
+.. _yaml-settings-DnstapLogAction:
+
+DnstapLogAction
+---------------
+
+Send the current query to a remote logger as a dnstap message. ``alter-function`` is a callback, receiving a :class:`DNSQuestion` and a :class:`DnstapMessage`, that can be used to modify the message. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`DnstapLogAction`
+
+Parameters:
+
+- **identity**: String
+- **logger-name**: String
+- **alter-function**: String ``("")``
+
+
+.. _yaml-settings-DropAction:
+
+DropAction
+----------
+
+Drop the packet
+
+Lua equivalent: :func:`DropAction`
+
+.. _yaml-settings-SetEDNSOptionAction:
+
+SetEDNSOptionAction
+-------------------
+
+Add arbitrary EDNS option and data to the query. Any existing EDNS content with the same option code will be overwritten. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetEDNSOptionAction`
+
+Parameters:
+
+- **code**: Unsigned integer
+- **data**: String
+
+
+.. _yaml-settings-ERCodeAction:
+
+ERCodeAction
+------------
+
+Reply immediately by turning the query into a response with the specified EDNS extended rcode
+
+Lua equivalent: :func:`ERCodeAction`
+
+Parameters:
+
+- **rcode**: Unsigned integer
+- **vars**: :ref:`ResponseConfig <yaml-settings-ResponseConfig>`
+
+
+.. _yaml-settings-HTTPStatusAction:
+
+HTTPStatusAction
+----------------
+
+Return an HTTP response with a status code of ``status``. For HTTP redirects, ``body`` should be the redirect URL
+
+Lua equivalent: :func:`HTTPStatusAction`
+
+Parameters:
+
+- **status**: Unsigned integer
+- **body**: String
+- **content-type**: String ``("")``
+- **vars**: :ref:`ResponseConfig <yaml-settings-ResponseConfig>`
+
+
+.. _yaml-settings-KeyValueStoreLookupAction:
+
+KeyValueStoreLookupAction
+-------------------------
+
+Does a lookup into the key value store using the key returned by ``lookup-key-name``, and storing the result if any into the tag named ``destination-tag``. The store can be a ``CDB`` or a ``LMDB`` database. The key can be based on the qname, source IP or the value of an existing tag. Subsequent rules are processed after this action. Note that the tag is always created, even if there was no match, but in that case the content is empty
+
+Lua equivalent: :func:`KeyValueStoreLookupAction`
+
+Parameters:
+
+- **kvs-name**: String
+- **lookup-key-name**: String
+- **destination-tag**: String
+
+
+.. _yaml-settings-KeyValueStoreRangeLookupAction:
+
+KeyValueStoreRangeLookupAction
+------------------------------
+
+Does a range-based lookup into the key value store using the key returned by ``lookup-key-name``, and storing the result if any into the tag named ``destination-tag``. This assumes that there is a key in network byte order for the last element of the range (for example ``2001:0db8:ffff:ffff:ffff:ffff:ffff:ffff`` for ``2001:db8::/32``) which contains the first element of the range (``2001:0db8:0000:0000:0000:0000:0000:0000``) (optionally followed by any data) as value, also in network byte order, and that there is no overlapping ranges in the database. This requires that the underlying store supports ordered keys, which is true for LMDB but not for CDB
+
+Lua equivalent: :func:`KeyValueStoreRangeLookupAction`
+
+Parameters:
+
+- **kvs-name**: String
+- **lookup-key-name**: String
+- **destination-tag**: String
+
+
+.. _yaml-settings-LogAction:
+
+LogAction
+---------
+
+Log a line for each query, to the specified file if any, to the console (require verbose) if the empty string is given as filename. If an empty string is supplied in the file name, the logging is done to stdout, and only in verbose mode by default. This can be changed by setting ``verbose-only`` to ``false``. When logging to a file, the ``binary`` parameter specifies whether we log in binary form (default) or in textual form. The ``append`` parameter specifies whether we open the file for appending or truncate each time (default). The ``buffered`` parameter specifies whether writes to the file are buffered (default) or not. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`LogAction`
+
+Parameters:
+
+- **file-name**: String ``("")``
+- **binary**: Boolean ``(true)``
+- **append**: Boolean ``(false)``
+- **buffered**: Boolean ``(false)``
+- **verbose-only**: Boolean ``(true)``
+- **include-timestamp**: Boolean ``(false)``
+
+
+.. _yaml-settings-LuaAction:
+
+LuaAction
+---------
+
+Invoke a Lua function that accepts a :class:`DNSQuestion`. The function should return a :ref:`DNSAction`. If the Lua code fails, ``ServFail`` is returned
+
+Lua equivalent: :func:`LuaAction`
+
+Parameters:
+
+- **function**: String
+
+
+.. _yaml-settings-LuaFFIAction:
+
+LuaFFIAction
+------------
+
+Invoke a Lua function that accepts a pointer to a ``dnsdist_ffi_dnsquestion_t`` object, whose bindings are defined in ``dnsdist-lua-ffi-interface.h``. The function should return a :ref:`DNSAction`. If the Lua code fails, ``ServFail`` is returned
+
+Lua equivalent: :func:`LuaFFIAction`
+
+Parameters:
+
+- **function**: String
+
+
+.. _yaml-settings-LuaFFIPerThreadAction:
+
+LuaFFIPerThreadAction
+---------------------
+
+Invoke a Lua function that accepts a pointer to a ``dnsdist_ffi_dnsquestion_t`` object, whose bindings are defined in ``dnsdist-lua-ffi-interface.h``. The function should return a :ref:`DNSAction`. If the Lua code fails, ``ServFail`` is returned. The function will be invoked in a per-thread Lua state, without access to the global Lua state. All constants (:ref:`DNSQType`, :ref:`DNSRCode`, ...) are available in that per-thread context, as well as all FFI functions. Objects and their bindings that are not usable in a FFI context (:class:`DNSQuestion`, :class:`DNSDistProtoBufMessage`, :class:`PacketCache`, ...) are not available.
+
+Lua equivalent: :func:`LuaFFIPerThreadAction`
+
+Parameters:
+
+- **code**: String
+
+
+.. _yaml-settings-NegativeAndSOAAction:
+
+NegativeAndSOAAction
+--------------------
+
+Turn a question into a response, either a ``NXDOMAIN`` or a ``NODATA`` one based on ``nxd``, setting the ``QR`` bit to ``1`` and adding a ``SOA`` record in the additional section
+
+Lua equivalent: :func:`NegativeAndSOAAction`
+
+Parameters:
+
+- **nxd**: Boolean
+- **zone**: String
+- **ttl**: Unsigned integer
+- **mname**: String
+- **rname**: String
+- **soa-parameters**: :ref:`SOAParams <yaml-settings-SOAParams>`
+- **soa-in-authority**: Boolean ``(false)``
+- **vars**: :ref:`ResponseConfig <yaml-settings-ResponseConfig>`
+
+
+.. _yaml-settings-NoneAction:
+
+NoneAction
+----------
+
+Does nothing. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`NoneAction`
+
+.. _yaml-settings-PoolAction:
+
+PoolAction
+----------
+
+Send the packet into the specified pool. If ``stop-processing`` is set to ``false``, subsequent rules will be processed after this action
+
+Lua equivalent: :func:`PoolAction`
+
+Parameters:
+
+- **pool-name**: String
+- **stop-processing**: Boolean ``(true)``
+
+
+.. _yaml-settings-QPSAction:
+
+QPSAction
+---------
+
+Drop a packet if it does exceed the ``limit`` queries per second limit. Letting the subsequent rules apply otherwise
+
+Lua equivalent: :func:`QPSAction`
+
+Parameters:
+
+- **limit**: Unsigned integer
+
+
+.. _yaml-settings-QPSPoolAction:
+
+QPSPoolAction
+-------------
+
+Send the packet into the specified pool only if it does not exceed the ``limit`` queries per second limit. If ``stop-processing`` is set to ``false``, subsequent rules will be processed after this action. Letting the subsequent rules apply otherwise
+
+Lua equivalent: :func:`QPSPoolAction`
+
+Parameters:
+
+- **limit**: Unsigned integer
+- **pool-name**: String
+- **stop-processing**: Boolean ``(true)``
+
+
+.. _yaml-settings-RCodeAction:
+
+RCodeAction
+-----------
+
+Reply immediately by turning the query into a response with the specified rcode
+
+Lua equivalent: :func:`RCodeAction`
+
+Parameters:
+
+- **rcode**: Unsigned integer
+- **vars**: :ref:`ResponseConfig <yaml-settings-ResponseConfig>`
+
+
+.. _yaml-settings-RemoteLogAction:
+
+RemoteLogAction
+---------------
+
+Send the current query to a remote logger as a Protocol Buffer message. ``alter-function`` is a callback, receiving a :class:`DNSQuestion` and a :class:`DNSDistProtoBufMessage`, that can be used to modify the message, for example for anonymization purposes. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`RemoteLogAction`
+
+Parameters:
+
+- **logger-name**: String
+- **alter-function**: String ``("")``
+- **server-id**: String ``("")``
+- **ip-encrypt-key**: String ``("")``
+- **export-tags**: Sequence of String
+- **metas**: Sequence of :ref:`ProtoBufMetaConfiguration <yaml-settings-ProtoBufMetaConfiguration>`
+
+
+.. _yaml-settings-SetAdditionalProxyProtocolValueAction:
+
+SetAdditionalProxyProtocolValueAction
+-------------------------------------
+
