Allow AXFR NOTIFY from these IP ranges. Setting this to an empty string
will drop all incoming notifies.
+.. _setting-allow-recursion:
+
+``allow-recursion``
+-------------------
+
+- IP ranges, separated by commas
+- Default: 0.0.0.0/0
+
+.. deprecated:: 4.1.0
+ Recursion has been removed, see :doc:`guides/recursion`
+
+By specifying ``allow-recursion``, recursion can be restricted to
+netmasks specified. The default is to allow recursion from everywhere.
+Example: ``allow-recursion=198.51.100.0/24, 10.0.0.0/8, 192.0.2.4``.
+
.. _setting-allow-unsigned-notify:
``allow-unsigned-notify``
Turning this off requires all supermaster notifications to be signed by
valid TSIG signature. It will accept any existing key on slave.
-.. _setting-allow-recursion:
-
-``allow-recursion``
--------------------
-
-- IP ranges, separated by commas
-- Default: 0.0.0.0/0
-
-.. deprecated:: 4.1.0
- Recursion has been removed, see :doc:`guides/recursion`
-
-By specifying ``allow-recursion``, recursion can be restricted to
-netmasks specified. The default is to allow recursion from everywhere.
-Example: ``allow-recursion=198.51.100.0/24, 10.0.0.0/8, 192.0.2.4``.
-
.. _setting-also-notify:
``also-notify``
Seconds to store packets in the :ref:`packet-cache`.
+.. _setting-carbon-instance:
+
+``carbon-instance``
+-------------------
+
+- String
+- Default: auth
+
+.. versionadded:: 4.2.0
+
+Set the instance or third string of the metric key. Be careful not to include
+any dots in this setting, unless you know what you are doing.
+See :ref:`metricscarbon`
+
+.. _setting-carbon-interval:
+
+``carbon-interval``
+-------------------
+
+- Integer
+- Default: 30
+
+If sending carbon updates, this is the interval between them in seconds.
+See :ref:`metricscarbon`.
+
.. _setting-carbon-namespace:
``carbon-namespace``
careful not to include any dots in this setting, unless you know what
you are doing. See :ref:`metricscarbon`
-.. _setting-carbon-instance:
-
-``carbon-instance``
--------------------
-
-- String
-- Default: auth
-
-.. versionadded:: 4.2.0
-
-Set the instance or third string of the metric key. Be careful not to include
-any dots in this setting, unless you know what you are doing.
-See :ref:`metricscarbon`
-
.. _setting-carbon-server:
``carbon-server``
You may specify an alternate port by appending :port, ex:
127.0.0.1:2004. See :ref:`metricscarbon`.
-.. _setting-carbon-interval:
-
-``carbon-interval``
--------------------
-
-- Integer
-- Default: 30
-
-If sending carbon updates, this is the interval between them in seconds.
-See :ref:`metricscarbon`.
-
.. _setting-chroot:
``chroot``
The default keysize for the KSK generated with :doc:`pdnsutil secure-zone <dnssec/pdnsutil>`.
Only relevant for algorithms with non-fixed keysizes (like RSA).
-.. _setting-default-soa-name:
-
-``default-soa-name``
---------------------
-
-- String
-- Default: a.misconfigured.powerdns.server
-
-Name to insert in the SOA record if none set in the backend.
-
.. _setting-default-soa-edit:
``default-soa-edit``
Mail address to insert in the SOA record if none set in the backend.
+.. _setting-default-soa-name:
+
+``default-soa-name``
+--------------------
+
+- String
+- Default: a.misconfigured.powerdns.server
+
+Name to insert in the SOA record if none set in the backend.
+
.. _setting-default-ttl:
``default-ttl``
way of figuring out what IP address a packet was sent to when binding to
any.
-.. _setting-log-timestamp:
-
-``log-timestamp``
------------------
-
-- Bool
-- Default: yes
-
-.. versionadded:: 4.1.0
-
-When printing log lines to stdout, prefix them with timestamps.
-Disable this if the process supervisor timestamps these lines already.
-
-.. note::
- The systemd unit file supplied with the source code already disables timestamp printing
-
-.. _setting-lua-records-exec-limit:
-
-``lua-records-exec-limit``
------------------------------
-
-- Integer
-- Default: 1000
-
-Limit LUA records scripts to ``lua-records-exec-limit`` instructions.
