``geoip-database-files``
~~~~~~~~~~~~~~~~~~~~~~~~
-.. versionchanged:: 4.2.0
- The syntax of the argument has been changed.
-
-.. versionchanged:: 4.2.0
- Support for MMDB has been added.
-
Comma, tab or space separated list of files to open. You can use
`geoip-cvs-to-dat <https://github.com/dankamongmen/sprezzos-world/blob/master/packaging/geoip/debian/src/geoip-csv-to-dat.cpp>`__.
to generate your own.
:mode: The caching mode for data, only ``mmap`` is supported
:language: The language to use, ``en`` by default
-``geoip-database-cache``
-~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. deprecated:: 4.2.0
-
- This setting is removed
-
-Specifies the kind of caching that is done on the database. This is one
-of "standard", "memory", "index" or "mmap". These options map to the
-caching options described
-`here <https://github.com/maxmind/geoip-api-c/blob/master/README.md#memory-caching-and-other-options>`__
-
.. _setting-geoip-zones-file:
``geoip-zones-file``
- %mp to expand user defined custom formats.
-.. versionadded:: 4.2.0
-
- These placeholders have been added in version 4.2.0:
-
- - %lat, %lon, %loc to expand for geographic location, if available in backend. %loc in particular can be safely used with LOC record type.
- - %ip4 and %ip6 that will expand to the IP address when AFI matches, and empty otherwise. Can be particularly used with A and AAAA record types.
-
-.. versionadded:: 4.1.0
-
- These placeholders have been added in version 4.1.0:
-
- - %cc = 2 letter country code
-
Using the ``weight`` attribute
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This will only be an issue if you are trying to use a service record at the apex of your domain where you need other record types to be present (such as NS and SOA records).
Per :rfc:`2181`, CNAME records cannot appear in the same label as NS or SOA records.
-.. versionchanged:: 4.2.0
-
- Before, a record expanded to an empty value would cause a SERVFAIL response.
- Since 4.2.0 such expansions for non-TXT record types are not included in response.
-
Caching and the GeoIP Backend
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Boolean
- Default: no
-.. versionadded:: 4.0.0
-
Allow 8 bit DNS queries.
.. _setting-allow-axfr-ips:
Allow AXFR NOTIFY from these IP ranges. Setting this to an empty string
will drop all incoming notifies.
-.. _setting-allow-recursion:
-
-``allow-recursion``
--------------------
-
-- IP ranges, separated by commas
-- Default: 0.0.0.0/0
-
-.. deprecated:: 4.1.0
- Recursion has been removed, see :doc:`guides/recursion`
-
-By specifying ``allow-recursion``, recursion can be restricted to
-netmasks specified. The default is to allow recursion from everywhere.
-Example: ``allow-recursion=198.51.100.0/24, 10.0.0.0/8, 192.0.2.4``.
-
.. _setting-allow-unsigned-notify:
``allow-unsigned-notify``
- Boolean
- Default: yes
-.. versionadded:: 4.0.0
-
Turning this off requires all notifications that are received to be
signed by valid TSIG signature for the zone.
- Boolean
- Default: yes
-.. versionadded:: 4.0.0
-
Turning this off requires all supermaster notifications to be signed by
valid TSIG signature. It will accept any existing key on slave.
- Boolean
- Default: yes
-.. versionchanged:: 4.0.1
- was 'no' before.
-
Answer questions for the ANY on UDP with a truncated packet that refers
the remote server to TCP. Useful for mitigating reflection attacks.
- String
-.. versionadded:: 4.0.0
-
Static pre-shared authentication key for access to the REST API.
-.. _setting-api-readonly:
-
-``api-readonly``
-----------------
-
-- Boolean
-- Default: no
-
-.. versionadded:: 4.0.0
-.. versionchanged:: 4.2.0
- This setting has been removed in 4.2.0.
-
-Disallow data modification through the REST API when set.
-
.. _setting-axfr-fetch-timeout:
``axfr-fetch-timeout``
- Boolean
- Default: no
-.. versionadded:: 4.0.4
-
Also AXFR a zone from a master with a lower serial.
.. _setting-cache-ttl:
- String
- Default: auth
-.. versionadded:: 4.2.0
-
Set the instance or third string of the metric key. Be careful not to include
any dots in this setting, unless you know what you are doing.
See :ref:`metricscarbon`
- String
- Default: pdns
-.. versionadded:: 4.2.0
-
Set the namespace or first string of the metric key. Be careful not to include
any dots in this setting, unless you know what you are doing.
See :ref:`metricscarbon`
- Boolean
- Default: yes
-.. versionadded:: 4.2.0
-
The value of :ref:`metadata-api-rectify` if it is not set on the zone.
.. note::
- String
- Default: ecdsa256
-.. versionchanged:: 4.1.0
- Renamed from ``default-ksk-algorithms``. No longer supports multiple algorithm names.
-
The algorithm that should be used for the KSK when running
:doc:`pdnsutil secure-zone <manpages/pdnsutil.1>` or using the :doc:`Zone API endpoint <http-api/cryptokey>`
to enable DNSSEC. Must be one of:
- String
- Default: (empty)
-.. versionchanged:: 4.1.0
- Renamed from ``default-zsk-algorithms``. Does no longer support multiple algorithm names.
