- IP addresses, separated by commas
-When notifying a domain, also notify these nameservers. Example:
+When notifying a zone, also notify these nameservers. Example:
``also-notify=192.0.2.1, 203.0.113.167``. The IP addresses listed in
``also-notify`` always receive a notification. Even if they do not match
the list in :ref:`setting-only-notify`.
.. versionadded:: 4.4.0
-When this is set, PowerDNS assumes that any single domain lives in only one backend.
+When this is set, PowerDNS assumes that any single zone lives in only one backend.
This allows PowerDNS to send ANY lookups to its backends, instead of sometimes requesting the exact needed type.
This reduces the load on backends by retrieving all the types for a given name at once, adding all of them to the cache.
It improves performance significantly for latency-sensitive backends, like SQL ones, where a round-trip takes serious time.
.. deprecated:: 4.5.0
Renamed to :ref:`setting-zone-metadata-cache-ttl`.
-Seconds to cache domain metadata from the database. A value of 0
+Seconds to cache zone metadata from the database. A value of 0
disables caching.
.. _setting-edns-subnet-processing:
can be limited. The default is to notify the world. To completely
disable these NOTIFYs set ``only-notify`` to an empty value. Independent
of this setting, the IP addresses or netmasks configured with
-:ref:`setting-also-notify` and ``ALSO-NOTIFY`` domain metadata
+:ref:`setting-also-notify` and ``ALSO-NOTIFY`` zone metadata
always receive AXFR NOTIFYs.
IP addresses and netmasks can be excluded by prefixing them with a ``!``.
method to distribute the zone data to the slaves), then set
:ref:`setting-only-notify` to an empty value and specify the notification targets
explicitly using :ref:`setting-also-notify` and/or
- :ref:`metadata-also-notify` domain metadata to avoid this potential bottleneck.
+ :ref:`metadata-also-notify` zone metadata to avoid this potential bottleneck.
.. note::
If your slaves support an Internet Protocol version, which your master does not,
- String
- Default: secpoll.powerdns.com.
-Domain name from which to query security update notifications. Setting
+Zone name from which to query security update notifications. Setting
this to an empty string disables secpoll.
.. _setting-send-signed-notify:
- Default: yes
If yes, outgoing NOTIFYs will be signed if a TSIG key is configured for the zone.
-If there are multiple TSIG keys configured for a domain, PowerDNS will use the
+If there are multiple TSIG keys configured for a zone, PowerDNS will use the
first one retrieved from the backend, which may not be the correct one for the
respective slave. Hence, in setups with multiple slaves with different TSIG keys
it may be required to send NOTIFYs unsigned.
* :ref:`setting-slave-renotify` is now :ref:`setting-secondary-do-renotify`
* :ref:`setting-slave` is now :ref:`setting-secondary`
* :ref:`setting-superslave` is now :ref:`setting-autosecondary`
-* :ref:`setting-domain-metadata-cache-ttl` is now :ref:`setting-zone-metadata-ttl`
+* :ref:`setting-domain-metadata-cache-ttl` is now :ref:`setting-zone-metadata-cache-ttl`
Changed defaults
~~~~~~~~~~~~~~~~
::arg().setSwitch("dnsupdate","Enable/Disable DNS update (RFC2136) support. Default is no.")="no";
::arg().setSwitch("write-pid","Write a PID file")="yes";
::arg().set("allow-dnsupdate-from","A global setting to allow DNS updates from these IP ranges.")="127.0.0.0/8,::1";
- ::arg().setSwitch("send-signed-notify","Send TSIG secured NOTIFY if TSIG key is configured for a domain")="yes";
- ::arg().set("allow-unsigned-notify","Allow unsigned notifications for TSIG secured domains")="yes"; //FIXME: change to 'no' later
+ ::arg().setSwitch("send-signed-notify", "Send TSIG secured NOTIFY if TSIG key is configured for a zone") = "yes";
+ ::arg().set("allow-unsigned-notify", "Allow unsigned notifications for TSIG secured zones") = "yes"; //FIXME: change to 'no' later
::arg().set("allow-unsigned-supermaster", "Allow supermasters to create zones without TSIG signed NOTIFY")="yes";
::arg().set("allow-unsigned-autoprimary", "Allow autoprimaries to create zones without TSIG signed NOTIFY")="yes";
- ::arg().setSwitch("forward-dnsupdate","A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.")="yes";