+Add a Proxy-Protocol Type-Length value to be sent to the server along with this query. It does not replace any existing value with the same type but adds a new value. Be careful that Proxy Protocol values are sent once at the beginning of the TCP connection for TCP and DoT queries. That means that values received on an incoming TCP connection will be inherited by subsequent queries received over the same incoming TCP connection, if any, but values set to a query will not be inherited by subsequent queries. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetAdditionalProxyProtocolValueAction`
+
+Parameters:
+
+- **proxy-type**: Unsigned integer
+- **value**: String
+
+
+.. _yaml-settings-SetDisableECSAction:
+
+SetDisableECSAction
+-------------------
+
+Disable the sending of ECS to the backend. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetDisableECSAction`
+
+.. _yaml-settings-SetDisableValidationAction:
+
+SetDisableValidationAction
+--------------------------
+
+Set the CD bit in the query and let it go through. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetDisableValidationAction`
+
+.. _yaml-settings-SetECSAction:
+
+SetECSAction
+------------
+
+Set the ECS prefix and prefix length sent to backends to an arbitrary value. If both IPv4 and IPv6 masks are supplied the IPv4 one will be used for IPv4 clients and the IPv6 one for IPv6 clients. Otherwise the first mask is used for both, and can actually be an IPv6 mask. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetECSAction`
+
+Parameters:
+
+- **ipv4**: String
+- **ipv6**: String ``("")``
+
+
+.. _yaml-settings-SetECSOverrideAction:
+
+SetECSOverrideAction
+--------------------
+
+Whether an existing EDNS Client Subnet value should be overridden (true) or not (false). Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetECSOverrideAction`
+
+Parameters:
+
+- **override-existing**: Boolean
+
+
+.. _yaml-settings-SetECSPrefixLengthAction:
+
+SetECSPrefixLengthAction
+------------------------
+
+Set the ECS prefix length. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetECSPrefixLengthAction`
+
+Parameters:
+
+- **ipv4**: Unsigned integer
+- **ipv6**: Unsigned integer
+
+
+.. _yaml-settings-SetExtendedDNSErrorAction:
+
+SetExtendedDNSErrorAction
+-------------------------
+
+Set an Extended DNS Error status that will be added to the response corresponding to the current query. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetExtendedDNSErrorAction`
+
+Parameters:
+
+- **info-code**: Unsigned integer
+- **extra-text**: String ``("")``
+
+
+.. _yaml-settings-SetMacAddrAction:
+
+SetMacAddrAction
+----------------
+
+Add the source MAC address to the query as EDNS0 option option. This action is currently only supported on Linux. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetMacAddrAction`
+
+Parameters:
+
+- **code**: Unsigned integer
+
+
+.. _yaml-settings-SetMaxReturnedTTLAction:
+
+SetMaxReturnedTTLAction
+-----------------------
+
+Cap the TTLs of the response to the given maximum, but only after inserting the response into the packet cache with the initial TTL value
+
+Lua equivalent: :func:`SetMaxReturnedTTLAction`
+
+Parameters:
+
+- **max**: Unsigned integer
+
+
+.. _yaml-settings-SetNoRecurseAction:
+
+SetNoRecurseAction
+------------------
+
+Strip RD bit from the question, let it go through. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetNoRecurseAction`
+
+.. _yaml-settings-SetProxyProtocolValuesAction:
+
+SetProxyProtocolValuesAction
+----------------------------
+
+Set the Proxy-Protocol Type-Length values to be sent to the server along with this query to values. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetProxyProtocolValuesAction`
+
+Parameters:
+
+- **values**: Sequence of :ref:`ProxyProtocolValueConfiguration <yaml-settings-ProxyProtocolValueConfiguration>`
+
+
+.. _yaml-settings-SetSkipCacheAction:
+
+SetSkipCacheAction
+------------------
+
+Don’t lookup the cache for this query, don’t store the answer. Subsequent rules are processed after this action.
+
+Lua equivalent: :func:`SetSkipCacheAction`
+
+.. _yaml-settings-SetTagAction:
+
+SetTagAction
+------------
+
+Associate a tag named ``tag`` with a value of ``value`` to this query, that will be passed on to the response. This function will overwrite any existing tag value. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetTagAction`
+
+Parameters:
+
+- **tag**: String
+- **value**: String
+
+
+.. _yaml-settings-SetTempFailureCacheTTLAction:
+
+SetTempFailureCacheTTLAction
+----------------------------
+
+Set the cache TTL to use for ServFail and Refused replies. TTL is not applied for successful replies. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetTempFailureCacheTTLAction`
+
+Parameters:
+
+- **maxTTL**: Unsigned integer
+
+
+.. _yaml-settings-SNMPTrapAction:
+
+SNMPTrapAction
+--------------
+
+Send an SNMP trap, adding the message string as the query description. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SNMPTrapAction`
+
+Parameters:
+
+- **reason**: String ``("")``
+
+
+.. _yaml-settings-SpoofAction:
+
+SpoofAction
+-----------
+
+Forge a response with the specified IPv4 (for an A query) or IPv6 (for an AAAA) addresses. If you specify multiple addresses, all that match the query type (A, AAAA or ANY) will get spoofed in
+
+Lua equivalent: :func:`SpoofAction`
+
+Parameters:
+
+- **ips**: Sequence of String
+- **vars**: :ref:`ResponseConfig <yaml-settings-ResponseConfig>`
+
+
+.. _yaml-settings-SpoofCNAMEAction:
+
+SpoofCNAMEAction
+----------------
+
+Forge a response with the specified CNAME value. Please be aware that DNSdist will not chase the target of the CNAME, so it will not be present in the response which might be a problem for stub resolvers that do not know how to follow a CNAME
+
+Lua equivalent: :func:`SpoofCNAMEAction`
+
+Parameters:
+
+- **cname**: String
+- **vars**: :ref:`ResponseConfig <yaml-settings-ResponseConfig>`
+
+
+.. _yaml-settings-SpoofPacketAction:
+
+SpoofPacketAction
+-----------------
+
+Spoof a raw self-generated answer
+
+Lua equivalent: :func:`SpoofPacketAction`
+
+Parameters:
+
+- **response**: String
+- **len**: Unsigned integer
+
+
+.. _yaml-settings-SpoofRawAction:
+
+SpoofRawAction
+--------------
+
+Forge a response with the specified raw bytes as record data
+
+Lua equivalent: :func:`SpoofRawAction`
+
+Parameters:
+
+- **answers**: Sequence of String
+- **qtype-for-any**: String ``("")``
+- **vars**: :ref:`ResponseConfig <yaml-settings-ResponseConfig>`
+
+
+.. _yaml-settings-SpoofSVCAction:
+
+SpoofSVCAction
+--------------
+
+Forge a response with the specified ``SVC`` record data. If the list contains more than one ``SVC`` parameter, they are all returned, and should have different priorities. The hints provided in the SVC parameters, if any, will also be added as ``A``/``AAAA`` records in the additional section, using the target name present in the parameters as owner name if it’s not empty (root) and the qname instead
+
+Lua equivalent: :func:`SpoofSVCAction`
+
+Parameters:
+
+- **parameters**: Sequence of :ref:`SVCRecordParameters <yaml-settings-SVCRecordParameters>`
+- **vars**: :ref:`ResponseConfig <yaml-settings-ResponseConfig>`
+
+
+.. _yaml-settings-TCAction:
+
+TCAction
+--------
+
+Create answer to query with the ``TC`` bit set, and the ``RA`` bit set to the value of ``RD`` in the query, to force the client to TCP
+
+Lua equivalent: :func:`TCAction`
+
+.. _yaml-settings-TeeAction:
+
+TeeAction
+---------
+
+Send copy of query to remote, keep stats on responses. If ``add-ecs`` is set to true, EDNS Client Subnet information will be added to the query. If ``add-proxy-protocol`` is set to true, a Proxy Protocol v2 payload will be prepended in front of the query. The payload will contain the protocol the initial query was received over (UDP or TCP), as well as the initial source and destination addresses and ports. If ``lca`` has provided a value like “192.0.2.53”, dnsdist will try binding that address as local address when sending the queries. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`TeeAction`
+
+Parameters:
+
+- **rca**: String
+- **lca**: String ``("")``
+- **add-ecs**: Boolean ``(false)``
+- **add-proxy-protocol**: Boolean ``(false)``
+
+
--- /dev/null
+.. THIS IS A GENERATED FILE. DO NOT EDIT. See dnsdist-settings-documentation-generator.py
+
+.. raw:: latex
+
+ \setcounter{secnumdepth}{-1}
+
+.. _yaml-settings-ResponseAction:
+
+YAML response-action reference
+==============================
+
+.. _yaml-settings-AllowResponseAction:
+
+AllowResponseAction
+-------------------
+
+Let these packets go through.
+
+Lua equivalent: :func:`AllowResponseAction`
+
+.. _yaml-settings-ClearRecordTypesResponseAction:
+
+ClearRecordTypesResponseAction
+------------------------------
+
+Removes given type(s) records from the response. Beware you can accidentally turn the answer into a NODATA response without a SOA record in the additional section in which case you may want to use NegativeAndSOAAction() to generate an answer, see example below. Subsequent rules are processed after this action.
