in percent.
--plot-file <FILE> Write results to the specified file.
--quiet Whether to run quietly, outputting only the maximum QPS reached.
- This option is mostly useful when used with --minimum-success-rate.
+ This option is mostly useful when used with ``--minimum-success-rate``.
--want-recursion Set this flag to send queries with the Recursion Desired flag set.
:program:`dnsbulktest` sends a large amount of different queries (for up to
*LIMIT* different domains) to the nameserver at *IPADDRESS* on port
-*PORT*. It reads the domain names from STDIN in the alexa topX format
+*PORT*. It reads the domain names from STDIN in the Alexa topX format
and outputs statistics on STDOUT.
Options
-----------
:program:`dnspcap2calidns` reads the PCAP file *PCAPFILE* for DNS queries and
-writes these to *OUTFILE* in the format understood by :program:`calidns`
+writes these to *OUTFILE* in the format understood by :program:`calidns`.
Options
-------
the specified nameserver and reporting afterwards which percentage of
answers matched, were worse or better.
-dnsreplay compares the answers and some other metrics with the actual
+:program:`dnsreplay` compares the answers and some other metrics with the actual
ones with those found in the dumpfile.
-By default it only replay queries with recursion-desired flag set.
+By default it will only replay queries with recursion-desired flag set.
Options
-------
--packet-limit <NUM> Stop after replaying *NUM* packets. Default for *NUM* is 0, which
means no limit.
--pcap-dns-port <VAL> Look at packets from or to this port in the PCAP. Default is 53.
---quiet <FLAG> If *FLAG* is set to 1. dnsreplay will not be very noisy with its
+--quiet <FLAG> If *FLAG* is set to 1, :program:`dnsreplay` will not be very noisy with its
output. This is the default.
---recursive <FLAG> If *FLAG* is set to 1. dnsreplay will only replay queries with
+--recursive <FLAG> If *FLAG* is set to 1, :program:`dnsreplay` will only replay queries with
recursion desired flag set. This is the default.
---source-from-pcap <FLAG> If *FLAG* is set to 1. dnsreplay will send the replayed queries from the
+--source-from-pcap <FLAG> If *FLAG* is set to 1, :program:`dnsreplay` will send the replayed queries from the
source IP address and port present in the PCAP file. This requires
IP_TRANSPARENT support. Default is 0 which means replayed queries will be
sent from a local address.
Options
-------
--f, <FILENAME>, --file <FILENAME> *FILENAME* from which to read queries. Defaults to standard input if unspecified.
--h, --help Provide a helpful message.
---timeout-msec <MSEC> *MSEC* milliseconds to wait for an answer.
--u, --udp-first Attempt resolution via UDP first, only do TCP if truncated answer is received.
--v, --verbose Be wordy on what the program is doing.
---workers <NUM> Use *NUM* parallel worker threads.
-
-*REMOTE-ADDRESS*: IPv4 or IPv6 to test against.
-
-*REMOTE-PORT*: Port to test against, defaults to 53.
+REMOTE-ADDRESS
+ IPv4 or IPv6 to test against.
+REMOTE-PORT
+ Port to test against, defaults to 53.
+
+-f <FILENAME>, --file <FILENAME> *FILENAME* from which to read queries. Defaults to standard input if unspecified.
+-h, --help Provide a helpful message.
+--timeout-msec <MSEC> *MSEC* milliseconds to wait for an answer.
+-u, --udp-first Attempt resolution via UDP first, only do TCP if truncated answer is received.
+-v, --verbose Be wordy on what the program is doing.
+--workers <NUM> Use *NUM* parallel worker threads.
Bugs
----
Synopsis
--------
-:program:`dnswasher` *INFILE* [*INFILE*] *OUTFILE*
+:program:`dnswasher` [*OPTION*]... *INFILE* [*INFILE*] *OUTFILE*
Description
-----------
-dnswasher takes one or more *INFILE*\ s in PCAP format and writes out
+:program:`dnswasher` takes one or more *INFILE*\ s in PCAP format and writes out
*OUTFILE* also in PCAP format, while obfuscating end-user IP addresses.
This is useful to share data with third parties while attempting to
Options
-------
---decrypt,-d Undo IPCipher encryption of IP addresses
---help, -h Show summary of options.
---key,-k Base64 encoded 128-bit key for IPCipher
---passphrase,-p Passphrase that will be used to derive an IPCipher key
---version,-v Output version
+--decrypt, -d Undo IPCipher encryption of IP addresses.
+--help, -h Show summary of options.
+--key, -k Base64 encoded 128-bit key for IPCipher.
