From: Vasek Sraier Date: Fri, 13 Jan 2023 10:44:37 +0000 (+0100) Subject: doc: removed doc/_static/config.schema.md which was generated and accidentally commited X-Git-Tag: v6.0.0a1~7^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e3cd46f701c9fa1810ff9e78a64d892cea6d269d;p=thirdparty%2Fknot-resolver.git doc: removed doc/_static/config.schema.md which was generated and accidentally commited there are no secrets in that file ;) it's just a build artifact --- diff --git a/doc/_static/config.schema.md b/doc/_static/config.schema.md deleted file mode 100644 index 8731dff18..000000000 --- a/doc/_static/config.schema.md +++ /dev/null @@ -1,185 +0,0 @@ -# JSON Schema - -*Knot Resolver declarative configuration.* - -## Properties - -- **`version`** *(integer)*: Version of the configuration schema. By default it is the latest supported by the resolver, but couple of versions back are be supported as well. Default: `1`. -- **`nsid`** *(['string', 'null'])*: Name Server Identifier (RFC 5001) which allows DNS clients to request resolver to send back its NSID along with the reply to a DNS request. Default: `None`. -- **`hostname`** *(['string', 'null'])*: Internal DNS resolver hostname. Default is machine hostname. Default: `None`. -- **`rundir`** *(string)*: Directory where the resolver can create files and which will be it's cwd. Default: `.`. -- **`workers`**: The number of running kresd (Knot Resolver daemon) workers. If set to 'auto', it is equal to number of CPUs available. Default: `1`. -- **`max-workers`** *(integer)*: The maximum number of workers allowed. Cannot be changed in runtime. Minimum: `1`. Default: `80`. -- **`management`** *(object)*: Configuration of management HTTP API. Default: `{'unix_socket': './manager.sock', 'interface': None}`. - - **`unix-socket`** *(['string', 'null'])*: Path to unix domain socket to listen to. Default: `None`. - - **`interface`** *(['string', 'null'])*: IP address and port number to listen to. Default: `None`. -- **`webmgmt`** *(['object', 'null'])*: Configuration of legacy web management endpoint. Default: `None`. - - **`unix-socket`** *(['string', 'null'])*: Path to unix domain socket to listen to. Default: `None`. - - **`interface`** *(['string', 'null'])*: IP address or interface name with port number to listen to. Default: `None`. - - **`tls`** *(boolean)*: Enable/disable TLS. Default: `False`. - - **`cert-file`** *(['string', 'null'])*: Path to certificate file. Default: `None`. - - **`key-file`** *(['string', 'null'])*: Path to certificate key. Default: `None`. -- **`options`** *(object)*: Fine-tuning global parameters of DNS resolver operation. Default: `{'glue_checking': 'normal', 'qname_minimisation': True, 'query_loopback': False, 'reorder_rrset': True, 'query_case_randomization': True, 'priming': True, 'rebinding_protection': False, 'refuse_no_rd': True, 'time_jump_detection': True, 'violators_workarounds': False, 'serve_stale': False, 'prediction': False}`. - - **`glue-checking`** *(string)*: Glue records scrictness checking level. Must be one of: `['normal', 'strict', 'permissive']`. Default: `normal`. - - **`qname-minimisation`** *(boolean)*: Send minimum amount of information in recursive queries to enhance privacy. Default: `True`. - - **`query-loopback`** *(boolean)*: Permits queries to loopback addresses. Default: `False`. - - **`reorder-rrset`** *(boolean)*: Controls whether resource records within a RRSet are reordered each time it is served from the cache. Default: `True`. - - **`query-case-randomization`** *(boolean)*: Randomize Query Character Case. Default: `True`. - - **`priming`** *(boolean)*: Initializing DNS resolver cache with Priming Queries (RFC 8109). Default: `True`. - - **`rebinding-protection`** *(boolean)*: Protection against DNS Rebinding attack. Default: `False`. - - **`refuse-no-rd`** *(boolean)*: Queries without RD (recursion desired) bit set in query are answered with