g_nodLookupDomain = DNSName(::arg()["new-domain-lookup"]);
g_nodLog = ::arg().mustDo("new-domain-log");
parseNODWhitelist(::arg()["new-domain-whitelist"]);
+ parseNODWhitelist(::arg()["new-domain-ignore-list"]);
// Setup Unique DNS Response subsystem
g_udrEnabled = ::arg().mustDo("unique-response-tracking");
}
SyncRes::parseEDNSSubnetWhitelist(::arg()["edns-subnet-whitelist"]);
+ SyncRes::parseEDNSSubnetWhitelist(::arg()["edns-subnet-allow-list"]);
SyncRes::parseEDNSSubnetAddFor(::arg()["ecs-add-for"]);
g_useIncomingECS = ::arg().mustDo("use-incoming-edns-subnet");
blacklistStats(StatComponent::RecControl, ::arg()["stats-rec-control-blacklist"]);
blacklistStats(StatComponent::SNMP, ::arg()["stats-snmp-blacklist"]);
+ blacklistStats(StatComponent::API, ::arg()["stats-api-disabled-list"]);
+ blacklistStats(StatComponent::Carbon, ::arg()["stats-carbon-disabled-list"]);
+ blacklistStats(StatComponent::RecControl, ::arg()["stats-rec-control-disabled-list"]);
+ blacklistStats(StatComponent::SNMP, ::arg()["stats-snmp-disabled-list"]);
+
if (::arg().mustDo("snmp-agent")) {
string setting = ::arg()["snmp-daemon-socket"];
if (setting.empty()) {
::arg().set("ecs-ipv6-cache-bits", "Maximum number of bits of IPv6 mask to cache ECS response")="56";
::arg().set("ecs-minimum-ttl-override", "The minimum TTL for records in ECS-specific answers")="1";
::arg().set("ecs-cache-limit-ttl", "Minimum TTL to cache ECS response")="0";
- ::arg().set("edns-subnet-whitelist", "List of netmasks and domains that we should enable EDNS subnet for")="";
+ ::arg().set("edns-subnet-whitelist", "List of netmasks and domains that we should enable EDNS subnet for (deprecated)")="";
+ ::arg().set("edns-subnet-allow-list", "List of netmasks and domains that we should enable EDNS subnet for")="";
::arg().set("ecs-add-for", "List of client netmasks for which EDNS Client Subnet will be added")="0.0.0.0/0, ::/0, " LOCAL_NETS_INVERSE;
- ::arg().set("ecs-scope-zero-address", "Address to send to whitelisted authoritative servers for incoming queries with ECS prefix-length source of 0")="";
+ ::arg().set("ecs-scope-zero-address", "Address to send to allow-listed authoritative servers for incoming queries with ECS prefix-length source of 0")="";
::arg().setSwitch( "use-incoming-edns-subnet", "Pass along received EDNS Client Subnet information")="no";
::arg().setSwitch( "pdns-distributes-queries", "If PowerDNS itself should distribute queries over threads")="yes";
::arg().setSwitch( "root-nx-trust", "If set, believe that an NXDOMAIN from the root means the TLD does not exist")="yes";
for (size_t idx = 0; idx < 128; idx++) {
defaultBlacklistedStats += ", ecs-v6-response-bits-" + std::to_string(idx + 1);
}
- ::arg().set("stats-api-blacklist", "List of statistics that are disabled when retrieving the complete list of statistics via the API")=defaultBlacklistedStats;
- ::arg().set("stats-carbon-blacklist", "List of statistics that are prevented from being exported via Carbon")=defaultBlacklistedStats;
- ::arg().set("stats-rec-control-blacklist", "List of statistics that are prevented from being exported via rec_control get-all")=defaultBlacklistedStats;
- ::arg().set("stats-snmp-blacklist", "List of statistics that are prevented from being exported via SNMP")=defaultBlacklistedStats;
+ ::arg().set("stats-api-blacklist", "List of statistics that are disabled when retrieving the complete list of statistics via the API (deprecated)")=defaultBlacklistedStats;
+ ::arg().set("stats-carbon-blacklist", "List of statistics that are prevented from being exported via Carbon (deprecated)")=defaultBlacklistedStats;
+ ::arg().set("stats-rec-control-blacklist", "List of statistics that are prevented from being exported via rec_control get-all (deprecated)")=defaultBlacklistedStats;
+ ::arg().set("stats-snmp-blacklist", "List of statistics that are prevented from being exported via SNMP (deprecated)")=defaultBlacklistedStats;
+
+ ::arg().set("stats-api-disabled-list", "List of statistics that are disabled when retrieving the complete list of statistics via the API")=defaultBlacklistedStats;
+ ::arg().set("stats-carbon-disabled-list", "List of statistics that are prevented from being exported via Carbon")=defaultBlacklistedStats;
+ ::arg().set("stats-rec-control-disabled-list", "List of statistics that are prevented from being exported via rec_control get-all")=defaultBlacklistedStats;
+ ::arg().set("stats-snmp-disabled-list", "List of statistics that are prevented from being exported via SNMP")=defaultBlacklistedStats;
::arg().set("tcp-fast-open", "Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size")="0";
::arg().set("nsec3-max-iterations", "Maximum number of iterations allowed for an NSEC3 record")="2500";
::arg().set("new-domain-log", "Log newly observed domains.")="yes";
::arg().set("new-domain-lookup", "Perform a DNS lookup newly observed domains as a subdomain of the configured domain")="";
::arg().set("new-domain-history-dir", "Persist new domain tracking data here to persist between restarts")=string(NODCACHEDIR)+"/nod";
- ::arg().set("new-domain-whitelist", "List of domains (and implicitly all subdomains) which will never be considered a new domain")="";
+ ::arg().set("new-domain-whitelist", "List of domains (and implicitly all subdomains) which will never be considered a new domain (deprecated)")="";
+ ::arg().set("new-domain-ignore-list", "List of domains (and implicitly all subdomains) which will never be considered a new domain")="";
::arg().set("new-domain-db-size", "Size of the DB used to track new domains in terms of number of cells. Defaults to 67108864")="67108864";
::arg().set("new-domain-pb-tag", "If protobuf is configured, the tag to use for messages containing newly observed domains. Defaults to 'pdns-nod'")="pdns-nod";
::arg().set("unique-response-tracking", "Track unique responses (tuple of query name, type and RR).")="no";
List of requestor netmasks for which the requestor IP Address should be used as the :rfc:`EDNS Client Subnet <7871>` for outgoing queries. Outgoing queries for requestors that do not match this list will use the `ecs-scope-zero-address`_ instead.