+--passphrase, -p Passphrase that will be used to derive an IPCipher key.
+--version, -v Output version.
See also
--------
The name of the zone the IXFRs are consumed from.
BEFORE
Path to the 'before' zonefile.
-AFYER
+AFTER
Path to the 'after' zonefile.
track-mode
Output an extended status of all zones, containing much more information than
the simple zone status, like the number of records currently loaded, whether pdns
-is primary or secondary for the zone, the list of primaries, various timers, etc
+is primary or secondary for the zone, the list of primaries, various timers, etc.
Optionally, append *ZONE*\ s to get the status of specific zones.
bind-domain-status [*ZONE*...]
current-config [diff]
^^^^^^^^^^^^^^^^^^^^^
-Show the currently running configuration. The output has the same format as ``pdns_server --config``. With the diff option only modified options are included in the output.
+Show the currently running configuration. The output has the same format as ``pdns_server --config``. With the diff option, only modified options are included in the output.
cycle
^^^^^
qtypes
^^^^^^
-Get a count of queries per qtype on standard out.
+Get a count of queries per qtype on standard output.
quit
^^^^
Options
-------
-See the online documentation for all options
+See the online documentation for all options. The most important ones are:
--daemon Indicate if the server should run in the background as a real
daemon, or in the foreground.
--guardian Run :program:`pdns_server` inside a guardian. This guardian monitors the
performance of the inner :program:`pdns_server` instance. It is also this
- guardian that :program:`pdns_control`\ talks to.
+ guardian that :program:`pdns_control` talks to.
--control-console Run the server in a special monitor mode. This enables detailed
logging and exposes the raw control socket.
--loglevel=<LEVEL> Set the logging level.
--config Show the currently configuration. There are three optional values:
- --config=default show the default configuration.
- --config=diff show modified options in the current configuration.
- --config=check parse the current configuration, with error checking.
---help To view more options that are available use this program.
+
+ --config=default show the default configuration.
+ --config=diff show modified options in the current configuration.
+ --config=check parse the current configuration, with error checking.
+--help Display the list of all the available options.
See also
--------
--config-name <NAME> Virtual configuration name
--config-dir <DIR> Location of pdns.conf. Default is /etc/powerdns.
-COMMANDS
+Commands
--------
There are many available commands, this section splits them up into
-their respective uses
+their respective uses.
-DNSSEC RELATED COMMANDS
+DNSSEC-related Commands
-----------------------
Several commands manipulate the DNSSEC keys and options for zones. Some
NSEC3 records are created. The NSEC3 parameters must be quoted on
the command line. *HASH-ALGORITHM* must be 1 (SHA-1). Setting
*FLAGS* to 1 enables NSEC3 opt-out operation. Only do this if you
- know you need it. For *ITERATIONS*, please consult RFC 5155, section
- 10.3. And be aware that a high number might overload validating
+ know you need it. For *ITERATIONS*, please consult
+ :rfc:`RFC 5155<5155#section-10.3>`.
+ And be aware that a high number might overload validating
resolvers and that a limit can be set with ``max-nsec3-iterations``
in ``pdns.conf``. The *SALT* is a hexadecimal string encoding the bits
for the salt, or - to use no salt. Setting **narrow** will make PowerDNS
- send out "white lies" (RFC 7129) about the next secure record to
+ send out "white lies" (:rfc:`7129`) about the next secure record to
prevent zone enumeration. Instead of looking it up in the database,
it will send out the hash + 1 as the next secure record. Narrow mode
requires online signing capabilities by the nameserver and therefore
-----------
:program:`zone2json` parses BIND named.conf files and zonefiles and outputs
-JSON on standard out, which can then be fed to the PowerDNS API.
+JSON on standard output, which can then be fed to the PowerDNS API.
:program:`zone2json` understands the BIND master file extension ``$GENERATE``
and will also honour ``$ORIGIN`` and ``$TTL``.
-----------
:program:`zone2sql` parses BIND named.conf files and zonefiles and outputs SQL
-on standard out, which can then be fed to your database.
+on standard output, which can then be fed to your database.
:program:`zone2sql` understands the BIND master file extension ``$GENERATE``
and will also honour ``$ORIGIN`` and ``$TTL``.
^^^^^^^^^^^^^^^^^^
To migrate, the ``zone2sql`` tool is provided. This tool parses a BIND
-``named.conf`` file and zone files and outputs SQL on standard out,
+``named.conf`` file and zone files and outputs SQL on standard output,
which can then be fed to your database. It understands the BIND master
file extension ``$GENERATE`` and will also honour ``$ORIGIN`` and
``$TTL``.