REFUSED. Default: `True`. - - **`time-jump-detection`** *(boolean)*: Detection of difference between local system time and expiration time bounds in DNSSEC signatures for '. NS' records. Default: `True`. - - **`violators-workarounds`** *(boolean)*: Workarounds for known DNS protocol violators. Default: `False`. - - **`serve-stale`** *(boolean)*: Allows using timed-out records in case DNS resolver is unable to contact upstream servers. Default: `False`. - - **`prediction`**: Helps keep the cache hot by prefetching expiring records and learning usage patterns and repetitive queries. Default: `False`. -- **`network`** *(object)*: Network connections and protocols configuration. Default: `{'do_ipv4': True, 'do_ipv6': True, 'out_interface_v4': None, 'out_interface_v6': None, 'tcp_pipeline': 100, 'edns_tcp_keepalive': True, 'edns_buffer_size': {'upstream': '1232B', 'downstream': '1232B'}, 'address_renumbering': None, 'tls': {'cert_file': None, 'key_file': None, 'sticket_secret': None, 'sticket_secret_file': None, 'auto_discovery': False, 'padding': True}, 'proxy_protocol': False, 'listen': [{'interface': '127.0.0.1', 'unix_socket': None, 'port': 53, 'kind': 'dns', 'freebind': False}, {'interface': '::1', 'unix_socket': None, 'port': 53, 'kind': 'dns', 'freebind': True}]}`. - - **`do-ipv4`** *(boolean)*: Enable/disable using IPv4 for contacting upstream nameservers. Default: `True`. - - **`do-ipv6`** *(boolean)*: Enable/disable using IPv6 for contacting upstream nameservers. Default: `True`. - - **`out-interface-v4`** *(['string', 'null'])*: IPv4 address used to perform queries. Not set by default, which lets the OS choose any address. Default: `None`. - - **`out-interface-v6`** *(['string', 'null'])*: IPv6 address used to perform queries. Not set by default, which lets the OS choose any address. Default: `None`. - - **`tcp-pipeline`** *(integer)*: TCP pipeline limit. The number of outstanding queries that a single client connection can make in parallel. Minimum: `0`. Maximum: `65535`. Default: `100`. - - **`edns-tcp-keepalive`** *(boolean)*: Allows clients to discover the connection timeout. (RFC 7828). Default: `True`. - - **`edns-buffer-size`** *(object)*: Maximum EDNS payload size advertised in DNS packets. Different values can be configured for communication downstream (towards clients) and upstream (towards other DNS servers). Default: `{'upstream': '1232B', 'downstream': '1232B'}`. - - **`upstream`** *(string)*: Maximum EDNS upstream (towards other DNS servers) payload size. Default: `1232B`. - - **`downstream`** *(string)*: Maximum EDNS downstream (towards clients) payload size for communication. Default: `1232B`. - - **`address-renumbering`** *(['array', 'null'])*: Renumbers addresses in answers to different address space. Default: `None`. - - **Items** *(object)*: Renumbers addresses in answers to different address space. - - **`source`** *(string)*: Source subnet. - - **`destination`**: Destination address prefix. - - **`tls`** *(object)*: TLS configuration, also affects DNS over TLS and DNS over HTTPS. Default: `{'cert_file': None, 'key_file': None, 'sticket_secret': None, 'sticket_secret_file': None, 'auto_discovery': False, 'padding': True}`. - - **`cert-file`** *(['string', 'null'])*: Path to certificate file. Default: `None`. - - **`key-file`** *(['string', 'null'])*: Path to certificate key file. Default: `None`. - - **`sticket-secret`** *(['string', 'null'])*: Secret for TLS session resumption via tickets. (RFC 5077). Default: `None`. - - **`sticket-secret-file`** *(['string', 'null'])*: Path to file with secret for TLS session resumption via tickets. (RFC 5077). Default: `None`. - - **`auto-discovery`** *(boolean)*: Automatic discovery of authoritative servers supporting DNS-over-TLS. Default: `False`. - - **`padding`**: EDNS(0) padding of answers to queries that arrive over TLS transport. Default: `True`. - - **`proxy-protocol`**: PROXYv2 protocol