--- /dev/null
+---
+global:
+ skip-serde: true
+ parameters:
+ - name: "acl"
+ type: "Vec<String>"
+ default: "127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10"
+ description: "CIDR netmasks of the clients allowed to send DNS queries"
+ - name: "backends"
+ type: "Vec<BackendConfiguration>"
+ default: true
+ description: "List of backends"
+ - name: "binds"
+ type: "Vec<BindConfiguration>"
+ default: true
+ description: "List of endpoints to accept queries on"
+ - name: "cache-hit-response-rules"
+ type: "Vec<ResponseRuleConfiguration>"
+ default: true
+ skip-serde: true
+ description: "List of rules executed on a cache hit"
+ - name: "cache-inserted-response-rules"
+ type: "Vec<ResponseRuleConfiguration>"
+ default: true
+ skip-serde: true
+ description: "List of rules executed after inserting a new response into the cache"
+ - name: "cache-miss-rules"
+ type: "Vec<QueryRuleConfiguration>"
+ default: true
+ skip-serde: true
+ description: "List of rules executed after a cache miss"
+ - name: "cache-settings"
+ type: "CacheSettingsConfiguration"
+ default: true
+ description: "Caching-related settings"
+ - name: "console"
+ type: "ConsoleConfiguration"
+ default: true
+ description: "Console-related settings"
+ - name: "dynamic-rules"
+ type: "Vec<DynamicRulesConfiguration>"
+ default: true
+ description: "List of dynamic rules"
+ - name: "dynamic-rules-settings"
+ type: "DynamicRulesSettingsConfiguration"
+ default: true
+ description: "Dynamic rules-related settings"
+ - name: "edns-client-subnet"
+ type: "EdnsClientSubnetConfiguration"
+ default: true
+ description: "EDNS Client Subnet-related settings"
+ - name: "general"
+ type: "GeneralConfiguration"
+ default: true
+ description: "General settings"
+ - name: "key-value-stores"
+ type: "KeyValueStoresConfiguration"
+ default: true
+ description: "Key-Value stores"
+ - name: "load-balancing-policies"
+ type: "LoadBalancingPoliciesConfiguration"
+ default: true
+ description: "Load-balancing policies"
+ - name: "metrics"
+ type: "MetricsConfiguration"
+ default: true
+ description: "Metrics-related settings"
+ - name: "packet-caches"
+ type: "Vec<PacketCacheConfiguration>"
+ default: true
+ description: "Packet-cache definitions"
+ - name: "pools"
+ type: "Vec<PoolConfiguration>"
+ default: true
+ description: "Pools of backends"
+ - name: "proxy-protocol"
+ type: "ProxyProtocolConfiguration"
+ default: true
+ description: "Proxy-protocol-related settings"
+ - name: "query-count"
+ type: "QueryCountConfiguration"
+ default: true
+ description: "Queries counting-related settings"
+ - name: "query-rules"
+ type: "Vec<QueryRuleConfiguration>"
+ default: true
+ skip-serde: true
+ description: "List of rules executed when a query is received"
+ - name: "remote-logging"
+ type: "RemoteLoggingConfiguration"
+ default: true
+ description: "Remote logging-related settings"
+ - name: "response-rules"
+ type: "Vec<ResponseRuleConfiguration>"
+ default: true
+ skip-serde: true
+ description: "List of rules executed when a response is received"
+ - name: "ring-buffers"
+ type: "RingBuffersConfiguration"
+ default: true
+ description: "In-memory ring buffer settings"
+ - name: "security-polling"
+ type: "SecurityPollingConfiguration"
+ default: true
+ description: "Automatic checking of outdated version"
+ - name: "selectors"
+ type: "Vec<Selector>"
+ default: true
+ skip-serde: true
+ description: "List of selectors that can be reused in rules"
+ - name: "self-answered-response-rules"
+ type: "Vec<ResponseRuleConfiguration>"
+ default: true
+ skip-serde: true
+ description: "List of rules executed when a response is generated by DNSdist itself"
+ - name: "snmp"
+ type: "SnmpConfiguration"
+ default: true
+ description: "SNMP-related settings"
+ - name: "tuning"
+ type: "TuningConfiguration"
+ default: true
+ description: "Performance-related settings"
+ - name: "webserver"
+ type: "WebserverConfiguration"
+ default: true
+ description: "Internal web server configuration"
+ - name: "xfr-response-rules"
+ type: "Vec<ResponseRuleConfiguration>"
+ default: true
+ skip-serde: true
+ description: "List of rules executed when a XFR response is received"
+
+metrics:
+ parameters:
+ - name: "carbon"
+ type: "Vec<CarbonConfiguration>"
+ default: true
+
+carbon:
+ parameters:
+ - name: "address"
+ type: "String"