+
+Lua equivalent: :func:`ClearRecordTypesResponseAction`
+
+Parameters:
+
+- **types**: Sequence of Unsigned integer - List of types to remove
+
+
+.. _yaml-settings-DelayResponseAction:
+
+DelayResponseAction
+-------------------
+
+Delay the response by the specified amount of milliseconds (UDP-only). Note that the sending of the query to the backend, if needed, is not delayed. Only the sending of the response to the client will be delayed. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`DelayResponseAction`
+
+Parameters:
+
+- **msec**: Unsigned integer
+
+
+.. _yaml-settings-DnstapLogResponseAction:
+
+DnstapLogResponseAction
+-----------------------
+
+Send the current response to a remote logger as a dnstap message. ``alter-function`` is a callback, receiving a :class:`DNSResponse` and a :class:`DnstapMessage`, that can be used to modify the message. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`DnstapLogResponseAction`
+
+Parameters:
+
+- **identity**: String
+- **logger-name**: String
+- **alter-function**: String ``("")``
+
+
+.. _yaml-settings-DropResponseAction:
+
+DropResponseAction
+------------------
+
+Drop the packet
+
+Lua equivalent: :func:`DropResponseAction`
+
+.. _yaml-settings-LimitTTLResponseAction:
+
+LimitTTLResponseAction
+----------------------
+
+Cap the TTLs of the response to the given boundaries
+
+Lua equivalent: :func:`LimitTTLResponseAction`
+
+Parameters:
+
+- **min**: Unsigned integer
+- **max**: Unsigned integer
+- **types**: Sequence of Unsigned integer
+
+
+.. _yaml-settings-LogResponseAction:
+
+LogResponseAction
+-----------------
+
+Log a line for each response, to the specified file if any, to the console (require verbose) if the empty string is given as filename. If an empty string is supplied in the file name, the logging is done to stdout, and only in verbose mode by default. This can be changed by setting ``verbose-only`` to ``false``. When logging to a file, the ``binary`` parameter specifies whether we log in binary form (default) or in textual form. The ``append`` parameter specifies whether we open the file for appending or truncate each time (default). The ``buffered`` parameter specifies whether writes to the file are buffered (default) or not. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`LogResponseAction`
+
+Parameters:
+
+- **file-name**: String ``("")``
+- **append**: Boolean ``(false)``
+- **buffered**: Boolean ``(false)``
+- **verbose-only**: Boolean ``(true)``
+- **include-timestamp**: Boolean ``(false)``
+
+
+.. _yaml-settings-LuaResponseAction:
+
+LuaResponseAction
+-----------------
+
+Invoke a Lua function that accepts a :class:`DNSResponse`. The function should return a :ref:`DNSResponseAction`. If the Lua code fails, ``ServFail`` is returned
+
+Lua equivalent: :func:`LuaResponseAction`
+
+Parameters:
+
+- **function**: String
+
+
+.. _yaml-settings-LuaFFIResponseAction:
+
+LuaFFIResponseAction
+--------------------
+
+Invoke a Lua function that accepts a pointer to a ``dnsdist_ffi_dnsquestion_t`` object, whose bindings are defined in ``dnsdist-lua-ffi-interface.h``. The function should return a :ref:`DNSResponseAction`. If the Lua code fails, ``ServFail`` is returned
+
+Lua equivalent: :func:`LuaFFIResponseAction`
+
+Parameters:
+
+- **function**: String
+
+
+.. _yaml-settings-LuaFFIPerThreadResponseAction:
+
+LuaFFIPerThreadResponseAction
+-----------------------------
+
+Invoke a Lua function that accepts a pointer to a ``dnsdist_ffi_dnsquestion_t`` object, whose bindings are defined in ``dnsdist-lua-ffi-interface.h``. The function should return a :ref:`DNSResponseAction`. If the Lua code fails, ``ServFail`` is returned. The function will be invoked in a per-thread Lua state, without access to the global Lua state. All constants (:ref:`DNSQType`, :ref:`DNSRCode`, ...) are available in that per-thread context, as well as all FFI functions. Objects and their bindings that are not usable in a FFI context (:class:`DNSQuestion`, :class:`DNSDistProtoBufMessage`, :class:`PacketCache`, ...) are not available.
+
+Lua equivalent: :func:`LuaFFIPerThreadResponseAction`
+
+Parameters:
+
+- **code**: String
+
+
+.. _yaml-settings-RemoteLogResponseAction:
+
+RemoteLogResponseAction
+-----------------------
+
+Send the current response to a remote logger as a Protocol Buffer message. ``alter-function`` is a callback, receiving a :class:`DNSResponse` and a :class:`DNSDistProtoBufMessage`, that can be used to modify the message, for example for anonymization purposes. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`RemoteLogResponseAction`
+
+Parameters:
+
+- **logger-name**: String
+- **alter-function**: String ``("")``
+- **server-id**: String ``("")``
+- **ip-encrypt-key**: String ``("")``
+- **include-cname**: Boolean ``(false)``
+- **export-tags**: Sequence of String
+- **export-extended-errors-to-meta**: String ``("")``
+- **metas**: Sequence of :ref:`ProtoBufMetaConfiguration <yaml-settings-ProtoBufMetaConfiguration>`
+
+
+.. _yaml-settings-SetExtendedDNSErrorResponseAction:
+
+SetExtendedDNSErrorResponseAction
+---------------------------------
+
+Set an Extended DNS Error status that will be added to the response. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetExtendedDNSErrorResponseAction`
+
+Parameters:
+
+- **info-code**: Unsigned integer
+- **extra-text**: String ``("")``
+
+
+.. _yaml-settings-SetMaxReturnedTTLResponseAction:
+
+SetMaxReturnedTTLResponseAction
+-------------------------------
+
+Cap the TTLs of the response to the given maximum, but only after inserting the response into the packet cache with the initial TTL values
+
+Lua equivalent: :func:`SetMaxReturnedTTLResponseAction`
+
+Parameters:
+
+- **max**: Unsigned integer
+
+
+.. _yaml-settings-SetMaxTTLResponseAction:
+
+SetMaxTTLResponseAction
+-----------------------
+
+Cap the TTLs of the response to the given maximum
+
+Lua equivalent: :func:`SetMaxTTLResponseAction`
+
+Parameters:
+
+- **max**: Unsigned integer
+
+
+.. _yaml-settings-SetMinTTLResponseAction:
+
+SetMinTTLResponseAction
+-----------------------
+
+Cap the TTLs of the response to the given minimum
+
+Lua equivalent: :func:`SetMinTTLResponseAction`
+
+Parameters:
+
+- **min**: Unsigned integer
+
+
+.. _yaml-settings-SetReducedTTLResponseAction:
+
+SetReducedTTLResponseAction
+---------------------------
+
+Reduce the TTL of records in a response to a percentage of the original TTL. For example, passing 50 means that the original TTL will be cut in half. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetReducedTTLResponseAction`
+
+Parameters:
+
+- **percentage**: Unsigned integer
+
+
+.. _yaml-settings-SetSkipCacheResponseAction:
+
+SetSkipCacheResponseAction
+--------------------------
+
+Don’t store this answer in the cache. Subsequent rules are processed after this action.
+
+Lua equivalent: :func:`SetSkipCacheResponseAction`
+
+.. _yaml-settings-SetTagResponseAction:
+
+SetTagResponseAction
+--------------------
+
+Associate a tag named ``tag`` with a value of ``value`` to this response. This function will overwrite any existing tag value. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SetTagResponseAction`
+
+Parameters:
+
+- **tag**: String
+- **value**: String
+
+
+.. _yaml-settings-SNMPTrapResponseAction:
+
+SNMPTrapResponseAction
+----------------------
+
+Send an SNMP trap, adding the message string as the query description. Subsequent rules are processed after this action
+
+Lua equivalent: :func:`SNMPTrapResponseAction`
+
+Parameters:
+
+- **reason**: String ``("")``
+
+
+.. _yaml-settings-TCResponseAction:
+
+TCResponseAction
+----------------
+
+Truncate an existing answer, to force the client to TCP. Only applied to answers that will be sent to the client over TCP. In addition to the TC bit being set, all records are removed from the answer, authority and additional sections
+
+Lua equivalent: :func:`TCResponseAction`
+
--- /dev/null
+.. THIS IS A GENERATED FILE. DO NOT EDIT. See dnsdist-settings-documentation-generator.py
+
+.. raw:: latex
+
+ \setcounter{secnumdepth}{-1}
+
+.. _yaml-settings-Selector:
+
+YAML selector reference
+=======================
+
+.. _yaml-settings-AllSelector:
+
+AllSelector
+-----------
+
+Matches all traffic
+
+Lua equivalent: :func:`AllRule`
+
+.. _yaml-settings-AndSelector:
+
+AndSelector
+-----------
+
+Matches traffic if all selectors match
+
+Lua equivalent: :func:`AndRule`
+
+Parameters:
+
+- **selectors**: Sequence of :ref:`Selector <yaml-settings-Selector>`
+
+
+.. _yaml-settings-ByNameSelector:
+
+ByNameSelector
+--------------
+
+References an already declared selector by its name
+
+Parameters:
+
+- **selector-name**: String
+
+
+.. _yaml-settings-DNSSECSelector:
+
+DNSSECSelector
+--------------
+
+Matches queries with the DO flag set
+
+Lua equivalent: :func:`DNSSECRule`
+
+.. _yaml-settings-DSTPortSelector:
+
+DSTPortSelector
+---------------
+
+Matches questions received to the destination port
+
+Lua equivalent: :func:`DSTPortRule`
+
+Parameters:
+
+- **port**: Unsigned integer
+
+
+.. _yaml-settings-EDNSOptionSelector:
+
+EDNSOptionSelector
+------------------
+
+Matches queries or responses with the specified EDNS option present
+
+Lua equivalent: :func:`EDNSOptionRule`
+
+Parameters:
+
+- **option-code**: Unsigned integer
+
+
+.. _yaml-settings-EDNSVersionSelector:
+
+EDNSVersionSelector
+-------------------
+
+Matches queries or responses with an OPT record whose EDNS version is greater than the specified EDNS version
+
+Lua equivalent: :func:`EDNSVersionRule`
+
+Parameters:
+
+- **version**: Unsigned integer
+
+
+.. _yaml-settings-ERCodeSelector:
+
+ERCodeSelector
+--------------
+
+Matches queries or responses with the specified rcode. The full 16bit RCode will be matched. If no EDNS OPT RR is present, the upper 12 bits are treated as 0
+
+Lua equivalent: :func:`ERCodeRule`
+
+Parameters:
+
+- **rcode**: Unsigned integer
+
+
+.. _yaml-settings-HTTPHeaderSelector:
+
+HTTPHeaderSelector
+------------------
+
+Matches DNS over HTTPS queries with a HTTP header name whose content matches the supplied regular expression. It is necessary to set the ``keepIncomingHeaders`` to :func:`addDOHLocal()` to use this rule
+
+Lua equivalent: :func:`HTTPHeaderRule`
+
+Parameters:
+
+- **header**: String
+- **expression**: String
+
+
+.. _yaml-settings-HTTPPathSelector:
+
+HTTPPathSelector
+----------------
+
+Matches DNS over HTTPS queries with a specific HTTP path
+
+Lua equivalent: :func:`HTTPPathRule`
+
+Parameters:
+
+- **path**: String
+
+
+.. _yaml-settings-HTTPPathRegexSelector:
+
+HTTPPathRegexSelector
+---------------------
+
+Matches DNS over HTTPS queries with a path matching the supplied regular expression
+
+Lua equivalent: :func:`HTTPPathRegexRule`
+
+Parameters:
+
+- **expression**: String
+
+
+.. _yaml-settings-KeyValueStoreLookupSelector:
+
+KeyValueStoreLookupSelector
+---------------------------
+
+Matches if the key returned by ``lookup-key-name`` exists in the key value store
+
+Lua equivalent: :func:`KeyValueStoreLookupRule`
+
+Parameters:
+
+- **kvs-name**: String
+- **lookup-key-name**: String
+
+
+.. _yaml-settings-KeyValueStoreRangeLookupSelector:
+
+KeyValueStoreRangeLookupSelector
+--------------------------------
+
+Does a range-based lookup into the key value store using the key returned by ``lookup-key-name`` and matches if there is a range covering that key. This assumes that there is a key, in network byte order, for the last element of the range (for example ``2001:0db8:ffff:ffff:ffff:ffff:ffff:ffff`` for ``2001:db8::/32``) which contains the first element of the range (``2001:0db8:0000:0000:0000:0000:0000:0000``) (optionally followed by any data) as value, still in network byte order, and that there is no overlapping ranges in the database. This requires that the underlying store supports ordered keys, which is true for ``LMDB`` but not for ``CDB``
+
+Lua equivalent: :func:`KeyValueStoreRangeLookupRule`
+
+Parameters:
+
+- **kvs-name**: String
+- **lookup-key-name**: String
+
+
+.. _yaml-settings-LuaSelector:
+
+LuaSelector
+-----------
+
+Invoke a Lua function that accepts a :class:`DNSQuestion` object. The function should return true if the query matches, or false otherwise. If the Lua code fails, false is returned
+
+Lua equivalent: :func:`LuaRule`
+
+Parameters:
+
+- **function**: String
+
+
+.. _yaml-settings-LuaFFISelector:
+
+LuaFFISelector
+--------------
+
+Invoke a Lua FFI function that accepts a pointer to a ``dnsdist_ffi_dnsquestion_t`` object, whose bindings are defined in ``dnsdist-lua-ffi-interface.h``. The function should return true if the query matches, or false otherwise. If the Lua code fails, false is returned
+
+Lua equivalent: :func:`LuaFFIRule`
+
+Parameters:
+
+- **function**: String
+
+
+.. _yaml-settings-LuaFFIPerThreadSelector:
+
+LuaFFIPerThreadSelector
+-----------------------
+
+Invoke a Lua FFI function that accepts a pointer to a ``dnsdist_ffi_dnsquestion_t`` object, whose bindings are defined in ``dnsdist-lua-ffi-interface.h``. The function should return true if the query matches, or false otherwise. If the Lua code fails, false is returned.