configuration. Default: `False`. - - **`listen`** *(array)*: List of interfaces to listen to and its configuration. Default: `[{'interface': '127.0.0.1', 'unix_socket': None, 'port': 53, 'kind': 'dns', 'freebind': False}, {'interface': '::1', 'unix_socket': None, 'port': 53, 'kind': 'dns', 'freebind': True}]`. - - **Items** *(object)*: Configuration of listening interface. - - **`interface`**: IP address or interface name with optional port number to listen to. Default: `None`. - - **`unix-socket`**: Path to unix domain socket to listen to. Default: `None`. - - **`port`** *(['integer', 'null'])*: Port number to listen to. Minimum: `1`. Maximum: `65535`. Default: `None`. - - **`kind`** *(string)*: Specifies DNS query transport protocol. Must be one of: `['dns', 'xdp', 'dot', 'doh-legacy', 'doh2']`. Default: `dns`. - - **`freebind`** *(boolean)*: Used for binding to non-local address. Default: `False`. -- **`static-hints`** *(object)*: Static hints for forward records (A/AAAA) and reverse records (PTR). Default: `{'ttl': None, 'nodata': True, 'etc_hosts': False, 'root_hints': None, 'root_hints_file': None, 'hints': None, 'hints_files': None}`. - - **`ttl`** *(['string', 'null'])*: TTL value used for records added from static hints. Default: `None`. - - **`nodata`** *(boolean)*: Use NODATA synthesis. NODATA will be synthesised for matching hint name, but mismatching type. Default: `True`. - - **`etc-hosts`** *(boolean)*: Add hints from '/etc/hosts' file. Default: `False`. - - **`root-hints`** *(['object', 'null'])*: Direct addition of root hints pairs (hostname, list of addresses). Can contain additional properties. Default: `None`. - - **Additional Properties** *(array)* - - **Items** - - **`root-hints-file`** *(['string', 'null'])*: Path to root hints in zonefile. Replaces all current root hints. Default: `None`. - - **`hints`** *(['object', 'null'])*: Direct addition of hints pairs (hostname, list of addresses). Can contain additional properties. Default: `None`. - - **Additional Properties** *(array)* - - **Items** - - **`hints-files`** *(['array', 'null'])*: Path to hints in hosts-like file. Default: `None`. - - **Items** *(string)* -- **`views`** *(['object', 'null'])*: List of views and its configuration. Can contain additional properties. Default: `None`. - - **Additional Properties** *(object)*: Configuration parameters that allow you to create personalized policy rules and other. - - **`subnets`** *(['array', 'null'])*: Identifies the client based on his subnet. Default: `None`. - - **Items** *(string)* - - **`tsig`** *(['array', 'null'])*: Identifies the client based on a TSIG key name (for testing purposes, TSIG signature is not verified!). Default: `None`. - - **Items** *(string)* - - **`options`** *(['array', 'null'])*: Configuration flags for clients identified by the view. Default: `None`. - - **Items** *(string)*: Must be one of: `['no-minimize', 'no-ipv4', 'no-ipv6', 'tcp', 'resolved', 'await-ipv4', 'await-ipv6', 'await-cut', 'no-edns', 'cached', 'no-cache', 'expiring', 'allow_local', 'dnssec-want', 'dnssec-bogus', 'dnssec-insecure', 'dnssec-cd', 'stub', 'always-cut', 'dnssec-wexpand', 'permissive', 'strict', 'badcookie-again', 'cname', 'reorder-rr', 'trace', 'no-0x20', 'dnssec-nods', 'dnssec-optout', 'nonauth', 'forward', 'dns64-mark', 'cache-tried', 'no-ns-found', 'pkt-is-sane', 'dns64-disable']`. -- **`slices`** *(['array', 'null'])*: Split the entire DNS namespace into distinct slices. Default: `None`. - - **Items** *(object)*: Split the entire DNS namespace into distinct slices. - - **`function`** *(string)*: Slicing function that returns index based on query. Must be one of: `['randomize-psl']`. Default: `randomize-psl`. - - **`views`** *(['array', 'null'])*: Use this Slice only for clients defined by views. Default: `None`. - - **Items** *(string)* - - **`actions`** *(array)*: Actions for slice. - - **Items** *(object)*: Configuration