+ description: "Indicates the IP address where the statistics should be sent"
+ - name: "name"
+ type: "String"
+ default: ""
+ description: "An optional string specifying the hostname that should be used. If left empty, the system hostname is used"
+ - name: "interval"
+ type: u32
+ default: 30
+ description: "An optional unsigned integer indicating the interval in seconds between exports"
+ - name: "namespace"
+ rename: "name_space"
+ type: "String"
+ default: ""
+ description: "An optional string specifying the namespace name that should be used"
+ - name: "instance"
+ type: "String"
+ default: ""
+ description: "An optional string specifying the instance name that should be used"
+
+remote-logging:
+ parameters:
+ - name: "protobuf-loggers"
+ type: "Vec<ProtobufLoggerConfiguration>"
+ default: true
+ - name: "dnstap-loggers"
+ type: "Vec<DnstapLoggerConfiguration>"
+ default: true
+
+protobuf-logger:
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "address"
+ type: "String"
+ description: "An IP:PORT combination where the logger is listening"
+ - name: "timeout"
+ type: "u16"
+ default: 2
+ description: "TCP connect timeout in seconds"
+ - name: "max-queued-entries"
+ type: "u64"
+ default: 100
+ description: "Queue this many messages before dropping new ones (e.g. when the remote listener closes the connection)"
+ - name: "reconnect-wait-time"
+ type: "u8"
+ default: 1
+ description: "Time in seconds between reconnection attempts"
+
+dnstap-logger:
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "transport"
+ type: "String"
+ - name: "address"
+ type: "String"
+ - name: "buffer-hint"
+ type: "u64"
+ default: 0
+ - name: "flush-timeout"
+ type: "u64"
+ default: 0
+ - name: "input-queue-size"
+ type: "u64"
+ default: 0
+ - name: "output-queue-size"
+ type: "u64"
+ default: 0
+ - name: "queue-notify-threshold"
+ type: "u64"
+ default: 0
+ - name: "reopen-interval"
+ type: "u64"
+ default: 0
+
+ProtoBufMeta:
+ parameters:
+ - name: "key"
+ type: "String"
+ - name: "value"
+ type: "String"
+
+LMDBKVStore:
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "file-name"
+ type: "String"
+ - name: "database-name"
+ type: "String"
+ - name: "no-lock"
+ type: "bool"
+ default: "false"
+
+CDBKVStore:
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "file-name"
+ type: "String"
+ - name: "refresh-delay"
+ type: "u32"
+
+KVSLookupKeySourceIP:
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "v4-mask"
+ type: "u8"
+ default: "32"
+ - name: "v6-mask"
+ type: "u8"
+ default: "128"
+ - name: "include-port"
+ type: "bool"
+ default: "false"
+
+KVSLookupKeyQName:
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "wire-format"
+ type: "bool"
+ default: "true"
+
+KVSLookupKeySuffix:
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "minimum-labels"
+ type: "u16"
+ default: "0"
+ - name: "wire-format"
+ type: "bool"
+ default: "true"
+
+KVSLookupKeyTag:
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "tag"
+ type: "String"
+
+KVSLookupKeys:
+ parameters:
+ - name: "source-ip-keys"
+ type: "Vec<KVSLookupKeySourceIPConfiguration>"
+ default: true
+ - name: "qname-keys"
+ type: "Vec<KVSLookupKeyQNameConfiguration>"
+ default: true
+ - name: "suffix-keys"
+ type: "Vec<KVSLookupKeySuffixConfiguration>"
+ default: true
+ - name: "tag-keys"
+ type: "Vec<KVSLookupKeyTagConfiguration>"
+ default: true
+
+key-value-stores:
+ parameters:
+ - name: "lmdb"
+ type: "Vec<LMDBKVStoreConfiguration>"
+ default: true
+ - name: "cdb"
+ type: "Vec<CDBKVStoreConfiguration>"
+ default: true
+ - name: "lookup-keys"
+ type: "KVSLookupKeysConfiguration"
+ default: true
+
+webserver:
+ parameters:
+ - name: "listen-address"
+ type: "String"
+ default: ""
+ description: "IP address and port to listen on"
+ - name: "password"
+ type: "String"
+ default: ""
+ description: "The password used to access the internal webserver. Since 1.7.0 the password should be hashed and salted via the ``hashPassword()`` command"
+ - name: "api-key"
+ type: "String"
+ default: ""
+ description: "The API Key (set to an empty string do disable it). Since 1.7.0 the key should be hashed and salted via the ``hashPassword()`` command"
+ - name: "acl"
+ type: "Vec<String>"
+ default: "127.0.0.1, ::1"
+ description: "List of network masks or IP addresses that are allowed to open a connection to the web server"