-Setting this to any value less than or equal to 0 will set no limit.
-
-.. _setting-non-local-bind:
-
-``non-local-bind``
-------------------
-
-- Boolean
-- Default: no
-
-Bind to addresses even if one or more of the
-:ref:`setting-local-address`'s do not exist on this server.
-Setting this option will enable the needed socket options to allow
-binding to non-local addresses. This feature is intended to facilitate
-ip-failover setups, but it may also mask configuration issues and for
-this reason it is disabled by default.
-
-.. _setting-lua-axfr-script:
-
-``lua-axfr-script``
--------------------
-
-- String
-- Default: empty
-
-.. versionadded:: 4.1.0
-
-Script to be used to edit incoming AXFRs, see :ref:`modes-of-operation-axfrfilter`
-
.. _setting-local-address-nonexist-fail:
``local-address-nonexist-fail``
If set to 'no', informative-only DNS details will not even be sent to
syslog, improving performance.
+.. _setting-log-dns-queries:
+
+``log-dns-queries``
+-------------------
+
+- Boolean
+- Default: no
+
+Tell PowerDNS to log all incoming DNS queries. This will lead to a lot
+of logging! Only enable for debugging! Set :ref:`setting-loglevel`
+to at least 5 to see the logs.
+
+.. _setting-log-timestamp:
+
+``log-timestamp``
+-----------------
+
+- Bool
+- Default: yes
+
+.. versionadded:: 4.1.0
+
+When printing log lines to stdout, prefix them with timestamps.
+Disable this if the process supervisor timestamps these lines already.
+
+.. note::
+ The systemd unit file supplied with the source code already disables timestamp printing
+
.. _setting-logging-facility:
``logging-facility``
Amount of logging. Higher is more. Do not set below 3. Corresponds to "syslog" level values,
e.g. error = 3, warning = 4, notice = 5, info = 6
-.. _setting-log-dns-queries:
+.. _setting-lua-axfr-script:
-``log-dns-queries``
+``lua-axfr-script``
-------------------
-- Boolean
-- Default: no
+- String
+- Default: empty
-Tell PowerDNS to log all incoming DNS queries. This will lead to a lot
-of logging! Only enable for debugging! Set :ref:`setting-loglevel`
-to at least 5 to see the logs.
+.. versionadded:: 4.1.0
+
+Script to be used to edit incoming AXFRs, see :ref:`modes-of-operation-axfrfilter`
.. _setting-lua-prequery-script:
internally for regression testing. The API of this functionality is not
guaranteed to be stable, and is in fact likely to change.
+.. _setting-lua-records-exec-limit:
+
+``lua-records-exec-limit``
+-----------------------------
+
+- Integer
+- Default: 1000
+
+Limit LUA records scripts to ``lua-records-exec-limit`` instructions.
+Setting this to any value less than or equal to 0 will set no limit.
+
.. _setting-master:
``master``
Do not attempt to shuffle query results, used for regression testing.
-.. _setting-overload-queue-length:
-
-``overload-queue-length``
--------------------------
-
-- Integer
-- Default: 0 (disabled)
-
-If this many packets are waiting for database attention, answer any new
-questions strictly from the packet cache.
-
-.. _setting-reuseport:
+.. _setting-non-local-bind:
-``reuseport``
--------------
+``non-local-bind``
+------------------
- Boolean
-- Default: No
-
-On Linux 3.9 and some BSD kernels the ``SO_REUSEPORT`` option allows
-each receiver-thread to open a new socket on the same port which allows
-for much higher performance on multi-core boxes. Setting this option
-will enable use of ``SO_REUSEPORT`` when available and seamlessly fall
-back to a single socket when it is not available. A side-effect is that
-you can start multiple servers on the same IP/port combination which may
-or may not be a good idea. You could use this to enable transparent
-restarts, but it may also mask configuration issues and for this reason
-it is disabled by default.