+The function will be invoked in a per-thread Lua state, without access to the global Lua state. All constants (:ref:`DNSQType`, :ref:`DNSRCode`, ...) are available in that per-thread context, as well as all FFI functions. Objects and their bindings that are not usable in a FFI context (:class:`DNSQuestion`, :class:`DNSDistProtoBufMessage`, :class:`PacketCache`, ...) are not available
+
+Lua equivalent: :func:`LuaFFIPerThreadRule`
+
+Parameters:
+
+- **code**: String
+
+
+.. _yaml-settings-MaxQPSSelector:
+
+MaxQPSSelector
+--------------
+
+Matches traffic not exceeding this qps limit. If e.g. this is set to 50, starting at the 51st query of the current second traffic stops being matched. This can be used to enforce a global QPS limit
+
+Lua equivalent: :func:`MaxQPSRule`
+
+Parameters:
+
+- **qps**: Unsigned integer
+- **burst**: Unsigned integer ``(0)``
+
+
+.. _yaml-settings-MaxQPSIPSelector:
+
+MaxQPSIPSelector
+----------------
+
+Matches traffic for a subnet specified by the v4 or v6 mask exceeding ``qps`` queries per second up to ``burst`` allowed. This rule keeps track of QPS by netmask or source IP. This state is cleaned up regularly if ``cleanup-delay`` is greater than zero, removing existing netmasks or IP addresses that have not been seen in the last ``expiration`` seconds.
+
+Lua equivalent: :func:`MaxQPSIPRule`
+
+Parameters:
+
+- **qps**: Unsigned integer
+- **ipv4-mask**: Unsigned integer ``(32)``
+- **ipv6-mask**: Unsigned integer ``(64)``
+- **burst**: Unsigned integer ``(0)``
+- **expiration**: Unsigned integer ``(300)``
+- **cleanup-delay**: Unsigned integer ``(60)``
+- **scan-fraction**: Unsigned integer ``(10)``
+- **shards**: Unsigned integer ``(10)``
+
+
+.. _yaml-settings-NetmaskGroupSelector:
+
+NetmaskGroupSelector
+--------------------
+
+Matches traffic from/to the network range specified in either the supplied :class:`NetmaskGroup` object or the list of ``netmasks``. Set the ``source`` parameter to ``false`` to match against destination address instead of source address. This can be used to differentiate between clients
+
+Lua equivalent: :func:`NetmaskGroupRule`
+
+Parameters:
+
+- **netmask-group-name**: String ``("")``
+- **netmasks**: Sequence of String
+- **source**: Boolean ``(true)``
+- **quiet**: Boolean ``(false)``
+
+
+.. _yaml-settings-NotSelector:
+
+NotSelector
+-----------
+
+Matches the traffic if the selector rule does not match
+
+Lua equivalent: :func:`NotRule`
+
+Parameters:
+
+- **selector**: :ref:`Selector <yaml-settings-Selector>`
+
+
+.. _yaml-settings-OpcodeSelector:
+
+OpcodeSelector
+--------------
+
+Matches queries with opcode equals to ``code``
+
+Lua equivalent: :func:`OpcodeRule`
+
+Parameters:
+
+- **code**: Unsigned integer
+
+
+.. _yaml-settings-OrSelector:
+
+OrSelector
+----------
+
+Matches the traffic if one or more of the selectors Rules does match
+
+Lua equivalent: :func:`OrRule`
+
+Parameters:
+
+- **selectors**: Sequence of :ref:`Selector <yaml-settings-Selector>`
+
+
+.. _yaml-settings-PayloadSizeSelector:
+
+PayloadSizeSelector
+-------------------
+
+Matches queries or responses whose DNS payload size fits the given comparison
+
+Lua equivalent: :func:`PayloadSizeRule`
+
+Parameters:
+
+- **comparison**: String
+- **size**: Unsigned integer
+
+
+.. _yaml-settings-PoolAvailableSelector:
+
+PoolAvailableSelector
+---------------------
+
+Check whether a pool has any servers available to handle queries
+
+Lua equivalent: :func:`PoolAvailableRule`
+
+Parameters:
+
+- **pool**: String
+
+
+.. _yaml-settings-PoolOutstandingSelector:
+
+PoolOutstandingSelector
+-----------------------
+
+Check whether a pool has total outstanding queries above limit
+
+Lua equivalent: :func:`PoolOutstandingRule`
+
+Parameters:
+
+- **pool**: String
+- **max-outstanding**: Unsigned integer
+
+
+.. _yaml-settings-ProbaSelector:
+
+ProbaSelector
+-------------
+
+Matches queries with a given probability. 1.0 means "always"
+
+Lua equivalent: :func:`ProbaRule`
+
+Parameters:
+
+- **probability**: Double
+
+
+.. _yaml-settings-ProxyProtocolValueSelector:
+
+ProxyProtocolValueSelector
+--------------------------
+
+Matches queries that have a proxy protocol TLV value of the specified type. If ``option-value`` is set, the content of the value should also match the content of value
+
+Lua equivalent: :func:`ProxyProtocolValueRule`
+
+Parameters:
+
+- **option-type**: Unsigned integer
+- **option-value**: String ``("")``
+
+
+.. _yaml-settings-QClassSelector:
+
+QClassSelector
+--------------
+
+Matches queries with the specified qclass. The class can be specified as a numerical value or as a string
+
+Lua equivalent: :func:`QClassRule`
+
+Parameters:
+
+- **qclass**: String ``("")``
+- **numeric-value**: Unsigned integer ``(0)``
+
+
+.. _yaml-settings-QNameSelector:
+
+QNameSelector
+-------------
+
+Matches queries with the specified qname exactly
+
+Lua equivalent: :func:`QNameRule`
+
+Parameters:
+
+- **qname**: String
+
+
+.. _yaml-settings-QNameLabelsCountSelector:
+
+QNameLabelsCountSelector
+------------------------
+
+Matches if the qname has less than ``min-labels-count`` or more than ``max-labels-count`` labels
+
+Lua equivalent: :func:`QNameLabelsCountRule`
+
+Parameters:
+
+- **min-labels-count**: Unsigned integer
+- **max-labels-count**: Unsigned integer
+
+
+.. _yaml-settings-QNameSetSelector:
+
+QNameSetSelector
+----------------
+
+Matches if the set contains exact qname. To match subdomain names, see :ref:`yaml-settings-QNameSuffixSelector`
+
+Lua equivalent: :func:`QNameSetRule`
+
+Parameters:
+
+- **qnames**: Sequence of String
+
+
+.. _yaml-settings-QNameSuffixSelector:
+
+QNameSuffixSelector
+-------------------
+
+Matches based on a group of domain suffixes for rapid testing of membership. Pass true to ``quiet`` to prevent listing of all domains matched in the console or the web interface
+
+Lua equivalent: :func:`QNameSuffixRule`
+
+Parameters:
+
+- **suffixes**: Sequence of String
+- **quiet**: Boolean ``(false)``
+
+
+.. _yaml-settings-QNameWireLengthSelector:
+
+QNameWireLengthSelector
+-----------------------
+
+Matches if the qname’s length on the wire is less than ``min`` or more than ``max`` bytes.