+ - name: "api-requires-authentication"
+ type: "bool"
+ default: "true"
+ description: "Whether access to the API (/api endpoints) requires a valid API key"
+ - name: "stats-require-authentication"
+ type: "bool"
+ default: "true"
+ description: "Whether access to the statistics (/metrics and /jsonstat endpoints) requires a valid password or API key"
+ - name: "dashboard-requires-authentication"
+ type: "bool"
+ default: "true"
+ description: "Whether access to the internal dashboard requires a valid password"
+ - name: "max-concurrent-connections"
+ type: "u32"
+ default: 100
+ description: "The maximum number of concurrent web connections, or 0 which means an unlimited number"
+ - name: "hash-plaintext-credentials"
+ type: "bool"
+ default: "false"
+ description: "Whether passwords and API keys provided in plaintext should be hashed during startup, to prevent the plaintext versions from staying in memory. Doing so increases significantly the cost of verifying credentials"
+ - name: "custom-headers"
+ type: "Vec<HttpCustomResponseHeaderConfiguration>"
+ default: true
+ - name: "api-configuration-directory"
+ type: "String"
+ default: ""
+ - name: "api-read-write"
+ type: "bool"
+ default: "false"
+
+console:
+ parameters:
+ - name: "listen-address"
+ type: "String"
+ default: ""
+ description: "IP address and port to listen on for console connections"
+ - name: "key"
+ type: "String"
+ default: ""
+ description: "The shared secret used to secure connections between the console client and the server, generated via ``makeKey()``"
+ - name: "acl"
+ type: "Vec<String>"
+ default: "127.0.0.1, ::1"
+ description: "List of network masks or IP addresses that are allowed to open a connection to the console server"
+ - name: "maximum-output-size"
+ type: "u32"
+ default: "10000000"
+ lua-name: "setConsoleOutputMaxMsgSize"
+ internal-field-name: "d_consoleOutputMsgMaxSize"
+ runtime-configurable: true
+ - name: "log-connections"
+ type: "bool"
+ default: "true"
+ lua-name: "setConsoleConnectionsLogging"
+ internal-field-name: "d_logConsoleConnections"
+ runtime-configurable: true
+ - name: "max-concurrent-connections"
+ type: "u64"
+ default: "0"
+ lua-name: "setConsoleMaximumConcurrentConnections"
+ internal-field-name: "d_consoleMaxConcurrentConnections"
+ runtime-configurable: false
+
+edns-client-subnet:
+ parameters:
+ - name: "override-existing"
+ lua-name: "setECSOverride"
+ internal-field-name: "d_ecsOverride"
+ runtime-configurable: true
+ type: "bool"
+ default: "false"
+ description: "When `useClientSubnet` in `newServer()` is set and dnsdist adds an EDNS Client Subnet Client option to the query, override an existing option already present in the query, if any. Please see Passing the source address to the backend for more information. Note that it’s not recommended to enable setECSOverride in front of an authoritative server responding with EDNS Client Subnet information as mismatching data (ECS scopes) can confuse clients and lead to SERVFAIL responses on downstream nameservers"
+ - name: "source-prefix-v4"
+ lua-name: "setECSSourcePrefixV4"
+ internal-field-name: "d_ECSSourcePrefixV4"
+ runtime-configurable: true
+ type: "u8"
+ default: 32
+ description: "When `useClientSubnet` in `newServer()` is set and dnsdist adds an EDNS Client Subnet Client option to the query, truncate the requestor's IPv4 address to `prefix` bits"
+ - name: "source-prefix-v6"
+ lua-name: "setECSSourcePrefixV6"
+ internal-field-name: "d_ECSSourcePrefixV6"
+ runtime-configurable: true
+ type: "u8"
+ default: 56
+ description: "When `useClientSubnet` in `newServer()` is set and dnsdist adds an EDNS Client Subnet Client option to the query, truncate the requestor's IPv6 address to `prefix` bits"
+
+dynamic-rules-settings:
+ parameters:
+ - name: "purge-interval"
+ type: "u64"
+ default: "60"
+ lua-name: "setDynBlocksPurgeInterval"
+ internal-field-name: "d_dynBlocksPurgeInterval"
+ runtime-configurable: true
+ - name: "default-action"
+ type: "String"
+ default: "Drop"
+
+dynamic-rule:
+ parameters:
+ - name: "type"
+ rename: "rule_type"
+ type: "String"
+ - name: "seconds"
+ type: "u32"
+ - name: "action-duration"
+ type: "u32"
+ - name: "comment"
+ type: "String"
+ - name: "rate"
+ type: "u32"
+ default: "0"
+ - name: "ratio"
+ type: "f64"