Valid incoming ECS values from `use-incoming-edns-subnet`_ are not replaced.
-Regardless of the value of this setting, ECS values are only sent for outgoing queries matching the conditions in the `edns-subnet-whitelist`_ setting. This setting only controls the actual value being sent.
+Regardless of the value of this setting, ECS values are only sent for outgoing queries matching the conditions in the `edns-subnet-allow-list`_ setting. This setting only controls the actual value being sent.
This defaults to not using the requestor address inside RFC1918 and similar "private" IP address spaces.
- Default: empty
The IP address sent via EDNS Client Subnet to authoritative servers listed in
-`edns-subnet-whitelist`_ when `use-incoming-edns-subnet`_ is set and the query has
+`edns-subnet-allow-list`_ when `use-incoming-edns-subnet`_ is set and the query has
an ECS source prefix-length set to 0.
The default is to look for the first usable (not an ``any`` one) address in
`query-local-address`_ (starting with IPv4). If no suitable address is
``edns-subnet-whitelist``
-------------------------
+.. deprecated:: 4.5.0
+ Use :ref:`setting-edns-subnet-allow-list`.
+
+.. _setting-edns-subnet-allow-list:
+
+``edns-subnet-allow-list``
+--------------------------
+.. versionadded:: 4.5.0
+
- Comma separated list of domain names and netmasks
- Default: (none)
``new-domain-whitelist``
------------------------
.. versionadded:: 4.2.0
+.. deprecated:: 4.5.0
+ Use :ref:`setting-new-domain-ignore-list`.
+
+.. _setting-new-domain-ignore-list:
+
+``new-domain-ignore-list``
+--------------------------
+.. versionadded:: 4.5.0
- List of Domain Names, comma separated
- Example: xyz.com, abc.com
This setting is a list of all domains (and implicitly all subdomains)
that will never be considered a new domain. For example, if the domain
'xyz123.tv' is in the list, then 'foo.bar.xyz123.tv' will never be
-considered a new domain. One use-case for the whitelist is to never
+considered a new domain. One use-case for the ignore list is to never
reveal details of internal subdomains via the new-domain-lookup
feature.
``stats-api-blacklist``
-----------------------
.. versionadded:: 4.2.0
+.. deprecated:: 4.5.0
+ Use :ref:`setting-stats-api-disabled-list`.
+
+.. _setting-stats-api-disabled-list:
+
+``stats-api-disabled-list``
+---------------------------
+.. versionadded:: 4.5.0
- String
- Default: "cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-*, ecs-v6-response-bits-*"
``stats-carbon-blacklist``
--------------------------
.. versionadded:: 4.2.0
+.. deprecated:: 4.5.0
+ Use :ref:`setting-stats-carbon-disabled-list`.
+
+.. _setting-stats-carbon-disabled-list:
+
+``stats-carbon-disabled-list``
+------------------------------
+.. versionadded:: 4.5.0
- String
- Default: "cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-*, ecs-v6-response-bits-*"
``stats-rec-control-blacklist``
-------------------------------
.. versionadded:: 4.2.0
+.. deprecated:: 4.5.0
+ Use :ref:`setting-stats-rec-control-disabled-list`.
+
+.. _setting-stats-rec-control-disabled-list:
+
+``stats-rec-control-disabled-list``
+------------------------------------
+.. versionadded:: 4.5.0
- String
- Default: "cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-*, ecs-v6-response-bits-*"
``stats-snmp-blacklist``
------------------------
.. versionadded:: 4.2.0
+.. deprecated:: 4.5.0
+ Use :ref:`setting-stats-snmp-disabled-list`.
+
+.. _setting-stats-snmp-disabled-list:
+
+``stats-snmp-disabled-list``
+----------------------------
+.. versionadded:: 4.5.0
- String
- Default: "cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-*, ecs-v6-response-bits-*"
- Default: no
Whether to process and pass along a received EDNS Client Subnet to authoritative servers.
-The ECS information will only be sent for netmasks and domains listed in `edns-subnet-whitelist`_ and will be truncated if the received scope exceeds `ecs-ipv4-bits`_ for IPv4 or `ecs-ipv6-bits`_ for IPv6.
+The ECS information will only be sent for netmasks and domains listed in `edns-subnet-allow-list`_ and will be truncated if the received scope exceeds `ecs-ipv4-bits`_ for IPv4 or `ecs-ipv6-bits`_ for IPv6.
.. _setting-version:
projects / thirdparty / pdns.git / commitdiff