+
+Lua equivalent: :func:`QNameWireLengthRule`
+
+Parameters:
+
+- **min**: Unsigned integer
+- **max**: Unsigned integer
+
+
+.. _yaml-settings-QTypeSelector:
+
+QTypeSelector
+-------------
+
+Matches queries with the specified qtype, which can be supplied as a String or as a numerical value
+
+Lua equivalent: :func:`QTypeRule`
+
+Parameters:
+
+- **qtype**: String
+- **numeric-value**: Unsigned integer ``(0)``
+
+
+.. _yaml-settings-RCodeSelector:
+
+RCodeSelector
+-------------
+
+Matches queries or responses with the specified rcode
+
+Lua equivalent: :func:`RCodeRule`
+
+Parameters:
+
+- **rcode**: Unsigned integer
+
+
+.. _yaml-settings-RDSelector:
+
+RDSelector
+----------
+
+Matches queries with the RD flag set
+
+Lua equivalent: :func:`RDRule`
+
+.. _yaml-settings-RE2Selector:
+
+RE2Selector
+-----------
+
+Matches the query name against the supplied regex using the RE2 engine
+
+Lua equivalent: :func:`RE2Rule`
+
+Parameters:
+
+- **expression**: String
+
+
+.. _yaml-settings-RecordsCountSelector:
+
+RecordsCountSelector
+--------------------
+
+Matches if there is at least ``minimum`` and at most ``maximum`` records in the ``section`` section. ``section`` is specified as an integer with ``0`` being the question section, ``1`` answer, ``2`` authority and ``3`` additional
+
+Lua equivalent: :func:`RecordsCountRule`
+
+Parameters:
+
+- **section**: Unsigned integer
+- **minimum**: Unsigned integer
+- **maximum**: Unsigned integer
+
+
+.. _yaml-settings-RecordsTypeCountSelector:
+
+RecordsTypeCountSelector
+------------------------
+
+Matches if there is at least ``minimum`` and at most ``maximum`` records of type ``record-type`` in the section ``section``. ``section`` is specified as an integer with ``0`` being the question section, ``1`` answer, ``2`` authority and ``3`` additional
+
+Lua equivalent: :func:`RecordsTypeCountRule`
+
+Parameters:
+
+- **section**: Unsigned integer
+- **record-type**: Unsigned integer
+- **minimum**: Unsigned integer
+- **maximum**: Unsigned integer
+
+
+.. _yaml-settings-RegexSelector:
+
+RegexSelector
+-------------
+
+Matches the query name against the supplied regular expression
+
+Lua equivalent: :func:`RegexRule`
+
+Parameters:
+
+- **expression**: String
+
+
+.. _yaml-settings-SNISelector:
+
+SNISelector
+-----------
+
+Matches against the TLS Server Name Indication value sent by the client, if any. Only makes sense for DoT or DoH, and for that last one matching on the HTTP Host header using :ref:`yaml-settings-HTTPHeaderSelector` might provide more consistent results
+
+Lua equivalent: :func:`SNIRule`
+
+Parameters:
+
+- **server-name**: String
+
+
+.. _yaml-settings-TagSelector:
+
+TagSelector
+-----------
+
+Matches question or answer with a tag named ``tag`` set. If ``value`` is specified, the existing tag value should match too
+
+Lua equivalent: :func:`TagRule`
+
+Parameters:
+
+- **tag**: String
+- **value**: String ``("")``
+
+
+.. _yaml-settings-TCPSelector:
+
+TCPSelector
+-----------
+
+Matches question received over TCP if ``tcp`` is true, over UDP otherwise
+
+Lua equivalent: :func:`TCPRule`
+
+Parameters:
+
+- **tcp**: Boolean
+
+
+.. _yaml-settings-TrailingDataSelector:
+
+TrailingDataSelector
+--------------------
+
+Matches if the query has trailing data
+
+Lua equivalent: :func:`TrailingDataRule`
+
--- /dev/null
+.. THIS IS A GENERATED FILE. DO NOT EDIT. See dnsdist-settings-documentation-generator.py
+
+.. raw:: latex
+
+ \setcounter{secnumdepth}{-1}
+
+YAML configuration reference
+============================
+
+Since 2.0.0, :program:`dnsdist` supports the YAML configuration format in addition to the existing Lua one.
+
+If the configuration file passed to :program:`dnsdist` via the ``-C`` command-line switch ends in ``.yml``, it is assumed to be in the new YAML format, and an attempt to load a Lua configuration file with the same name but the ``.lua`` will be done before loading the YAML configuration. If the names ends in ``.lua``, there will also be an attempt to find a file with the same name but ending in ``.yml``. Otherwise the existing Lua configuration format is assumed.
+
+A YAML configuration file contains several sections, that are described below.
+
+.. code-block:: yaml
+
+.. _yaml-settings-GlobalConfiguration:
+
+GlobalConfiguration
+-------------------
+
+- **acl**: Sequence of String ``(127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10)`` - CIDR netmasks of the clients allowed to send DNS queries
+- **backends**: Sequence of :ref:`BackendConfiguration <yaml-settings-BackendConfiguration>` - List of backends
+- **binds**: Sequence of :ref:`BindConfiguration <yaml-settings-BindConfiguration>` - List of endpoints to accept queries on
+- **cache-hit-response-rules**: Sequence of :ref:`ResponseRuleConfiguration <yaml-settings-ResponseRuleConfiguration>` - List of rules executed on a cache hit
+- **cache-inserted-response-rules**: Sequence of :ref:`ResponseRuleConfiguration <yaml-settings-ResponseRuleConfiguration>` - List of rules executed after inserting a new response into the cache
+- **cache-miss-rules**: Sequence of :ref:`QueryRuleConfiguration <yaml-settings-QueryRuleConfiguration>` - List of rules executed after a cache miss
+- **cache-settings**: :ref:`CacheSettingsConfiguration <yaml-settings-CacheSettingsConfiguration>` - Caching-related settings
+- **console**: :ref:`ConsoleConfiguration <yaml-settings-ConsoleConfiguration>` - Console-related settings
+- **dynamic-rules**: Sequence of :ref:`DynamicRulesConfiguration <yaml-settings-DynamicRulesConfiguration>` - List of dynamic rules
+- **dynamic-rules-settings**: :ref:`DynamicRulesSettingsConfiguration <yaml-settings-DynamicRulesSettingsConfiguration>` - Dynamic rules-related settings
+- **edns-client-subnet**: :ref:`EdnsClientSubnetConfiguration <yaml-settings-EdnsClientSubnetConfiguration>` - EDNS Client Subnet-related settings
+- **general**: :ref:`GeneralConfiguration <yaml-settings-GeneralConfiguration>` - General settings
+- **key-value-stores**: :ref:`KeyValueStoresConfiguration <yaml-settings-KeyValueStoresConfiguration>` - Key-Value stores
+- **load-balancing-policies**: :ref:`LoadBalancingPoliciesConfiguration <yaml-settings-LoadBalancingPoliciesConfiguration>` - Load-balancing policies
+- **metrics**: :ref:`MetricsConfiguration <yaml-settings-MetricsConfiguration>` - Metrics-related settings
+- **packet-caches**: Sequence of :ref:`PacketCacheConfiguration <yaml-settings-PacketCacheConfiguration>` - Packet-cache definitions
+- **pools**: Sequence of :ref:`PoolConfiguration <yaml-settings-PoolConfiguration>` - Pools of backends
+- **proxy-protocol**: :ref:`ProxyProtocolConfiguration <yaml-settings-ProxyProtocolConfiguration>` - Proxy-protocol-related settings
+- **query-count**: :ref:`QueryCountConfiguration <yaml-settings-QueryCountConfiguration>` - Queries counting-related settings
+- **query-rules**: Sequence of :ref:`QueryRuleConfiguration <yaml-settings-QueryRuleConfiguration>` - List of rules executed when a query is received
+- **remote-logging**: :ref:`RemoteLoggingConfiguration <yaml-settings-RemoteLoggingConfiguration>` - Remote logging-related settings
+- **response-rules**: Sequence of :ref:`ResponseRuleConfiguration <yaml-settings-ResponseRuleConfiguration>` - List of rules executed when a response is received
+- **ring-buffers**: :ref:`RingBuffersConfiguration <yaml-settings-RingBuffersConfiguration>` - In-memory ring buffer settings
+- **security-polling**: :ref:`SecurityPollingConfiguration <yaml-settings-SecurityPollingConfiguration>` - Automatic checking of outdated version
+- **selectors**: Sequence of :ref:`Selector <yaml-settings-Selector>` - List of selectors that can be reused in rules
+- **self-answered-response-rules**: Sequence of :ref:`ResponseRuleConfiguration <yaml-settings-ResponseRuleConfiguration>` - List of rules executed when a response is generated by DNSdist itself
+- **snmp**: :ref:`SnmpConfiguration <yaml-settings-SnmpConfiguration>` - SNMP-related settings
+- **tuning**: :ref:`TuningConfiguration <yaml-settings-TuningConfiguration>` - Performance-related settings
+- **webserver**: :ref:`WebserverConfiguration <yaml-settings-WebserverConfiguration>` - Internal web server configuration
+- **xfr-response-rules**: Sequence of :ref:`ResponseRuleConfiguration <yaml-settings-ResponseRuleConfiguration>` - List of rules executed when a XFR response is received
+
+
+
+.. _yaml-settings-BackendConfiguration:
+
+BackendConfiguration
+--------------------
+
+- **address**: String
+- **id**: String ``("")``
+- **name**: String ``("")``
+- **protocol**: String
+- **tls**: :ref:`OutgoingTlsConfiguration <yaml-settings-OutgoingTlsConfiguration>`