+ default: "0.0"
+ - name: "action"
+ type: "String"
+ default: "drop"
+ - name: "warning-rate"
+ type: "u32"
+ default: "0"
+ - name: "warning-ratio"
+ type: "f64"
+ default: "0.0"
+ - name: "tag-name"
+ type: "String"
+ default: ""
+ - name: "tag-value"
+ type: "String"
+ default: "0"
+ - name: "visitor-function"
+ type: "String"
+ default: ""
+ - name: "rcode"
+ type: "String"
+ default: ""
+ - name: "qtype"
+ type: "String"
+ default: ""
+ - name: "minimum-number-of-responses"
+ type: "u32"
+ default: "0"
+ - name: "minimum-global-cache-hit-ratio"
+ type: "f64"
+ default: "0.0"
+
+dynamic-rules:
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "mask-ipv4"
+ type: "u8"
+ default: "32"
+ - name: "mask-ipv6"
+ type: "u8"
+ default: "64"
+ - name: "mask-port"
+ type: u8
+ default: "0"
+ - name: "exclude-ranges"
+ type: "Vec<String>"
+ default: true
+ - name: "include-ranges"
+ type: "Vec<String>"
+ default: true
+ - name: "exclude-domains"
+ type: "Vec<String>"
+ default: true
+ - name: "rules"
+ type: "Vec<DynamicRuleConfiguration>"
+
+ring-buffers:
+ parameters:
+ - name: "size"
+ type: "u64"
+ default: 10000
+ description: "The maximum amount of queries to keep in the ringbuffer"
+ lua-name: "setRingBuffersSize"
+ internal-field-name: "d_ringsCapacity"
+ runtime-configurable: false
+ - name: "shards"
+ type: "u64"
+ default: 10
+ description: "The number of shards to use to limit lock contention"
+ lua-name: "setRingBuffersSize"
+ internal-field-name: "d_ringsNumberOfShards"
+ runtime-configurable: false
+ - name: "lock-retries"
+ type: "u64"
+ default: 5
+ description: "Set the number of shards to attempt to lock without blocking before giving up and simply blocking while waiting for the next shard to be available. Default to 5 if there is more than one shard, 0 otherwise"
+ lua-name: "setRingBuffersOptions"
+ internal-field-name: "d_ringsNbLockTries"
+ runtime-configurable: false
+ - name: "record-queries"
+ type: "bool"
+ default: "true"
+ description: "Whether to record queries in the ring buffers"
+ lua-name: "setRingBuffersOptions"
+ internal-field-name: "d_ringsRecordQueries"
+ runtime-configurable: false
+ - name: "record-responses"
+ type: "bool"
+ default: "true"
+ description: "Whether to record responses in the ring buffers"
+ lua-name: "setRingBuffersOptions"
+ internal-field-name: "d_ringsRecordResponses"
+ runtime-configurable: false
+
+incoming-tls-certificate-key-pair:
+ parameters:
+ - name: "certificate"
+ type: "String"
+ - name: "key"
+ type: "String"
+ default: ""
+ - name: "password"
+ type: "String"
+ default: ""
+
+incoming-tls:
+ parameters:
+ - name: "provider"
+ type: "String"
+ default: "OpenSSL"
+ - name: "certificates"
+ type: "Vec<IncomingTlsCertificateKeyPairConfiguration>"
+ default: true
+ - name: "ignore-errors"
+ type: "bool"
+ default: "false"
+ - name: "ciphers"
+ type: "String"
+ default: ""
+ - name: "ciphers-tls-13"
+ type: "String"
+ default: ""
+ - name: "minimum-version"
+ type: "String"
+ default: "tls1.0"
+ - name: "ticket-key-file"
+ type: "String"
+ default: ""
+ - name: "tickets-keys-rotation-delay"
+ type: "u32"
+ default: "43200"
+ - name: "number-of-tickets-keys"
+ type: "u32"
+ default: "5"
+ - name: "prefer-server-ciphers"
+ type: "bool"
+ default: "true"
+ - name: "session-timeout"
+ type: "u32"
+ default: "0"
+ - name: "session-tickets"
+ type: "bool"
+ default: "true"
+ - name: "number-of-stored-sessions"
+ type: "u32"
+ default: "20480"
+ - name: "ocsp-response-files"
+ type: "Vec<String>"
+ default: true
+ - name: "key-log-file"
+ type: "String"
+ default: ""
+ - name: "release-buffers"
+ type: "bool"
+ default: "true"
+ - name: "enable-renegotiation"
+ type: "bool"
+ default: "false"
+ - name: "async-mode"
+ type: "bool"
+ default: "false"
+ - name: "ktls"
+ type: "bool"
+ default: "false"
+ - name: "read-ahead"
+ type: "bool"
+ default: "true"
+ - name: "proxy-protocol-outside-tls"
+ type: "bool"
+ default: "false"
+ - name: "ignore-configuration-errors"
+ type: "bool"
+ default: "false"
+
+outgoing-tls:
+ parameters:
+ - name: "provider"
+ type: "String"
+ default: "OpenSSL"
+ - name: "subject-name"
+ type: "String"
+ default: ""
+ - name: "subject-address"
+ type: "String"
+ default: ""
+ - name: "validate-certificate"
+ type: "bool"
+ default: "true"
+ - name: "ca-store"
+ type: "String"