+ ::arg().setSwitch("forward-dnsupdate", "A global setting to allow DNS update packages that are for a Slave zone, to be forwarded to the master.") = "yes";
::arg().setSwitch("log-dns-details","If PDNS should log DNS non-erroneous details")="no";
::arg().setSwitch("log-dns-queries","If PDNS should log all incoming DNS queries")="no";
::arg().set("local-address","Local IP addresses to which we bind")="0.0.0.0, ::";
::arg().setSwitch("disable-axfr","Disable zonetransfers but do allow TCP queries")="no";
::arg().set("allow-axfr-ips","Allow zonetransfers only to these subnets")="127.0.0.0/8,::1";
::arg().set("only-notify", "Only send AXFR NOTIFY to these IP addresses or netmasks")="0.0.0.0/0,::/0";
- ::arg().set("also-notify", "When notifying a domain, also notify these nameservers")="";
+ ::arg().set("also-notify", "When notifying a zone, also notify these nameservers") = "";
::arg().set("allow-notify-from","Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies.")="0.0.0.0/0,::/0";
::arg().set("slave-cycle-interval","Schedule slave freshness checks once every .. seconds")="60";
::arg().set("xfr-cycle-interval","Schedule primary/secondary SOA freshness checks once every .. seconds")="60";
::arg().set("default-publish-cds","Default value for PUBLISH-CDS")="";
::arg().set("include-dir","Include *.conf files from this directory");
- ::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com.";
+ ::arg().set("security-poll-suffix", "Zone name from which to query security update notifications") = "secpoll.powerdns.com.";
::arg().setSwitch("expand-alias", "Expand ALIAS records")="no";
::arg().setSwitch("outgoing-axfr-expand-alias", "Expand ALIAS records during outgoing AXFR")="no";
::arg().setSwitch("upgrade-unknown-types","Transparently upgrade known TYPExxx records. Recommended to keep off, except for PowerDNS upgrades until data sources are cleaned up")="no";
::arg().setSwitch("svc-autohints", "Transparently fill ipv6hint=auto ipv4hint=auto SVC params with AAAA/A records for the target name of the record (if within the same zone)")="no";
- ::arg().setSwitch("consistent-backends", "Assume individual domains are not divided over backends. Send only ANY lookup operations to the backend to reduce the number of lookups")="yes";
+ ::arg().setSwitch("consistent-backends", "Assume individual zones are not divided over backends. Send only ANY lookup operations to the backend to reduce the number of lookups") = "yes";
::arg().set("rng", "Specify the random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom.")="auto";
::arg().setDefaults();
S.declare("nxdomain-packets","Number of times an NXDOMAIN packet was sent out");
S.declare("noerror-packets","Number of times a NOERROR packet was sent out");
S.declare("servfail-packets","Number of times a server-failed packet was sent out");
- S.declare("unauth-packets","Number of times a domain we are not auth for was queried");
+ S.declare("unauth-packets", "Number of times a zone we are not auth for was queried");
S.declare("latency","Average number of microseconds needed to answer a question", getLatency, StatType::gauge);
S.declare("timedout-packets","Number of packets which weren't answered within timeout set");
S.declare("security-status", "Security status based on regular polling", StatType::gauge);
- S.declare("xfr-queue", "Size of the queue of domains to be XFRd", [](const string&) { return Communicator.getSuckRequestsWaiting(); }, StatType::gauge);
+ S.declare(
+ "xfr-queue", "Size of the queue of zones to be XFRd", [](const string&) { return Communicator.getSuckRequestsWaiting(); }, StatType::gauge);
S.declareDNSNameQTypeRing("queries","UDP Queries Received");
- S.declareDNSNameQTypeRing("nxdomain-queries","Queries for non-existent records within existent domains");
+ S.declareDNSNameQTypeRing("nxdomain-queries", "Queries for non-existent records within existent zones");
S.declareDNSNameQTypeRing("noerror-queries","Queries for existing records, but for type we don't have");
S.declareDNSNameQTypeRing("servfail-queries","Queries that could not be answered due to backend errors");
- S.declareDNSNameQTypeRing("unauth-queries","Queries for domains that we are not authoritative for");
+ S.declareDNSNameQTypeRing("unauth-queries", "Queries for zones that we are not authoritative for");