+- **doh**: :ref:`OutgoingDohConfiguration <yaml-settings-OutgoingDohConfiguration>`
+- **use-client-subnet**: Boolean ``(false)``
+- **use-proxy-protocol**: Boolean ``(false)``
+- **queries-per-second**: Unsigned integer ``(0)``
+- **order**: Unsigned integer ``(1)``
+- **weight**: Unsigned integer ``(1)``
+- **pools**: Sequence of String
+- **retries**: Unsigned integer ``(5)``
+- **tcp**: :ref:`OutgoingTcpConfiguration <yaml-settings-OutgoingTcpConfiguration>`
+- **ip-bind-addr-no-port**: Boolean ``(true)``
+- **health-checks**: :ref:`HealthCheckConfiguration <yaml-settings-HealthCheckConfiguration>`
+- **source**: String ``("")``
+- **sockets**: Unsigned integer ``(1)``
+- **disable-zero-scope**: Boolean ``(false)``
+- **reconnect-on-up**: Boolean ``(false)``
+- **max-in-flight**: Unsigned integer ``(1)``
+- **tcp-only**: Boolean ``(false)``
+- **auto-upgrade**: :ref:`OutgoingAutoUpgradeConfiguration <yaml-settings-OutgoingAutoUpgradeConfiguration>`
+- **max-concurrent-tcp-connections**: Unsigned integer ``(0)``
+- **ktls**: Boolean ``(false)``
+- **proxy-protocol-advertise-tls**: Boolean ``(false)``
+- **xsk-sockets**: Sequence of String
+- **mac-address**: String ``("")``
+- **cpus**: String ``("")``
+
+
+.. _yaml-settings-BindConfiguration:
+
+BindConfiguration
+-----------------
+
+- **listen-address**: String - Address and port to listen to
+- **reuseport**: Boolean ``(false)``
+- **protocol**: String ``(Do53)``
+- **threads**: Unsigned integer ``(1)``
+- **interface**: String ``("")``
+- **cpus**: String ``("")``
+- **enable-proxy-protocol**: Boolean ``(false)``
+- **tcp**: :ref:`IncomingTcpConfiguration <yaml-settings-IncomingTcpConfiguration>`
+- **tls**: :ref:`IncomingTlsConfiguration <yaml-settings-IncomingTlsConfiguration>`
+- **doh**: :ref:`IncomingDohConfiguration <yaml-settings-IncomingDohConfiguration>`
+- **doq**: :ref:`IncomingDoqConfiguration <yaml-settings-IncomingDoqConfiguration>`
+- **quic**: :ref:`IncomingQuicConfiguration <yaml-settings-IncomingQuicConfiguration>`
+- **additional-addresses**: Sequence of String
+
+
+.. _yaml-settings-CDBKVStoreConfiguration:
+
+CDBKVStoreConfiguration
+-----------------------
+
+- **name**: String
+- **file-name**: String
+- **refresh-delay**: Unsigned integer
+
+
+.. _yaml-settings-CacheSettingsConfiguration:
+
+CacheSettingsConfiguration
+--------------------------
+
+- **stale-entries-ttl**: Unsigned integer ``(0)``
+- **cleaning-delay**: Unsigned integer ``(60)``
+- **cleaning-percentage**: Unsigned integer ``(100)``
+
+
+.. _yaml-settings-CarbonConfiguration:
+
+CarbonConfiguration
+-------------------
+
+- **address**: String - Indicates the IP address where the statistics should be sent
+- **name**: String ``("")`` - An optional string specifying the hostname that should be used. If left empty, the system hostname is used
+- **interval**: Unsigned integer ``(30)`` - An optional unsigned integer indicating the interval in seconds between exports
+- **namespace**: String ``("")`` - An optional string specifying the namespace name that should be used
+- **instance**: String ``("")`` - An optional string specifying the instance name that should be used
+
+
+.. _yaml-settings-ConsoleConfiguration:
+
+ConsoleConfiguration
+--------------------
+
+- **listen-address**: String ``("")`` - IP address and port to listen on for console connections
+- **key**: String ``("")`` - The shared secret used to secure connections between the console client and the server, generated via ``makeKey()``
+- **acl**: Sequence of String ``(127.0.0.1, ::1)`` - List of network masks or IP addresses that are allowed to open a connection to the console server
+- **maximum-output-size**: Unsigned integer ``(10000000)``
+- **log-connections**: Boolean ``(true)``
+- **max-concurrent-connections**: Unsigned integer ``(0)``
+
+
+.. _yaml-settings-CustomLoadBalancingPolicyConfiguration:
+
+CustomLoadBalancingPolicyConfiguration
+--------------------------------------
+
+- **name**: String
+- **function**: String
+- **ffi**: Boolean ``(false)``
+- **per-thread**: Boolean ``(false)``
+
+
+.. _yaml-settings-DnstapLoggerConfiguration:
+
+DnstapLoggerConfiguration
+-------------------------
+
+- **name**: String
+- **transport**: String
+- **address**: String
+- **buffer-hint**: Unsigned integer ``(0)``
+- **flush-timeout**: Unsigned integer ``(0)``
+- **input-queue-size**: Unsigned integer ``(0)``
+- **output-queue-size**: Unsigned integer ``(0)``
+- **queue-notify-threshold**: Unsigned integer ``(0)``
+- **reopen-interval**: Unsigned integer ``(0)``
+
+
+.. _yaml-settings-DohTuningConfiguration:
+
+DohTuningConfiguration
+----------------------
+
+- **outgoing-worker-threads**: Unsigned integer ``(10)``
+- **outgoing-max-idle-time**: Unsigned integer ``(300)``
+- **outgoing-cleanup-interval**: Unsigned integer ``(60)``
+- **outgoing-max-idle-connection-per-backend**: Unsigned integer ``(10)``
+
+
+.. _yaml-settings-DynamicRuleConfiguration:
+
+DynamicRuleConfiguration
+------------------------
+
+- **type**: String
+- **seconds**: Unsigned integer
+- **action-duration**: Unsigned integer
+- **comment**: String
+- **rate**: Unsigned integer ``(0)``
+- **ratio**: Double ``(0.0)``
+- **action**: String ``(drop)``
+- **warning-rate**: Unsigned integer ``(0)``
+- **warning-ratio**: Double ``(0.0)``
+- **tag-name**: String ``("")``
+- **tag-value**: String ``(0)``
+- **visitor-function**: String ``("")``
+- **rcode**: String ``("")``
+- **qtype**: String ``("")``
+- **minimum-number-of-responses**: Unsigned integer ``(0)``
+- **minimum-global-cache-hit-ratio**: Double ``(0.0)``
+
+
+.. _yaml-settings-DynamicRulesConfiguration:
+
+DynamicRulesConfiguration
+-------------------------
+
+- **name**: String
+- **mask-ipv4**: Unsigned integer ``(32)``
+- **mask-ipv6**: Unsigned integer ``(64)``
+- **mask-port**: Unsigned integer ``(0)``
+- **exclude-ranges**: Sequence of String
+- **include-ranges**: Sequence of String
+- **exclude-domains**: Sequence of String
+- **rules**: Sequence of :ref:`DynamicRuleConfiguration <yaml-settings-DynamicRuleConfiguration>`
+
+
+.. _yaml-settings-DynamicRulesSettingsConfiguration:
+
+DynamicRulesSettingsConfiguration
+---------------------------------
+
+- **purge-interval**: Unsigned integer ``(60)``
+- **default-action**: String ``(Drop)``
+
+
+.. _yaml-settings-EdnsClientSubnetConfiguration:
+
+EdnsClientSubnetConfiguration
+-----------------------------
+
+- **override-existing**: Boolean ``(false)`` - When `useClientSubnet` in `newServer()` is set and dnsdist adds an EDNS Client Subnet Client option to the query, override an existing option already present in the query, if any. Please see Passing the source address to the backend for more information. Note that it’s not recommended to enable setECSOverride in front of an authoritative server responding with EDNS Client Subnet information as mismatching data (ECS scopes) can confuse clients and lead to SERVFAIL responses on downstream nameservers
+- **source-prefix-v4**: Unsigned integer ``(32)`` - When `useClientSubnet` in `newServer()` is set and dnsdist adds an EDNS Client Subnet Client option to the query, truncate the requestor's IPv4 address to `prefix` bits
+- **source-prefix-v6**: Unsigned integer ``(56)`` - When `useClientSubnet` in `newServer()` is set and dnsdist adds an EDNS Client Subnet Client option to the query, truncate the requestor's IPv6 address to `prefix` bits
+
+
+.. _yaml-settings-GeneralConfiguration:
+
+GeneralConfiguration
+--------------------
+
+- **edns-udp-payload-size-self-generated-answers**: Unsigned integer ``(1232)``
+- **add-edns-to-self-generated-answers**: Boolean ``(true)``
+- **truncate-tc-answers**: Boolean ``(false)``
+- **fixup-case**: Boolean ``(false)``
+- **verbose**: Boolean ``(false)``
+- **verbose-health-checks**: Boolean ``(false)``
+- **allow-empty-responses**: Boolean ``(false)``
+- **drop-empty-queries**: Boolean ``(false)``
+- **capabilities-to-retain**: Sequence of String
+
+
+.. _yaml-settings-HealthCheckConfiguration:
+
+HealthCheckConfiguration
+------------------------
+
+- **mode**: String ``(auto)``
+- **qname**: String ``("")``
+- **qclass**: String ``(IN)``
+- **qtype**: String ``(A)``
+- **function**: String ``("")``
+- **timeout**: Unsigned integer ``(1000)``
+- **set-cd**: Boolean ``(false)``
+- **max-failures**: Unsigned integer ``(1)``
+- **rise**: Unsigned integer ``(1)``
+- **interval**: Unsigned integer ``(1)``
+- **must-resolve**: Boolean ``(false)``
+- **use-tcp**: Boolean ``(false)``
+- **lazy**: :ref:`LazyHealthCheckConfiguration <yaml-settings-LazyHealthCheckConfiguration>`
+
+