+ default: ""
+ - name: "ciphers"
+ type: "String"
+ default: ""
+ - name: "ciphers-tls-13"
+ type: "String"
+ default: ""
+ - name: "key-log-file"
+ type: "String"
+ default: ""
+ - name: "release-buffers"
+ type: "bool"
+ default: "true"
+ - name: "enable-renegotiation"
+ type: "bool"
+ default: "false"
+ - name: "ktls"
+ type: "bool"
+ default: "false"
+
+http-custom-response-header:
+ parameters:
+ - name: "key"
+ type: "String"
+ - name: "value"
+ type: "String"
+
+http-responses-map:
+ parameters:
+ - name: "expression"
+ type: "String"
+ - name: "status"
+ type: "u16"
+ - name: "content"
+ type: "String"
+ - name: "headers"
+ type: "Vec<HttpCustomResponseHeaderConfiguration>"
+ default: true
+
+incoming-doh:
+ parameters:
+ - name: "provider"
+ type: "String"
+ default: "nghttp2"
+ - name: "paths"
+ type: "Vec<String>"
+ default: "/dns-query"
+ - name: "idle-timeout"
+ type: "u64"
+ default: 30
+ - name: "server-tokens"
+ type: "String"
+ default: "h2o/dnsdist"
+ - name: "send-cache-control-headers"
+ type: "bool"
+ default: "true"
+ - name: "keep-incoming-headers"
+ type: "bool"
+ default: "false"
+ - name: "trust-forwarded-for-header"
+ type: "bool"
+ default: "false"
+ - name: "early-acl-drop"
+ type: "bool"
+ default: "true"
+ - name: "exact-path-matching"
+ type: "bool"
+ default: "true"
+ - name: "internal-pipe-buffer-size"
+ type: "u32"
+ default: 1048576
+ - name: "custom-response-headers"
+ type: "Vec<HttpCustomResponseHeaderConfiguration>"
+ default: true
+ - name: "responses-map"
+ type: "Vec<HttpResponsesMapConfiguration>"
+ default: true
+
+incoming-doq:
+ parameters:
+ - name: "max_concurrent_queries_per_connection"
+ type: "u64"
+ default: 65535
+
+incoming-quic:
+ parameters:
+ - name: "idle-timeout"
+ type: "u64"
+ default: 5
+ - name: "congestion-control-algorithm"
+ type: "String"
+ default: "reno"
+ - name: "internal-pipe-buffer-size"
+ type: "u32"
+ default: 1048576
+
+outgoing-doh:
+ parameters:
+ - name: "path"
+ type: "String"
+ default: "/dns-query"
+ - name: "add-x-forwarded-headers"
+ type: "bool"
+ default: "false"
+
+incoming-tcp:
+ parameters:
+ - name: "max-in-flight-queries"
+ type: "u32"
+ default: 0
+ - name: "listen-queue-size"
+ type: "u32"
+ default: 0
+ - name: "fast-open-queue-size"
+ type: "u32"
+ default: 0
+ - name: "max-concurrent-connections"
+ type: "u32"
+ default: 0
+
+bind:
+ parameters:
+ - name: "listen-address"
+ type: "String"
+ description: "Address and port to listen to"
+ - name: "reuseport"
+ type: "bool"
+ default: "false"
+ - name: "protocol"
+ type: "String"
+ default: "Do53"
+ - name: "threads"
+ type: "u32"
+ default: "1"
+ - name: "interface"
+ type: "String"
+ default: ""
+ - name: "cpus"
+ type: "String"
+ default: ""
+ - name: "enable-proxy-protocol"
+ type: "bool"
+ default: "false"
+ - name: "tcp"
+ type: "IncomingTcpConfiguration"
+ default: true
+ - name: "tls"
+ type: "IncomingTlsConfiguration"
+ default: true
+ - name: "doh"
+ type: "IncomingDohConfiguration"
+ default: true
+ - name: "doq"
+ type: "IncomingDoqConfiguration"
+ default: true
+ - name: "quic"
+ type: "IncomingQuicConfiguration"
+ default: true
+ - name: "additional-addresses"
+ type: "Vec<String>"
+ default: true
+
+outgoing-tcp:
+ parameters:
+ - name: "connect-timeout"
+ type: "u16"
+ default: 5
+ - name: "send-timeout"
+ type: "u16"
+ default: 30
+ - name: "receive-timeout"
+ type: "u16"
+ default: 30
+ - name: "fast-open"
+ type: "bool"
+ default: "false"
+
+proxy-protocol-value:
+ parameters:
+ - name: "key"
+ type: "u8"
+ - name: "value"
+ type: "String"
+
+lazy-health-check:
+ parameters:
+ - name: "interval"
+ type: "u16"
+ default: 30
+ - name: "min-sample-count"
+ type: "u16"
+ default: 1
+ - name: "mode"
+ type: "String"
+ default: "TimeoutOrServFail"
+ - name: "sample-size"
+ type: "u16"
+ default: 100
+ - name: "threshold"
+ type: "u16"
+ default: 20
+ - name: "use-exponential-back-off"
+ type: "bool"
+ default: "false"
+ - name: "max-back-off"
+ type: "u16"
+ default: 3600
+
+health-check:
+ parameters:
+ - name: "mode"
+ type: "String"
+ default: "auto"
+ - name: "qname"
+ type: "String"
+ default: ""
+ - name: "qclass"
+ type: "String"
+ default: "IN"
+ - name: "qtype"
+ type: "String"
+ default: "A"
+ - name: "function"
+ type: "String"
+ default: ""
+ - name: "timeout"
+ type: "u16"