S.declareRing("logmessages","Log Messages");
S.declareComboRing("remotes","Remote server IP addresses");
- S.declareComboRing("remotes-unauth","Remote hosts querying domains for which we are not auth");
+ S.declareComboRing("remotes-unauth", "Remote hosts querying zones for which we are not auth");
S.declareComboRing("remotes-corrupt","Remote hosts sending corrupt packets");
}
::arg().set("dnssec-key-cache-ttl","Seconds to cache DNSSEC keys from the database")="30";
::arg().set("domain-metadata-cache-ttl", "Seconds to cache zone metadata from the database") = "0";
::arg().set("zone-metadata-cache-ttl", "Seconds to cache zone metadata from the database") = "60";
- ::arg().set("consistent-backends", "Assume individual domains are not divided over backends. Send only ANY lookup operations to the backend to reduce the number of lookups")="yes";
+ ::arg().set("consistent-backends", "Assume individual zones are not divided over backends. Send only ANY lookup operations to the backend to reduce the number of lookups") = "yes";
// Keep this line below all ::arg().set() statements
if (! ::arg().laxFile(configname.c_str()))
if(!fname.empty()) {
ifstream ifs(fname.c_str());
if(!ifs) {
- cerr<<"Could not open '"<<fname<<"' for reading domain names to query"<<endl;
+ cerr << "Could not open '" << fname << "' for reading zone names to query" << endl;
}
string line;
while(getline(ifs,line)) {
DomainInfo di;
try {
if (!B.getDomainInfo(zone, di)) {
- cout<<"[Error] Unable to get domain information for zone '"<<zone<<"'"<<endl;
+ cout << "[Error] Unable to get zone information for zone '" << zone << "'" << endl;
return 1;
}
} catch(const PDNSException &e) {
auto seenId = seenIds.find(di.id);
if (seenId != seenIds.end()) {
- cout<<"[Error] Domain ID "<<di.id<<" of '"<<di.zone<<"' in backend "<<di.backend->getPrefix()<<" has already been used by zone '"<<seenId->zone<<"' in backend "<<seenId->backend->getPrefix()<<"."<<endl;
+ cout << "[Error] Zone ID " << di.id << " of '" << di.zone << "' in backend " << di.backend->getPrefix() << " has already been used by zone '" << seenId->zone << "' in backend " << seenId->backend->getPrefix() << "." << endl;
errors++;
}
UeberBackend B;
DomainInfo di;
if (! B.getDomainInfo(zone, di)) {
- cerr<<"Domain '"<<zone<<"' not found!"<<endl;
+ cerr << "Zone '" << zone << "' not found!" << endl;
return EXIT_FAILURE;
}
di.backend->abortTransaction();
- cerr<<"Failed to delete domain '"<<zone<<"'"<<endl;;
+ cerr << "Failed to delete zone '" << zone << "'" << endl;
+ ;
return EXIT_FAILURE;
}
DomainInfo di;
if (! B.getDomainInfo(zone, di)) {
- cerr<<"Domain '"<<zone<<"' not found!"<<endl;
+ cerr << "Zone '" << zone << "' not found!" << endl;
return EXIT_FAILURE;
}
di.backend->list(zone, di.id);
DomainInfo di;
if (! B.getDomainInfo(zone, di)) {
- cerr<<"Domain '"<<zone<<"' not found!"<<endl;
+ cerr << "Zone '" << zone << "' not found!" << endl;
return EXIT_FAILURE;
}
if(!di.backend->startTransaction(zone, di.id)) {
DNSSECKeeper dk(&B);
if (! B.getDomainInfo(zone, di)) {
- cerr<<"Domain '"<<zone<<"' not found!"<<endl;
+ cerr << "Zone '" << zone << "' not found!" << endl;
return EXIT_FAILURE;
}
vector<DNSRecord> pre, post;
DomainInfo di;
if (B.getDomainInfo(zone, di)) {
- cerr<<"Domain '"<<zone<<"' exists already, replacing contents"<<endl;
+ cerr << "Zone '" << zone << "' exists already, replacing contents" << endl;
}
else {
cerr<<"Creating '"<<zone<<"'"<<endl;
B.createDomain(zone, DomainInfo::Native, vector<ComboAddress>(), "");
if(!B.getDomainInfo(zone, di)) {
- cerr<<"Domain '"<<zone<<"' was not created - perhaps backend ("<<::arg()["launch"]<<") does not support storing new zones."<<endl;
+ cerr << "Zone '" << zone << "' was not created - perhaps backend (" << ::arg()["launch"] << ") does not support storing new zones." << endl;
return EXIT_FAILURE;
}
}
UeberBackend B;
DomainInfo di;
if (B.getDomainInfo(zone, di)) {
- cerr<<"Domain '"<<zone<<"' exists already"<<endl;
+ cerr << "Zone '" << zone << "' exists already" << endl;
return EXIT_FAILURE;
}
cerr<<"Creating empty zone '"<<zone<<"'"<<endl;
B.createDomain(zone, DomainInfo::Native, vector<ComboAddress>(), "");
if(!B.getDomainInfo(zone, di)) {
- cerr<<"Domain '"<<zone<<"' was not created!"<<endl;