+.. _yaml-settings-HttpCustomResponseHeaderConfiguration:
+
+HttpCustomResponseHeaderConfiguration
+-------------------------------------
+
+- **key**: String
+- **value**: String
+
+
+.. _yaml-settings-HttpResponsesMapConfiguration:
+
+HttpResponsesMapConfiguration
+-----------------------------
+
+- **expression**: String
+- **status**: Unsigned integer
+- **content**: String
+- **headers**: Sequence of :ref:`HttpCustomResponseHeaderConfiguration <yaml-settings-HttpCustomResponseHeaderConfiguration>`
+
+
+.. _yaml-settings-IncomingDohConfiguration:
+
+IncomingDohConfiguration
+------------------------
+
+- **provider**: String ``(nghttp2)``
+- **paths**: Sequence of String ``(/dns-query)``
+- **idle-timeout**: Unsigned integer ``(30)``
+- **server-tokens**: String ``(h2o/dnsdist)``
+- **send-cache-control-headers**: Boolean ``(true)``
+- **keep-incoming-headers**: Boolean ``(false)``
+- **trust-forwarded-for-header**: Boolean ``(false)``
+- **early-acl-drop**: Boolean ``(true)``
+- **exact-path-matching**: Boolean ``(true)``
+- **internal-pipe-buffer-size**: Unsigned integer ``(1048576)``
+- **custom-response-headers**: Sequence of :ref:`HttpCustomResponseHeaderConfiguration <yaml-settings-HttpCustomResponseHeaderConfiguration>`
+- **responses-map**: Sequence of :ref:`HttpResponsesMapConfiguration <yaml-settings-HttpResponsesMapConfiguration>`
+
+
+.. _yaml-settings-IncomingDoqConfiguration:
+
+IncomingDoqConfiguration
+------------------------
+
+- **max_concurrent_queries_per_connection**: Unsigned integer ``(65535)``
+
+
+.. _yaml-settings-IncomingQuicConfiguration:
+
+IncomingQuicConfiguration
+-------------------------
+
+- **idle-timeout**: Unsigned integer ``(5)``
+- **congestion-control-algorithm**: String ``(reno)``
+- **internal-pipe-buffer-size**: Unsigned integer ``(1048576)``
+
+
+.. _yaml-settings-IncomingTcpConfiguration:
+
+IncomingTcpConfiguration
+------------------------
+
+- **max-in-flight-queries**: Unsigned integer ``(0)``
+- **listen-queue-size**: Unsigned integer ``(0)``
+- **fast-open-queue-size**: Unsigned integer ``(0)``
+- **max-concurrent-connections**: Unsigned integer ``(0)``
+
+
+.. _yaml-settings-IncomingTlsCertificateKeyPairConfiguration:
+
+IncomingTlsCertificateKeyPairConfiguration
+------------------------------------------
+
+- **certificate**: String
+- **key**: String ``("")``
+- **password**: String ``("")``
+
+
+.. _yaml-settings-IncomingTlsConfiguration:
+
+IncomingTlsConfiguration
+------------------------
+
+- **provider**: String ``(OpenSSL)``
+- **certificates**: Sequence of :ref:`IncomingTlsCertificateKeyPairConfiguration <yaml-settings-IncomingTlsCertificateKeyPairConfiguration>`
+- **ignore-errors**: Boolean ``(false)``
+- **ciphers**: String ``("")``
+- **ciphers-tls-13**: String ``("")``
+- **minimum-version**: String ``(tls1.0)``
+- **ticket-key-file**: String ``("")``
+- **tickets-keys-rotation-delay**: Unsigned integer ``(43200)``
+- **number-of-tickets-keys**: Unsigned integer ``(5)``
+- **prefer-server-ciphers**: Boolean ``(true)``
+- **session-timeout**: Unsigned integer ``(0)``
+- **session-tickets**: Boolean ``(true)``
+- **number-of-stored-sessions**: Unsigned integer ``(20480)``
+- **ocsp-response-files**: Sequence of String
+- **key-log-file**: String ``("")``
+- **release-buffers**: Boolean ``(true)``
+- **enable-renegotiation**: Boolean ``(false)``
+- **async-mode**: Boolean ``(false)``
+- **ktls**: Boolean ``(false)``
+- **read-ahead**: Boolean ``(true)``
+- **proxy-protocol-outside-tls**: Boolean ``(false)``
+- **ignore-configuration-errors**: Boolean ``(false)``
+
+
+.. _yaml-settings-KVSLookupKeyQNameConfiguration:
+
+KVSLookupKeyQNameConfiguration
+------------------------------
+
+- **name**: String
+- **wire-format**: Boolean ``(true)``
+
+
+.. _yaml-settings-KVSLookupKeySourceIPConfiguration:
+
+KVSLookupKeySourceIPConfiguration
+---------------------------------
+
+- **name**: String
+- **v4-mask**: Unsigned integer ``(32)``
+- **v6-mask**: Unsigned integer ``(128)``
+- **include-port**: Boolean ``(false)``
+
+
+.. _yaml-settings-KVSLookupKeySuffixConfiguration:
+
+KVSLookupKeySuffixConfiguration
+-------------------------------
+
+- **name**: String
+- **minimum-labels**: Unsigned integer ``(0)``
+- **wire-format**: Boolean ``(true)``
+
+
+.. _yaml-settings-KVSLookupKeyTagConfiguration:
+
+KVSLookupKeyTagConfiguration
+----------------------------
+
+- **name**: String
+- **tag**: String
+
+
+.. _yaml-settings-KVSLookupKeysConfiguration:
+
+KVSLookupKeysConfiguration
+--------------------------
+
+- **source-ip-keys**: Sequence of :ref:`KVSLookupKeySourceIPConfiguration <yaml-settings-KVSLookupKeySourceIPConfiguration>`
+- **qname-keys**: Sequence of :ref:`KVSLookupKeyQNameConfiguration <yaml-settings-KVSLookupKeyQNameConfiguration>`
+- **suffix-keys**: Sequence of :ref:`KVSLookupKeySuffixConfiguration <yaml-settings-KVSLookupKeySuffixConfiguration>`
+- **tag-keys**: Sequence of :ref:`KVSLookupKeyTagConfiguration <yaml-settings-KVSLookupKeyTagConfiguration>`
+
+
+.. _yaml-settings-KeyValueStoresConfiguration:
+
+KeyValueStoresConfiguration
+---------------------------
+
+- **lmdb**: Sequence of :ref:`LMDBKVStoreConfiguration <yaml-settings-LMDBKVStoreConfiguration>`
+- **cdb**: Sequence of :ref:`CDBKVStoreConfiguration <yaml-settings-CDBKVStoreConfiguration>`
+- **lookup-keys**: :ref:`KVSLookupKeysConfiguration <yaml-settings-KVSLookupKeysConfiguration>`
+
+
+.. _yaml-settings-LMDBKVStoreConfiguration:
+
+LMDBKVStoreConfiguration
+------------------------
+
+- **name**: String
+- **file-name**: String
+- **database-name**: String
+- **no-lock**: Boolean ``(false)``
+
+
+.. _yaml-settings-LazyHealthCheckConfiguration:
+
+LazyHealthCheckConfiguration
+----------------------------
+
+- **interval**: Unsigned integer ``(30)``
+- **min-sample-count**: Unsigned integer ``(1)``
+- **mode**: String ``(TimeoutOrServFail)``
+- **sample-size**: Unsigned integer ``(100)``
+- **threshold**: Unsigned integer ``(20)``
+- **use-exponential-back-off**: Boolean ``(false)``
+- **max-back-off**: Unsigned integer ``(3600)``
+
+
+.. _yaml-settings-LoadBalancingPoliciesConfiguration:
+
+LoadBalancingPoliciesConfiguration
+----------------------------------
+
+- **servfail-on-no-server**: Boolean ``(false)``
+- **round-robin-servfail-on-no-server**: Boolean ``(false)``
+- **weighted-balancing-factor**: Double ``(0.0)``
+- **consistent-hashing-balancing-factor**: Double ``(0.0)``
+- **custom-policies**: Sequence of :ref:`CustomLoadBalancingPolicyConfiguration <yaml-settings-CustomLoadBalancingPolicyConfiguration>`
+- **hash-perturbation**: Unsigned integer ``(0)``
+
+
+.. _yaml-settings-MetricsConfiguration:
+
+MetricsConfiguration
+--------------------
+
+- **carbon**: Sequence of :ref:`CarbonConfiguration <yaml-settings-CarbonConfiguration>`
+
+
+.. _yaml-settings-OutgoingAutoUpgradeConfiguration:
+
+OutgoingAutoUpgradeConfiguration
+--------------------------------
+
+- **enabled**: Boolean ``(false)``
+- **interval**: Unsigned integer ``(3600)``
+- **keep**: Boolean ``(false)``
+- **pool**: String ``("")``
+- **doh-key**: Unsigned integer ``(7)``
+- **use-lazy-health-check**: Boolean ``(false)``
+
+
+.. _yaml-settings-OutgoingDohConfiguration:
+
+OutgoingDohConfiguration
+------------------------
+
+- **path**: String ``(/dns-query)``
+- **add-x-forwarded-headers**: Boolean ``(false)``
+
+
+.. _yaml-settings-OutgoingTcpConfiguration:
+
+OutgoingTcpConfiguration
+------------------------
+
+- **connect-timeout**: Unsigned integer ``(5)``
+- **send-timeout**: Unsigned integer ``(30)``
+- **receive-timeout**: Unsigned integer ``(30)``
+- **fast-open**: Boolean ``(false)``
+
+
+.. _yaml-settings-OutgoingTlsConfiguration:
+
+OutgoingTlsConfiguration
+------------------------
+
+- **provider**: String ``(OpenSSL)``
+- **subject-name**: String ``("")``
+- **subject-address**: String ``("")``
+- **validate-certificate**: Boolean ``(true)``
+- **ca-store**: String ``("")``
+- **ciphers**: String ``("")``
+- **ciphers-tls-13**: String ``("")``
+- **key-log-file**: String ``("")``
+- **release-buffers**: Boolean ``(true)``
+- **enable-renegotiation**: Boolean ``(false)``
+- **ktls**: Boolean ``(false)``
+
+
+.. _yaml-settings-PacketCacheConfiguration:
+
+PacketCacheConfiguration
+------------------------
+
+- **name**: String
+- **size**: Unsigned integer
+- **deferrable-insert-lock**: Boolean ``(true)``
+- **dont-age**: Boolean ``(false)``
+- **keep-stale-data**: Boolean ``(false)``
+- **max-negative-ttl**: Unsigned integer ``(3600)``
+- **max-ttl**: Unsigned integer ``(86400)``
+- **min-ttl**: Unsigned integer ``(0)``
+- **shards**: Unsigned integer ``(20)``