+ default: 1000
+ - name: "set-cd"
+ type: "bool"
+ default: "false"
+ - name: "max-failures"
+ type: "u8"
+ default: "1"
+ - name: "rise"
+ type: "u8"
+ default: "1"
+ - name: "interval"
+ type: "u32"
+ default: "1"
+ - name: "must-resolve"
+ type: "bool"
+ default: "false"
+ - name: "use-tcp"
+ type: "bool"
+ default: "false"
+ - name: "lazy"
+ type: "LazyHealthCheckConfiguration"
+ default: true
+
+outgoing-auto-upgrade:
+ parameters:
+ - name: "enabled"
+ type: "bool"
+ default: "false"
+ - name: "interval"
+ type: "u32"
+ default: "3600"
+ - name: "keep"
+ type: "bool"
+ default: "false"
+ - name: "pool"
+ type: "String"
+ default: ""
+ - name: "doh-key"
+ type: "u8"
+ default: "7"
+ - name: "use-lazy-health-check"
+ type: "bool"
+ default: "false"
+
+backend:
+ parameters:
+ - name: "address"
+ type: "String"
+ - name: "id"
+ type: "String"
+ default: ""
+ - name: "name"
+ type: "String"
+ default: ""
+ - name: "protocol"
+ type: "String"
+ - name: "tls"
+ type: "OutgoingTlsConfiguration"
+ default: true
+ - name: "doh"
+ type: "OutgoingDohConfiguration"
+ default: true
+ - name: "use-client-subnet"
+ type: "bool"
+ default: "false"
+ - name: "use-proxy-protocol"
+ type: "bool"
+ default: "false"
+ - name: "queries-per-second"
+ type: "u32"
+ default: 0
+ - name: "order"
+ type: "u32"
+ default: 1
+ - name: "weight"
+ type: "u32"
+ default: 1
+ - name: "pools"
+ type: "Vec<String>"
+ default: true
+ - name: "retries"
+ type: "u16"
+ default: 5
+ - name: "tcp"
+ type: "OutgoingTcpConfiguration"
+ default: true
+ - name: "ip-bind-addr-no-port"
+ type: "bool"
+ default: "true"
+ - name: "health-checks"
+ type: "HealthCheckConfiguration"
+ default: true
+ - name: "source"
+ type: "String"
+ default: ""
+ - name: "sockets"
+ type: "u32"
+ default: "1"
+ - name: "disable-zero-scope"
+ type: "bool"
+ default: "false"
+ - name: "reconnect-on-up"
+ type: "bool"
+ default: "false"
+ - name: "max-in-flight"
+ type: "u32"
+ default: "1"
+ - name: "tcp-only"
+ type: "bool"
+ default: "false"
+ - name: "auto-upgrade"
+ type: "OutgoingAutoUpgradeConfiguration"
+ default: true
+ - name: "max-concurrent-tcp-connections"
+ type: "u32"
+ default: 0
+ - name: "ktls"
+ type: "bool"
+ default: "false"
+ - name: "proxy-protocol-advertise-tls"
+ type: "bool"
+ default: "false"
+ - name: "xsk-sockets"
+ type: "Vec<String>"
+ default: true
+ - name: "mac-address"
+ type: "String"
+ default: ""
+ - name: "cpus"
+ type: "String"
+ default: ""
+
+tuning:
+ parameters:
+ - name: "doh"
+ type: "DohTuningConfiguration"
+ default: true
+ - name: "tcp"
+ type: "TcpTuningConfiguration"
+ default: true
+ - name: "tls"
+ type: "TlsTuningConfiguration"
+ default: true
+ - name: "udp"
+ type: "UdpTuningConfiguration"
+ default: true
+
+tcp-tuning:
+ category: "tuning.tcp"
+ parameters:
+ - name: "worker-threads"
+ type: "u32"
+ default: 10
+ lua-name: "setMaxTCPClientThreads"
+ internal-field-name: "d_maxTCPClientThreads"
+ runtime-configurable: false
+ - name: "receive-timeout"
+ type: "u32"
+ default: 2
+ lua-name: "setTCPRecvTimeout"
+ internal-field-name: "d_tcpRecvTimeout"
+ runtime-configurable: true
+ - name: "send-timeout"
+ type: "u32"
+ default: 2
+ lua-name: "setTCPSendTimeout"
+ internal-field-name: "d_tcpSendTimeout"
+ runtime-configurable: true
+ - name: "max-queries-per-connection"
+ type: "u64"
+ default: "0"
+ lua-name: "setMaxTCPQueriesPerConnection"
+ internal-field-name: "d_maxTCPQueriesPerConn"
+ runtime-configurable: true
+ - name: "max-connection-duration"
+ type: "u64"
+ default: "0"
+ lua-name: "setMaxTCPConnectionDuration"
+ internal-field-name: "d_maxTCPConnectionDuration"
+ runtime-configurable: true
+ - name: "max-queued-connections"
+ type: "u64"
+ default: "10000"
+ lua-name: "setMaxTCPQueuedConnections"
+ internal-field-name: "d_maxTCPQueuedConnections"
+ runtime-configurable: false
+ - name: "internal-pipe-buffer-size"
+ type: "u32"
+ default: 1048576
+ lua-name: "setTCPInternalPipeBufferSize"
+ internal-field-name: "d_tcpInternalPipeBufferSize"
+ runtime-configurable: false
+ - name: "outgoing-max-idle-time"
+ type: "u64"
+ default: 300
+ lua-name: "setTCPDownstreamMaxIdleTime"
+ internal-field-name: "d_outgoingTCPMaxIdleTime"
+ runtime-configurable: false
+ - name: "outgoing-cleanup-interval"
+ type: "u64"
+ default: 60
+ lua-name: "setTCPDownstreamCleanupInterval"
