[thirdparty/pdns.git] / pdns / ixfrdist.example.yml

# Listen addresses. ixfrdist will listen on both UDP and TCP.
# When no port is specified, 53 is used. When specifying ports for IPv6, use the
# "bracket" notation:
#
#    listen:
#      - '127.0.0.1'
#      - '::1'
#      - '192.0.2.3:5300'
#      - '[2001:DB8:1234::334]:5353'
#
# By default, or when unset, ixfrdist listens on local loopback addresses.
listen:
  - '127.0.0.1'
  - '::1'

# Netmasks or IP addresses of hosts that are allowed to query ixfrdist. Hosts
# do not need a netmask:
#
#    acl:
#      - '127.0.0.0/8'
#      - '::1'
#      - '192.0.2.55'
#      - '2001:DB8:ABCD::/48'
#
# By default (or when unset), only loopback addresses are allowed.
#
acl:
  - '127.0.0.0/8'
  - '::1'

# Maximum number of records allowed in a single zone. ixfrdist will abort the
# zone transfer from the master when more than this number of records have been
# received. A value of 0 (the default) means unlimited
#
axfr-max-records: 0

# Timeout in seconds an AXFR transaction requested by ixfrdist may take.
# Increase this when the network to the authoritative servers is slow or the
# domains are very large and you experience timeouts. Set to 20 by default or
# when unset.
#
axfr-timeout: 20

# Time in seconds between retries of the SOA query for a zone we have never
# transferred.

failed-soa-retry: 30

# Whether record compression should be enabled, leading to smaller answers
# at the cost of an increased CPU and memory usage. Defaults to false.
#
compress: false

# Amount of older copies/IXFR diffs to keep for every domain. This is set to
# 20 by default or when unset.
#
keep: 20

# Number of threads to spawn for TCP connections (AXFRs) from downstream hosts.
# This is set to 10 by default or when unset.
#
tcp-in-threads: 10

# The directory where the domain data is stored. When unset, the current
# working directory is used. Note that this directory must be writable for the
# user or group ixfrdist runs as.
#
# work-dir: '/var/lib/ixfrdist'

# User to drop privileges to once all listen-sockets are bound. May be either
# a username or numerical ID.
#
# uid: ixfrdist

# Group to drop privileges to once all listen-sockets are bound. May be either
# a username or numerical ID.
#
# gid: ixfrdist

# The IP address and port where the webserver should listen
#
webserver-address: 127.0.0.1:8080

# The IP address(masks) that allowed to access the webserver. When not set,
# it defaults to 127.0.0.0/8, ::1/128
#
webserver-acl:
  - 127.0.0.0/8
  - ::1/128

# How much the webserver should log: 'none', 'normal' or 'detailed'
# With 'none', nothing is logged except for errors
# With 'normal' (the default), one line per request is logged in the style of the common log format
# with 'detailed', the full requests and responses (including headers) are logged
webserver-loglevel: normal