-
The algorithm that should be used for the ZSK when running
:doc:`pdnsutil secure-zone <manpages/pdnsutil.1>` or using the :doc:`Zone API endpoint <http-api/cryptokey>`
to enable DNSSEC. Must be one of:
Do not use this setting in combination with :ref:`setting-daemon` as all
logging will disappear.
-.. _setting-disable-tcp:
-
-``disable-tcp``
----------------
-
-- Boolean
-- Default: no
-
-.. versionchanged:: 4.2.0
- This setting has been removed
-
-Do not listen to TCP queries. Breaks RFC compliance.
-
.. _setting-distributor-threads:
``distributor-threads``
- One of ``no``, ``yes`` (or empty), or ``shared``, String
- Default: no
-.. versionadded:: 4.2.0
-
Globally enable the :doc:`LUA records <lua-records/index>` feature.
To use shared LUA states, set this to ``shared``, see :ref:`lua-records-shared-state`.
- Boolean
- Default: no
-.. versionadded:: 4.1.0
-
If this is enabled, ALIAS records are expanded (synthesized to their
A/AAAA).
- Bool
- Default: yes
-.. versionadded:: 4.1.0
-
When printing log lines to stdout, prefix them with timestamps.
Disable this if the process supervisor timestamps these lines already.
- String
- Default: empty
-.. versionadded:: 4.1.0
-
Script to be used to edit incoming AXFRs, see :ref:`modes-of-operation-axfrfilter`
.. _setting-lua-health-checks-expire-delay:
- Integer
- Default: 1000000
-.. versionchanged:: 4.1.0
- The packet and query caches are distinct. Previously, this setting was used for
- both the packet and query caches. See :ref:`setting-max-packet-cache-entries` for
- the packet-cache setting.
-
Maximum number of entries in the query cache. 1 million (the default)
will generally suffice for most installations.
``max-generate-steps``
----------------------
-.. versionadded:: 4.3.0
-
- Integer
- Default: 0
- Integer
- Default: 1000000
-.. versionadded:: 4.1.0
-
Maximum number of entries in the packet cache. 1 million (the default)
will generally suffice for most installations.
only-notify=0.0.0.0/0
-.. _setting-out-of-zone-additional-processing:
-
-``out-of-zone-additional-processing``
--------------------------------------
-
-- Boolean
-- Default: yes
-
-.. deprecated:: 4.2.0
- This setting has been removed.
-
-Do out of zone additional processing. This means that if a malicious
-user adds a '.com' zone to your server, it is not used for other domains
-and will not contaminate answers. Do not enable this setting if you run
-a public DNS service with untrusted users.
-
-The docs had previously indicated that the default was "no", but the
-default has been "yes" since 2005.
-
.. _setting-outgoing-axfr-expand-alias:
``outgoing-axfr-expand-alias``
Number of receiver (listening) threads to start. See :doc:`performance`.
-.. _setting-recursive-cache-ttl:
-
-``recursive-cache-ttl``
------------------------
-
-- Integer
-- Default: 10
-
-.. deprecated:: 4.1.0
- Recursion has been removed, see :doc:`guides/recursion`
-
-Seconds to store recursive packets in the :ref:`packet-cache`.
-
-.. _setting-recursor:
-
-``recursor``
-------------
-
-- IP Address
-
-.. deprecated:: 4.1.0
- Recursion has been removed, see :doc:`guides/recursion`
-
-If set, recursive queries will be handed to the recursor specified here.
-
-.. _setting-resolver:
-
-``resolver``
-------------
-
-- IP Addresses with optional port, separated by commas
-
-.. versionadded:: 4.1.0
-
-Use these resolver addresses for ALIAS and the internal stub resolver.
-If this is not set, ``/etc/resolv.conf`` is parsed for upstream
-resolvers.
-
.. _setting-retrieval-threads:
``retrieval-threads``
- Boolean
- Default: no
-.. versionadded:: 4.1.9
- In versions before 4.1.9, this setting did not exist and supermaster support
- was enabled by default.
-
-.. versionchanged:: 4.2.0
- Before 4.2.0, the default was yes.
-
Turn on supermaster support. See :ref:`supermaster-operation`.
.. _setting-tcp-control-address:
- Integer
- Default: 0 (Disabled)
-.. versionadded:: 4.1.0
-
Enable TCP Fast Open support, if available, on the listening sockets.
The numerical value supplied is used as the queue size, 0 meaning
disabled.
``udp-truncation-threshold``
----------------------------
-.. versionchanged:: 4.2.0
- Before 4.2.0, the default was 1680
-
- Integer
- Default: 1232
Start a webserver for monitoring. See :doc:`performance`".
-.. versionchanged:: 4.1.0
- It was necessary to enable the webserver to use the REST API, this is no longer the case.
-
.. _setting-webserver-address:
``webserver-address``
- IP ranges, separated by commas or whitespace
- Default: 127.0.0.1,::1
-.. versionchanged:: 4.1.0
-
- Default is now 127.0.0.1,::1, was 0.0.0.0/0,::/0 before.
-
Webserver/API access is only allowed from these subnets.
.. _setting-webserver-loglevel:
``webserver-loglevel``
----------------------
-.. versionadded:: 4.2.0
- String, one of "none", "normal", "detailed"
``webserver-max-bodysize``
--------------------------
-.. versionadded:: 4.2.0
- Integer
- Default: 2
projects / thirdparty / pdns.git / commitdiff