+ internal-field-name: "d_outgoingTCPCleanupInterval"
+ runtime-configurable: false
+ - name: "outgoing-max-idle-connection-per-backend"
+ type: "u64"
+ default: 10
+ lua-name: "setMaxCachedTCPConnectionsPerDownstream"
+ internal-field-name: "d_outgoingTCPMaxIdlePerBackend"
+ runtime-configurable: false
+ - name: "max-connections-per-client"
+ type: "u32"
+ default: 0
+ lua-name: "setMaxTCPConnectionsPerClient"
+ internal-field-name: "d_maxTCPConnectionsPerClient"
+ runtime-configurable: false
+ - name: "fast-open-key"
+ type: "String"
+ default: ""
+ lua-name: "setTCPFastOpenKey"
+ runtime-configurable: false
+
+udp-tuning:
+ category: "tuning.udp"
+ parameters:
+ - name: "messages-per-round"
+ type: "u32"
+ default: 1
+ lua-name: "setUDPMultipleMessagesVectorSize"
+ internal-field-name: "d_udpVectorSize"
+ runtime-configurable: false
+ - name: "send-buffer-size"
+ type: "u32"
+ default: 0
+ lua-name: "setUDPSocketBufferSizes"
+ internal-field-name: "d_socketUDPSendBuffer"
+ runtime-configurable: false
+ - name: "receive-buffer-size"
+ type: "u32"
+ default: 0
+ lua-name: "setUDPSocketBufferSizes"
+ internal-field-name: "d_socketUDPRecvBuffer"
+ runtime-configurable: false
+ - name: "max-outstanding-per-backend"
+ type: "u32"
+ default: 65535
+ lua-name: "setMaxUDPOutstanding"
+ internal-field-name: "d_maxUDPOutstanding"
+ runtime-configurable: false
+ - name: "timeout"
+ type: "u8"
+ default: 2
+ lua-name: "setUDPTimeout"
+ internal-field-name: "d_udpTimeout"
+ runtime-configurable: false
+ - name: "randomize-outgoing-sockets-to-backend"
+ type: "bool"
+ default: "false"
+ lua-name: "setRandomizedOutgoingSockets"
+ internal-field-name: "d_randomizeUDPSocketsToBackend"
+ runtime-configurable: false
+ - name: "randomize-ids-to-backend"
+ type: "bool"
+ default: "false"
+ lua-name: "setRandomizedIdsOverUDP"
+ internal-field-name: "d_randomizeIDsToBackend"
+ runtime-configurable: false
+
+tls-tuning:
+ category: "tuning.tls"
+ parameters:
+ - name: "outgoing-tickets-cache-cleanup-delay"
+ type: "u16"
+ default: "60"
+ lua-name: "setOutgoingTLSSessionsCacheCleanupDelay"
+ internal-field-name: "d_tlsSessionCacheCleanupDelay"
+ runtime-configurable: true
+ - name: "outgoing-tickets-cache-validity"
+ type: "u16"
+ default: "600"
+ lua-name: "setOutgoingTLSSessionsCacheMaxTicketValidity"
+ internal-field-name: "d_tlsSessionCacheSessionValidity"
+ runtime-configurable: true
+ - name: "max-outgoing-tickets-per-backend"
+ type: "u16"
+ default: "20"
+ lua-name: "setOutgoingTLSSessionsCacheMaxTicketsPerBackend"
+ internal-field-name: "d_tlsSessionCacheMaxSessionsPerBackend"
+ runtime-configurable: true
+
+doh-tuning:
+ category: "tuning.doh"
+ parameters:
+ - name: "outgoing-worker-threads"
+ type: "u32"
+ default: 10
+ lua-name: "setOutgoingDoHWorkerThreads"
+ internal-field-name: "d_outgoingDoHWorkers"
+ runtime-configurable: false
+ - name: "outgoing-max-idle-time"
+ type: "u64"
+ default: 300
+ lua-name: "setDoHDownstreamMaxIdleTime"
+ internal-field-name: "d_outgoingDoHMaxIdleTime"
+ runtime-configurable: false
+ - name: "outgoing-cleanup-interval"
+ type: "u64"
+ default: 60
+ lua-name: "setDoHDownstreamCleanupInterval"
+ internal-field-name: "d_outgoingDoHCleanupInterval"
+ runtime-configurable: false
+ - name: "outgoing-max-idle-connection-per-backend"
+ type: "u64"
+ default: 10
+ lua-name: "setMaxIdleDoHConnectionsPerDownstream"
+ internal-field-name: "d_outgoingDoHMaxIdlePerBackend"
+ runtime-configurable: false
+
+cache-settings:
+ parameters:
+ - name: "stale-entries-ttl"
+ type: "u32"
+ default: "0"
+ lua-name: "setStaleCacheEntriesTTL"
+ internal-field-name: "d_staleCacheEntriesTTL"
+ runtime-configurable: true
+ - name: "cleaning-delay"
+ type: "u16"
+ default: "60"
+ lua-name: "setCacheCleaningDelay"
+ internal-field-name: "d_cacheCleaningDelay"
+ runtime-configurable: true
+ - name: "cleaning-percentage"
+ type: "u16"
+ default: "100"
+ lua-name: "setCacheCleaningPercentage"
+ internal-field-name: "d_cacheCleaningPercentage"
+ runtime-configurable: true
+
+security-polling:
+ parameters:
+ - name: "polling-interval"
+ type: "u32"
+ default: "3600"
+ lua-name: "setSecurityPollInterval"
+ internal-field-name: "d_secPollInterval"
+ runtime-configurable: true
+ - name: "suffix"
+ type: "String"
+ default: "secpoll.powerdns.com."