of policy action. - - **`action`** *(string)*: Policy action. Must be one of: `['pass', 'deny', 'drop', 'refuse', 'tc', 'reroute', 'answer', 'mirror', 'forward', 'stub', 'debug-always', 'debug-cache-miss', 'qtrace', 'reqtrace']`. - - **`message`** *(['string', 'null'])*: Deny message for 'deny' action. Default: `None`. - - **`reroute`** *(['array', 'null'])*: Configuration for 'reroute' action. Default: `None`. - - **Items** *(object)*: Renumbers addresses in answers to different address space. - - **`source`** *(string)*: Source subnet. - - **`destination`**: Destination address prefix. - - **`answer`** *(['object', 'null'])*: Answer definition for 'answer' action. Default: `None`. - - **`rtype`** *(string)*: Type of DNS resource record. Must be one of: `['A', 'A6', 'AAAA', 'AFSDB', 'ANY', 'APL', 'ATMA', 'AVC', 'AXFR', 'CAA', 'CDNSKEY', 'CDS', 'CERT', 'CNAME', 'CSYNC', 'DHCID', 'DLV', 'DNAME', 'DNSKEY', 'DOA', 'DS', 'EID', 'EUI48', 'EUI64', 'GID', 'GPOS', 'HINFO', 'HIP', 'HTTPS', 'IPSECKEY', 'ISDN', 'IXFR', 'KEY', 'KX', 'L32', 'L64', 'LOC', 'LP', 'MAILA', 'MAILB', 'MB', 'MD', 'MF', 'MG', 'MINFO', 'MR', 'MX', 'NAPTR', 'NID', 'NIMLOC', 'NINFO', 'NS', 'NSAP', 'NSAP-PTR', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'NULL', 'NXT', 'OPENPGPKEY', 'OPT', 'PTR', 'PX', 'RKEY', 'RP', 'RRSIG', 'RT', 'SIG', 'SINK', 'SMIMEA', 'SOA', 'SPF', 'SRV', 'SSHFP', 'SVCB', 'TA', 'TALINK', 'TKEY', 'TLSA', 'TSIG', 'TXT', 'UID', 'UINFO', 'UNSPEC', 'URI', 'WKS', 'X25', 'ZONEMD']`. - - **`rdata`** *(string)*: Data of DNS resource record. - - **`ttl`** *(string)*: Time-to-live value for defined answer. Default: `1s`. - - **`nodata`** *(boolean)*: Answer with NODATA If requested type is not configured in the answer. Otherwise policy rule is ignored. Default: `False`. - - **`servers`**: Servers configuration for 'mirror', 'forward' and 'stub' action. Default: `None`. -- **`policy`** *(['array', 'null'])*: List of policy rules and its configuration. Default: `None`. - - **Items** *(object)*: Configuration of policy rule. - - **`action`** *(string)*: Policy rule action. Must be one of: `['pass', 'deny', 'drop', 'refuse', 'tc', 'reroute', 'answer', 'mirror', 'forward', 'stub', 'debug-always', 'debug-cache-miss', 'qtrace', 'reqtrace']`. - - **`priority`** *(['integer', 'null'])*: Policy rule priority. Default: `None`. - - **`filter`** *(['object', 'null'])*: Query filtering configuration. Default: `None`. - - **`suffix`** *(['string', 'null'])*: Filter based on the suffix of the query name. Default: `None`. - - **`pattern`** *(['string', 'null'])*: Filter based on the pattern that match query name. Default: `None`. - - **`qtype`** *(['string', 'null'])*: Filter based on the DNS query type. Must be one of: `['A', 'A6', 'AAAA', 'AFSDB', 'ANY', 'APL', 'ATMA', 'AVC', 'AXFR', 'CAA', 'CDNSKEY', 'CDS', 'CERT', 'CNAME', 'CSYNC', 'DHCID', 'DLV', 'DNAME', 'DNSKEY', 'DOA', 'DS', 'EID', 'EUI48', 'EUI64', 'GID', 'GPOS', 'HINFO', 'HIP', 'HTTPS', 'IPSECKEY', 'ISDN', 'IXFR', 'KEY', 'KX', 'L32', 'L64', 'LOC', 'LP', 'MAILA', 'MAILB', 'MB', 'MD', 'MF', 'MG', 'MINFO', 'MR', 'MX', 'NAPTR', 'NID', 'NIMLOC', 'NINFO', 'NS', 'NSAP', 'NSAP-PTR', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'NULL', 'NXT', 'OPENPGPKEY', 'OPT', 'PTR', 'PX', 'RKEY', 'RP', 'RRSIG', 'RT', 'SIG', 'SINK', 'SMIMEA', 'SOA', 'SPF', 'SRV', 'SSHFP', 'SVCB', 'TA', 'TALINK', 'TKEY', 'TLSA', 'TSIG', 'TXT', 'UID', 'UINFO', 'UNSPEC', 'URI', 'WKS', 'X25', 'ZONEMD']`. Default: `None`. - - **`views`** *(['array', 'null'])*: Use policy rule only for clients defined by views. Default: `None`. - - **Items** *(string)* - - **`options`** *(['array', 'null'])*: Configuration flags for policy rule. Default: `None`. - - **Items** *(string)*: Must be one of: `['no-minimize', 'no-ipv4', 'no-ipv6', 'tcp', 'resolved', 'await-ipv4', 'await-ipv6', 'await-cut', 'no-edns', 'cached', 'no-cache', 'expiring', 'allow_local', 'dnssec-want', 'dnssec-bogus', 