+ cerr << "Zone '" << zone << "' was not created!" << endl;
return EXIT_FAILURE;
}
DomainInfo di;
DNSName zone(cmds[1]);
if (B.getDomainInfo(zone, di)) {
- cerr<<"Domain '"<<zone<<"' exists already"<<endl;
+ cerr << "Zone '" << zone << "' exists already" << endl;
return EXIT_FAILURE;
}
vector<ComboAddress> masters;
cerr<<"Creating slave zone '"<<zone<<"', with master(s) '"<<comboAddressVecToString(masters)<<"'"<<endl;
B.createDomain(zone, DomainInfo::Slave, masters, "");
if(!B.getDomainInfo(zone, di)) {
- cerr<<"Domain '"<<zone<<"' was not created!"<<endl;
+ cerr << "Zone '" << zone << "' was not created!" << endl;
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
DomainInfo di;
DNSName zone(cmds[1]);
if (!B.getDomainInfo(zone, di)) {
- cerr<<"Domain '"<<zone<<"' doesn't exist"<<endl;
+ cerr << "Zone '" << zone << "' doesn't exist" << endl;
return EXIT_FAILURE;
}
vector<ComboAddress> masters;
UeberBackend B;
DomainInfo di;
if(!B.getDomainInfo(zone, di)) {
- cerr<<"Domain '"<<zone<<"' does not exist"<<endl;
+ cerr << "Zone '" << zone << "' does not exist" << endl;
return EXIT_FAILURE;
}
rr.auth = true;
DomainInfo di;
DNSName zone(zone_);
if(!B.getDomainInfo(zone, di)) {
- cerr<<"Domain '"<<zone<<"' does not exist"<<endl;
+ cerr << "Zone '" << zone << "' does not exist" << endl;
return EXIT_FAILURE;
}
if(di.kind == DomainInfo::Slave)
{
- cerr<<"Warning! This is a slave domain! If this was a mistake, please run"<<endl;
+ cerr << "Warning! This is a slave zone! If this was a mistake, please run" << endl;
cerr<<"pdnsutil disable-dnssec "<<zone<<" right now!"<<endl;
}
UeberBackend B("default");
cout<<"Picking first backend - if this is not what you want, edit launch line!"<<endl;
DNSBackend *db = B.backends[0];
- cout<<"Creating slave domain "<<zone<<endl;
+ cout << "Creating slave zone " << zone << endl;
db->createSlaveDomain("127.0.0.1", zone, "", "_testschema");
- cout<<"Slave domain created"<<endl;
+ cout << "Slave zone created" << endl;
DomainInfo di;
if(!B.getDomainInfo(zone, di) || !di.backend) { // di.backend and B are mostly identical
- cout<<"Can't find domain we just created, aborting"<<endl;
+ cout << "Can't find zone we just created, aborting" << endl;
return EXIT_FAILURE;
}
db=di.backend;
cout<<"[+] Big serials work correctly"<<endl;
}
cout<<endl;
- cout<<"End of tests, please remove "<<zone<<" from domains+records"<<endl;
+ cout << "End of tests, please remove " << zone << " from zones+records" << endl;
return EXIT_SUCCESS;
}
cout<<" Add a ZSK or KSK to zone and specify algo&bits"<<endl;
cout<<"backend-cmd BACKEND CMD [CMD..] Perform one or more backend commands"<<endl;
cout<<"b2b-migrate OLD NEW Move all data from one backend to another"<<endl;
- cout<<"bench-db [filename] Bench database backend with queries, one domain per line"<<endl;
+ cout << "bench-db [filename] Bench database backend with queries, one zone per line" << endl;
cout<<"check-zone ZONE Check a zone for correctness"<<endl;
cout<<"check-all-zones [exit-on-error] Check all zones for correctness. Set exit-on-error to exit immediately"<<endl;
cout<<" after finding an error in a zone."<<endl;
UeberBackend B("default");
DomainInfo di;
if (!B.getDomainInfo(zname, di)) {
- cerr << "Domain '" << zname << "' does not exist" << endl;
+ cerr << "Zone '" << zname << "' does not exist" << endl;
return 1;
}
std::vector<std::string> meta;
UeberBackend B("default");
DomainInfo di;
if (!B.getDomainInfo(zname, di)) {
- cerr << "Domain '" << zname << "' does not exist" << endl;
+ cerr << "Zone '" << zname << "' does not exist" << endl;
return 1;
}
std::vector<std::string> meta;
tgt->getAllDomains(&domains, true);
if (domains.size()>0)
- throw PDNSException("Target backend has domain(s), please clean it first");
+ throw PDNSException("Target backend has zone(s), please clean it first");
src->getAllDomains(&domains, true);
// iterate zones
std::map<std::string, std::vector<std::string> > meta;
if (src->getAllDomainMetadata(di.zone, meta)) {
for (const auto& i : meta) {
- if (!tgt->setDomainMetadata(di.zone, i.first, i.second)) throw PDNSException("Failed to feed domain metadata");
+ if (!tgt->setDomainMetadata(di.zone, i.first, i.second))
+ throw PDNSException("Failed to feed zone metadata");
nm++;
}
}
projects / thirdparty / pdns.git / commitdiff