+- **parse-ecs**: Boolean ``(false)``
+- **stale-ttl**: Unsigned integer ``(60)``
+- **temporary-failure-ttl**: Unsigned integer ``(60)``
+- **cookie-hashing**: Boolean ``(false)``
+- **maximum-entry-size**: Unsigned integer ``(0)``
+- **options-to-skip**: Sequence of String
+
+
+.. _yaml-settings-PoolConfiguration:
+
+PoolConfiguration
+-----------------
+
+- **name**: String
+- **packet-cache**: String
+- **policy**: String ``(least-outstanding)``
+
+
+.. _yaml-settings-ProtoBufMetaConfiguration:
+
+ProtoBufMetaConfiguration
+-------------------------
+
+- **key**: String
+- **value**: String
+
+
+.. _yaml-settings-ProtobufLoggerConfiguration:
+
+ProtobufLoggerConfiguration
+---------------------------
+
+- **name**: String
+- **address**: String - An IP:PORT combination where the logger is listening
+- **timeout**: Unsigned integer ``(2)`` - TCP connect timeout in seconds
+- **max-queued-entries**: Unsigned integer ``(100)`` - Queue this many messages before dropping new ones (e.g. when the remote listener closes the connection)
+- **reconnect-wait-time**: Unsigned integer ``(1)`` - Time in seconds between reconnection attempts
+
+
+.. _yaml-settings-ProxyProtocolConfiguration:
+
+ProxyProtocolConfiguration
+--------------------------
+
+- **acl**: Sequence of String ``("")``
+- **maximum-payload-size**: Unsigned integer ``(512)``
+- **apply-acl-to-proxied-clients**: Boolean ``(false)``
+
+
+.. _yaml-settings-ProxyProtocolValueConfiguration:
+
+ProxyProtocolValueConfiguration
+-------------------------------
+
+- **key**: Unsigned integer
+- **value**: String
+
+
+.. _yaml-settings-QueryCountConfiguration:
+
+QueryCountConfiguration
+-----------------------
+
+- **enabled**: Boolean ``(false)``
+- **filter**: String ``("")``
+
+
+.. _yaml-settings-QueryRuleConfiguration:
+
+QueryRuleConfiguration
+----------------------
+
+- **name**: String
+- **uuid**: String
+- **selector**: :ref:`Selector <yaml-settings-Selector>`
+- **action**: :ref:`Action <yaml-settings-Action>`
+
+
+.. _yaml-settings-RemoteLoggingConfiguration:
+
+RemoteLoggingConfiguration
+--------------------------
+
+- **protobuf-loggers**: Sequence of :ref:`ProtobufLoggerConfiguration <yaml-settings-ProtobufLoggerConfiguration>`
+- **dnstap-loggers**: Sequence of :ref:`DnstapLoggerConfiguration <yaml-settings-DnstapLoggerConfiguration>`
+
+
+.. _yaml-settings-ResponseRuleConfiguration:
+
+ResponseRuleConfiguration
+-------------------------
+
+- **name**: String
+- **uuid**: String
+- **selector**: :ref:`Selector <yaml-settings-Selector>`
+- **action**: :ref:`ResponseAction <yaml-settings-ResponseAction>`
+
+
+.. _yaml-settings-RingBuffersConfiguration:
+
+RingBuffersConfiguration
+------------------------
+
+- **size**: Unsigned integer ``(10000)`` - The maximum amount of queries to keep in the ringbuffer
+- **shards**: Unsigned integer ``(10)`` - The number of shards to use to limit lock contention
+- **lock-retries**: Unsigned integer ``(5)`` - Set the number of shards to attempt to lock without blocking before giving up and simply blocking while waiting for the next shard to be available. Default to 5 if there is more than one shard, 0 otherwise
+- **record-queries**: Boolean ``(true)`` - Whether to record queries in the ring buffers
+- **record-responses**: Boolean ``(true)`` - Whether to record responses in the ring buffers
+
+
+.. _yaml-settings-SecurityPollingConfiguration:
+
+SecurityPollingConfiguration
+----------------------------
+
+- **polling-interval**: Unsigned integer ``(3600)``
+- **suffix**: String ``(secpoll.powerdns.com.)``
+
+
+.. _yaml-settings-SnmpConfiguration:
+
+SnmpConfiguration
+-----------------
+
+- **enabled**: Boolean ``(false)``
+- **traps-enabled**: Boolean ``(false)``
+- **daemon-socket**: String ``("")``
+
+
+.. _yaml-settings-TcpTuningConfiguration:
+
+TcpTuningConfiguration
+----------------------
+
+- **worker-threads**: Unsigned integer ``(10)``
+- **receive-timeout**: Unsigned integer ``(2)``
+- **send-timeout**: Unsigned integer ``(2)``
+- **max-queries-per-connection**: Unsigned integer ``(0)``
+- **max-connection-duration**: Unsigned integer ``(0)``
+- **max-queued-connections**: Unsigned integer ``(10000)``
+- **internal-pipe-buffer-size**: Unsigned integer ``(1048576)``
+- **outgoing-max-idle-time**: Unsigned integer ``(300)``
+- **outgoing-cleanup-interval**: Unsigned integer ``(60)``
+- **outgoing-max-idle-connection-per-backend**: Unsigned integer ``(10)``
+- **max-connections-per-client**: Unsigned integer ``(0)``
+- **fast-open-key**: String ``("")``
+
+
+.. _yaml-settings-TlsTuningConfiguration:
+
+TlsTuningConfiguration
+----------------------
+
+- **outgoing-tickets-cache-cleanup-delay**: Unsigned integer ``(60)``
+- **outgoing-tickets-cache-validity**: Unsigned integer ``(600)``
+- **max-outgoing-tickets-per-backend**: Unsigned integer ``(20)``
+
+
+.. _yaml-settings-TuningConfiguration:
+
+TuningConfiguration
+-------------------
+
+- **doh**: :ref:`DohTuningConfiguration <yaml-settings-DohTuningConfiguration>`
+- **tcp**: :ref:`TcpTuningConfiguration <yaml-settings-TcpTuningConfiguration>`
+- **tls**: :ref:`TlsTuningConfiguration <yaml-settings-TlsTuningConfiguration>`
+- **udp**: :ref:`UdpTuningConfiguration <yaml-settings-UdpTuningConfiguration>`
+
+
+.. _yaml-settings-UdpTuningConfiguration:
+
+UdpTuningConfiguration
+----------------------
+
+- **messages-per-round**: Unsigned integer ``(1)``
+- **send-buffer-size**: Unsigned integer ``(0)``
+- **receive-buffer-size**: Unsigned integer ``(0)``
+- **max-outstanding-per-backend**: Unsigned integer ``(65535)``
+- **timeout**: Unsigned integer ``(2)``
+- **randomize-outgoing-sockets-to-backend**: Boolean ``(false)``
+- **randomize-ids-to-backend**: Boolean ``(false)``
+
+
+.. _yaml-settings-WebserverConfiguration:
+
+WebserverConfiguration
+----------------------
+
+- **listen-address**: String ``("")`` - IP address and port to listen on
+- **password**: String ``("")`` - The password used to access the internal webserver. Since 1.7.0 the password should be hashed and salted via the ``hashPassword()`` command
+- **api-key**: String ``("")`` - The API Key (set to an empty string do disable it). Since 1.7.0 the key should be hashed and salted via the ``hashPassword()`` command
+- **acl**: Sequence of String ``(127.0.0.1, ::1)`` - List of network masks or IP addresses that are allowed to open a connection to the web server
+- **api-requires-authentication**: Boolean ``(true)`` - Whether access to the API (/api endpoints) requires a valid API key
+- **stats-require-authentication**: Boolean ``(true)`` - Whether access to the statistics (/metrics and /jsonstat endpoints) requires a valid password or API key
+- **dashboard-requires-authentication**: Boolean ``(true)`` - Whether access to the internal dashboard requires a valid password
+- **max-concurrent-connections**: Unsigned integer ``(100)`` - The maximum number of concurrent web connections, or 0 which means an unlimited number
+- **hash-plaintext-credentials**: Boolean ``(false)`` - Whether passwords and API keys provided in plaintext should be hashed during startup, to prevent the plaintext versions from staying in memory. Doing so increases significantly the cost of verifying credentials
+- **custom-headers**: Sequence of :ref:`HttpCustomResponseHeaderConfiguration <yaml-settings-HttpCustomResponseHeaderConfiguration>`
+- **api-configuration-directory**: String ``("")``
+- **api-read-write**: Boolean ``(false)``
+
+
--- /dev/null
+.. raw:: latex
+
+ \setcounter{secnumdepth}{-1}
+
+YAML support structures
+=======================
+
+.. _yaml-settings-ResponseConfig:
+
+ResponseConfig
+--------------
+
+- **set-aa**: Boolean
+- **set-ad**: Boolean
+- **set-ra**: Boolean
+- **ttl**: Unsigned integer
+
+.. _yaml-settings-SOAParams:
+
+SOAParams
+---------
+
+- **serial**: Unsigned integer
+- **refresh**: Unsigned integer
+- **retry**: Unsigned integer
+- **expire**: Unsigned integer
+- **minimum**: Unsigned integer
+
+.. _yaml-settings-SVCRecordAdditionalParams:
+
+SVCRecordAdditionalParams
+-------------------------
+
+- **key**: Unsigned integer
+- **value**: String
+
+.. _yaml-settings-SVCRecordParameters:
+
+SVCRecordParameters
+-------------------
+
+- **mandatory-params**: Sequence of Unsigned integer
+- **alpns**: Sequence of String
+- **ipv4-hints**: Sequence of String
+- **ipv6-hints**: Sequence of String
+- **additional_params**: Sequence of :ref:`SVCRecordAdditionalParams <yaml-settings-SVCRecordAdditionalParams>`
+- **target**: String
+- **port**: Unsigned integer
+- **priority**: Unsigned integer
+- **no-default-alpn**: Boolean
projects / thirdparty / pdns.git / commitdiff