# The domains to redistribute, the 'master' and 'domains' keys are mandatory.
# When no port is specified, 53 is used. When specifying ports for IPv6, use the
# "bracket" notation:
#
# You can optionally cap the refresh time of the SOA using 'max-soa-refresh' (seconds)
# Otherwise, or if set to 0, the retreived SOA refresh time will be used
# You can also send NOTIFY packets for the given domain to given destinations using `notify`
#
#    domains:
#      - domain: example.com
#        master: 192.0.2.15
#        max-soa-refresh: 180
#        notify: [192.0.3.1, 192.0.3.2:5301]
#      - domain: rpz.example
#        master: [2001:DB8:a34:543::53]:5353
#
domains: []
Commit	Line	Data
f2d45260 PL	1	# Listen addresses. ixfrdist will listen on both UDP and TCP.
	2	# When no port is specified, 53 is used. When specifying ports for IPv6, use the
	3	# "bracket" notation:
	4	#
	5	# listen:
	6	# - '127.0.0.1'
	7	# - '::1'
	8	# - '192.0.2.3:5300'
	9	# - '[2001:DB8:1234::334]:5353'
	10	#
	11	# By default, or when unset, ixfrdist listens on local loopback addresses.
	12	listen:
	13	- '127.0.0.1'
	14	- '::1'
	15
	16	# Netmasks or IP addresses of hosts that are allowed to query ixfrdist. Hosts
	17	# do not need a netmask:
	18	#
	19	# acl:
	20	# - '127.0.0.0/8'
	21	# - '::1'
	22	# - '192.0.2.55'
	23	# - '2001:DB8:ABCD::/48'
	24	#
	25	# By default (or when unset), only loopback addresses are allowed.
	26	#
	27	acl:
	28	- '127.0.0.0/8'
	29	- '::1'
	30
ef6f0c6f PL	31	# Maximum number of records allowed in a single zone. ixfrdist will abort the
	32	# zone transfer from the master when more than this number of records have been
	33	# received. A value of 0 (the default) means unlimited
	34	#
	35	axfr-max-records: 0
	36
f2d45260 PL	37	# Timeout in seconds an AXFR transaction requested by ixfrdist may take.
	38	# Increase this when the network to the authoritative servers is slow or the
	39	# domains are very large and you experience timeouts. Set to 20 by default or
	40	# when unset.
	41	#
	42	axfr-timeout: 20
	43
0ac228c7 PD	44	# Time in seconds between retries of the SOA query for a zone we have never
	45	# transferred.
	46
	47	failed-soa-retry: 30
	48
971e5911 RG	49	# Whether record compression should be enabled, leading to smaller answers
	50	# at the cost of an increased CPU and memory usage. Defaults to false.
	51	#
	52	compress: false
	53
f2d45260 PL	54	# Amount of older copies/IXFR diffs to keep for every domain. This is set to
	55	# 20 by default or when unset.
	56	#
	57	keep: 20
	58
	59	# Number of threads to spawn for TCP connections (AXFRs) from downstream hosts.
	60	# This is set to 10 by default or when unset.
	61	#
	62	tcp-in-threads: 10
	63
	64	# The directory where the domain data is stored. When unset, the current
	65	# working directory is used. Note that this directory must be writable for the
	66	# user or group ixfrdist runs as.
	67	#
	68	# work-dir: '/var/lib/ixfrdist'
	69
	70	# User to drop privileges to once all listen-sockets are bound. May be either
	71	# a username or numerical ID.
	72	#
	73	# uid: ixfrdist
	74
	75	# Group to drop privileges to once all listen-sockets are bound. May be either
	76	# a username or numerical ID.
	77	#
	78	# gid: ixfrdist
	79
d5c9e1cb PL	80	# The IP address and port where the webserver should listen
	81	#
	82	webserver-address: 127.0.0.1:8080
	83
9f517da5 PL	84	# The IP address(masks) that allowed to access the webserver. When not set,
	85	# it defaults to 127.0.0.0/8, ::1/128
	86	#
	87	webserver-acl:
	88	- 127.0.0.0/8
	89	- ::1/128
	90
f6149229 PL	91	# How much the webserver should log: 'none', 'normal' or 'detailed'
	92	# With 'none', nothing is logged except for errors
	93	# With 'normal' (the default), one line per request is logged in the style of the common log format
	94	# with 'detailed', the full requests and responses (including headers) are logged
	95	webserver-loglevel: normal
	96
f2d45260 PL	97	# The domains to redistribute, the 'master' and 'domains' keys are mandatory.
	98	# When no port is specified, 53 is used. When specifying ports for IPv6, use the
	99	# "bracket" notation:
	100	#
f58f871b CHB	101	# You can optionally cap the refresh time of the SOA using 'max-soa-refresh' (seconds)
f58f871b CHB	102	# Otherwise, or if set to 0, the retreived SOA refresh time will be used
4e115128	103	# You can also send NOTIFY packets for the given domain to given destinations using `notify`
f58f871b	104	#
f2d45260 PL	105	# domains:
	106	# - domain: example.com
	107	# master: 192.0.2.15
f58f871b	108	# max-soa-refresh: 180
4e115128	109	# notify: [192.0.3.1, 192.0.3.2:5301]
f2d45260 PL	110	# - domain: rpz.example
	111	# master: [2001:DB8:a34:543::53]:5353
	112	#
	113	domains: []