+ lua-name: "setSecurityPollSuffix"
+ internal-field-name: "d_secPollSuffix"
+ runtime-configurable: true
+
+general:
+ parameters:
+ - name: "edns-udp-payload-size-self-generated-answers"
+ type: "u16"
+ default: "1232"
+ lua-name: "setPayloadSizeOnSelfGeneratedAnswers"
+ internal-field-name: "d_payloadSizeSelfGenAnswers"
+ runtime-configurable: true
+ - name: "add-edns-to-self-generated-answers"
+ type: "bool"
+ default: "true"
+ lua-name: "setAddEDNSToSelfGeneratedResponses"
+ internal-field-name: "d_addEDNSToSelfGeneratedResponses"
+ runtime-configurable: true
+ - name: "truncate-tc-answers"
+ type: "bool"
+ default: "false"
+ lua-name: "truncateTC"
+ internal-field-name: "d_truncateTC"
+ runtime-configurable: true
+ - name: "fixup-case"
+ type: "bool"
+ default: "false"
+ lua-name: "fixupCase"
+ internal-field-name: "d_fixupCase"
+ runtime-configurable: true
+ - name: "verbose"
+ type: "bool"
+ default: "false"
+ lua-name: "setVerbose"
+ internal-field-name: "d_verbose"
+ runtime-configurable: true
+ - name: "verbose-health-checks"
+ type: "bool"
+ default: "false"
+ lua-name: "setVerboseHealthChecks"
+ internal-field-name: "d_verboseHealthChecks"
+ runtime-configurable: true
+ - name: "allow-empty-responses"
+ type: "bool"
+ default: "false"
+ lua-name: "setAllowEmptyResponse"
+ internal-field-name: "d_allowEmptyResponse"
+ runtime-configurable: true
+ - name: "drop-empty-queries"
+ type: "bool"
+ default: "false"
+ lua-name: "setDropEmptyQueries"
+ internal-field-name: "d_dropEmptyQueries"
+ runtime-configurable: true
+ - name: "capabilities-to-retain"
+ type: "Vec<String>"
+ default: true
+ lua-name: "addCapabilitiesToRetain"
+ runtime-configurable: false
+
+packet-cache:
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "size"
+ type: "u64"
+ - name: "deferrable-insert-lock"
+ type: "bool"
+ default: "true"
+ - name: "dont-age"
+ type: "bool"
+ default: "false"
+ - name: "keep-stale-data"
+ type: "bool"
+ default: "false"
+ - name: "max-negative-ttl"
+ type: "u32"
+ default: "3600"
+ - name: "max-ttl"
+ type: "u32"
+ default: "86400"
+ - name: "min-ttl"
+ type: "u32"
+ default: 0
+ - name: "shards"
+ type: "u32"
+ default: "20"
+ - name: "parse-ecs"
+ type: "bool"
+ default: "false"
+ - name: "stale-ttl"
+ type: "u32"
+ default: "60"
+ - name: "temporary-failure-ttl"
+ type: "u32"
+ default: "60"
+ - name: "cookie-hashing"
+ type: "bool"
+ default: "false"
+ - name: "maximum-entry-size"
+ type: "u32"
+ default: "0"
+ - name: "options-to-skip"
+ type: "Vec<String>"
+ default: true
+
+proxy-protocol:
+ parameters:
+ - name: "acl"
+ type: "Vec<String>"
+ default: ""
+ - name: "maximum-payload-size"
+ type: "u32"
+ default: "512"
+ lua-name: "setProxyProtocolMaximumPayloadSize"
+ internal-field-name: "d_proxyProtocolMaximumSize"
+ runtime-configurable: true
+ - name: "apply-acl-to-proxied-clients"
+ type: "bool"
+ default: "false"
+ lua-name: "setProxyProtocolApplyACLToProxiedClients"
+ internal-field-name: "d_applyACLToProxiedClients"
+ runtime-configurable: true
+
+snmp:
+ parameters:
+ - name: "enabled"
+ type: "bool"
+ default: "false"
+ lua-name: "snmpAgent"
+ internal-field-name: "d_snmpEnabled"
+ runtime-configurable: false
+ - name: "traps-enabled"
+ type: "bool"
+ default: "false"
+ lua-name: "snmpAgent"
+ internal-field-name: "d_snmpTrapsEnabled"
+ runtime-configurable: false
+ - name: "daemon-socket"
+ type: "String"
+ default: ""
+ lua-name: "snmpAgent"
+ internal-field-name: "d_snmpDaemonSocketPath"
+ runtime-configurable: false
+
+query-count:
+ parameters:
+ - name: "enabled"
+ type: "bool"
+ default: "false"
+ - name: "filter"
+ type: "String"
+ default: ""
+
+pool:
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "packet-cache"
+ type: "String"
+ default: true
+ - name: "policy"
+ type: "String"
+ default: "least-outstanding"
+
+custom-load-balancing-policy:
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "function"
+ type: "String"
+ - name: "ffi"
+ type: "bool"
+ default: "false"
+ - name: "per-thread"
+ type: "bool"
+ default: "false"
+
+load-balancing-policies:
+ parameters:
+ - name: "servfail-on-no-server"
+ type: "bool"
+ default: "false"
+ lua-name: "setServFailWhenNoServer"
+ internal-field-name: "d_servFailOnNoPolicy"
+ runtime-configurable: true
+ - name: "round-robin-servfail-on-no-server"
+ type: "bool"
+ default: "false"
+ lua-name: "setRoundRobinFailOnNoServer"
+ internal-field-name: "d_roundrobinFailOnNoServer"
+ runtime-configurable: true
+ - name: "weighted-balancing-factor"
+ type: "f64"
+ default: 0.0
+ lua-name: "setWeightedBalancingFactor"
+ internal-field-name: "d_weightedBalancingFactor"
+ runtime-configurable: false
+ - name: "consistent-hashing-balancing-factor"
+ type: "f64"
+ default: 0.0
+ lua-name: "setConsistentHashingBalancingFactor"
+ internal-field-name: "d_consistentHashBalancingFactor"
+ runtime-configurable: false
+ - name: "custom-policies"
+ type: "Vec<CustomLoadBalancingPolicyConfiguration>"
+ default: true
+ - name: "hash-perturbation"
+ type: "u32"
+ default: "0"
+ lua-name: "setWHashedPertubation"
+ internal-field-name: "d_hashPerturbation"
+ runtime-configurable: false
+
+query-rule:
+ skip-serde: true
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "uuid"
+ type: "String"
+ - name: "selector"
+ type: "Selector"
+ - name: "action"
+ type: "Action"
+
+response-rule:
+ skip-serde: true
+ parameters:
+ - name: "name"
+ type: "String"
+ - name: "uuid"
+ type: "String"
+ - name: "selector"
+ type: "Selector"
+ - name: "action"
+ type: "ResponseAction"
projects / thirdparty / pdns.git / commitdiff