-
-.. _setting-rng:
-
-``rng``
--------
-
-- String
-- Default: auto
-
-Specify which random number generator to use. Permissible choises are:
-
-- auto - choose automatically
-- sodium - Use libsodium ``randombytes_uniform``
-- openssl - Use libcrypto ``RAND_bytes``
-- getrandom - Use libc getrandom, falls back to urandom if it does not really work
-- arc4random - Use BSD ``arc4random_uniform``
-- urandom - Use ``/dev/urandom``
-- kiss - Use simple settable deterministic RNG. **FOR TESTING PURPOSES ONLY!**
-
-.. note::
- Not all choises are available on all systems.
-
-.. _setting-security-poll-suffix:
-
-``security-poll-suffix``
-------------------------
-
-- String
-- Default: secpoll.powerdns.com.
-
-Domain name from which to query security update notifications. Setting
-this to an empty string disables secpoll.
-
-.. _setting-server-id:
-
-``server-id``
--------------
-
-- String
-- Default: The hostname of the server
+- Default: no
-This is the server ID that will be returned on an EDNS NSID query.
+Bind to addresses even if one or more of the
+:ref:`setting-local-address`'s do not exist on this server.
+Setting this option will enable the needed socket options to allow
+binding to non-local addresses. This feature is intended to facilitate
+ip-failover setups, but it may also mask configuration issues and for
+this reason it is disabled by default.
.. _setting-only-notify:
during outgoing AXFR. Note that if your slaves do not support ALIAS,
they will return NODATA for A/AAAA queries for such names.
+.. _setting-overload-queue-length:
+
+``overload-queue-length``
+-------------------------
+
+- Integer
+- Default: 0 (disabled)
+
+If this many packets are waiting for database attention, answer any new
+questions strictly from the packet cache.
+
.. _setting-prevent-self-notification:
``prevent-self-notification``
Number of AXFR slave threads to start.
+.. _setting-reuseport:
+
+``reuseport``
+-------------
+
+- Boolean
+- Default: No
+
+On Linux 3.9 and some BSD kernels the ``SO_REUSEPORT`` option allows
+each receiver-thread to open a new socket on the same port which allows
+for much higher performance on multi-core boxes. Setting this option
+will enable use of ``SO_REUSEPORT`` when available and seamlessly fall
+back to a single socket when it is not available. A side-effect is that
+you can start multiple servers on the same IP/port combination which may
+or may not be a good idea. You could use this to enable transparent
+restarts, but it may also mask configuration issues and for this reason
+it is disabled by default.
+
+.. _setting-rng:
+
+``rng``
+-------
+
+- String
+- Default: auto
+
+Specify which random number generator to use. Permissible choises are:
+
+- auto - choose automatically
+- sodium - Use libsodium ``randombytes_uniform``
+- openssl - Use libcrypto ``RAND_bytes``
+- getrandom - Use libc getrandom, falls back to urandom if it does not really work
+- arc4random - Use BSD ``arc4random_uniform``
+- urandom - Use ``/dev/urandom``
+- kiss - Use simple settable deterministic RNG. **FOR TESTING PURPOSES ONLY!**
+
+.. note::
+ Not all choises are available on all systems.
+
+.. _setting-security-poll-suffix:
+
+``security-poll-suffix``
+------------------------
+
+- String
+- Default: secpoll.powerdns.com.
+
+Domain name from which to query security update notifications. Setting
+this to an empty string disables secpoll.
+
.. _setting-send-signed-notify:
``send-signed-notify``
respective slave. Hence, in setups with multiple slaves with different TSIG keys
it may be required to send NOTIFYs unsigned.
+.. _setting-server-id:
+
+``server-id``
+-------------
+
+- String
+- Default: The hostname of the server
+
+This is the server ID that will be returned on an EDNS NSID query.
+
.. _setting-setgid:
``setgid``
If set, change user id to this uid for more security. See :doc:`security`.
+.. _setting-signing-threads:
+
+``signing-threads``
+-------------------
+
+- Integer
+- Default: 3
+
+Tell PowerDNS how many threads to use for signing. It might help improve
+signing speed by changing this number.
+
.. _setting-slave:
``slave``
*received* from a master. This is useful when using when running a
signing-slave.
-.. _setting-signing-threads:
-
-``signing-threads``
--------------------
-
-- Integer
-- Default: 3
-
-Tell PowerDNS how many threads to use for signing. It might help improve
-signing speed by changing this number.
-
.. _setting-soa-expire-default:
``soa-expire-default``
projects / thirdparty / pdns.git / commitdiff