'dnssec-insecure', 'dnssec-cd', 'stub', 'always-cut', 'dnssec-wexpand', 'permissive', 'strict', 'badcookie-again', 'cname', 'reorder-rr', 'trace', 'no-0x20', 'dnssec-nods', 'dnssec-optout', 'nonauth', 'forward', 'dns64-mark', 'cache-tried', 'no-ns-found', 'pkt-is-sane', 'dns64-disable']`. - - **`message`** *(['string', 'null'])*: Deny message for 'deny' action. Default: `None`. - - **`reroute`** *(['array', 'null'])*: Configuration for 'reroute' action. Default: `None`. - - **Items** *(object)*: Renumbers addresses in answers to different address space. - - **`source`** *(string)*: Source subnet. - - **`destination`**: Destination address prefix. - - **`answer`** *(['object', 'null'])*: Answer definition for 'answer' action. Default: `None`. - - **`rtype`** *(string)*: Type of DNS resource record. Must be one of: `['A', 'A6', 'AAAA', 'AFSDB', 'ANY', 'APL', 'ATMA', 'AVC', 'AXFR', 'CAA', 'CDNSKEY', 'CDS', 'CERT', 'CNAME', 'CSYNC', 'DHCID', 'DLV', 'DNAME', 'DNSKEY', 'DOA', 'DS', 'EID', 'EUI48', 'EUI64', 'GID', 'GPOS', 'HINFO', 'HIP', 'HTTPS', 'IPSECKEY', 'ISDN', 'IXFR', 'KEY', 'KX', 'L32', 'L64', 'LOC', 'LP', 'MAILA', 'MAILB', 'MB', 'MD', 'MF', 'MG', 'MINFO', 'MR', 'MX', 'NAPTR', 'NID', 'NIMLOC', 'NINFO', 'NS', 'NSAP', 'NSAP-PTR', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'NULL', 'NXT', 'OPENPGPKEY', 'OPT', 'PTR', 'PX', 'RKEY', 'RP', 'RRSIG', 'RT', 'SIG', 'SINK', 'SMIMEA', 'SOA', 'SPF', 'SRV', 'SSHFP', 'SVCB', 'TA', 'TALINK', 'TKEY', 'TLSA', 'TSIG', 'TXT', 'UID', 'UINFO', 'UNSPEC', 'URI', 'WKS', 'X25', 'ZONEMD']`. - - **`rdata`** *(string)*: Data of DNS resource record. - - **`ttl`** *(string)*: Time-to-live value for defined answer. Default: `1s`. - - **`nodata`** *(boolean)*: Answer with NODATA If requested type is not configured in the answer. Otherwise policy rule is ignored. Default: `False`. - - **`servers`**: Servers configuration for 'mirror', 'forward' and 'stub' action. Default: `None`. -- **`rpz`** *(['array', 'null'])*: List of Response Policy Zones and its configuration. Default: `None`. - - **Items** *(object)*: Configuration or Response Policy Zone (RPZ). - - **`action`** *(string)*: RPZ rule action, typically 'deny'. Must be one of: `['pass', 'deny', 'drop', 'refuse', 'tc', 'reroute', 'answer', 'mirror', 'forward', 'stub', 'debug-always', 'debug-cache-miss', 'qtrace', 'reqtrace']`. - - **`file`** *(string)*: Path to the RPZ zone file. - - **`watch`** *(boolean)*: Reload the file when it changes. Default: `True`. - - **`views`** *(['array', 'null'])*: Use RPZ rule only for clients defined by views. Default: `None`. - - **Items** *(string)* - - **`options`** *(['array', 'null'])*: Configuration flags for RPZ rule. Default: `None`. - - **Items** *(string)*: Must be one of: `['no-minimize', 'no-ipv4', 'no-ipv6', 'tcp', 'resolved', 'await-ipv4', 'await-ipv6', 'await-cut', 'no-edns', 'cached', 'no-cache', 'expiring', 'allow_local', 'dnssec-want', 'dnssec-bogus', 'dnssec-insecure', 'dnssec-cd', 'stub', 'always-cut', 'dnssec-wexpand', 'permissive', 'strict', 'badcookie-again', 'cname', 'reorder-rr', 'trace', 'no-0x20', 'dnssec-nods', 'dnssec-optout', 'nonauth', 'forward', 'dns64-mark', 'cache-tried', 'no-ns-found', 'pkt-is-sane', 'dns64-disable']`. - - **`message`** *(['string', 'null'])*: Deny message for 'deny' action. Default: `None`. -- **`stub-zones`** *(['array', 'null'])*: List of Stub Zones and its configuration. Default: `None`. - - **Items** *(object)*: Configuration of Stub Zone. - - **`name`** *(string)*: Domain name of the zone. - - **`servers`**: IP address of Stub server. - - **`views`** *(['array', 'null'])*: Use this Stub Zone only for clients defined by views. Default: `None`. - - **Items** *(string)* - - **`options`** *(['array', 'null'])*: Configuration flags for Stub Zone. Default: `None`. - - **Items** *(string)*: Must be one of: `['no-minimize', 'no-ipv4', 'no-ipv6', 'tcp', 'resolved', 'await-ipv4', 'await-ipv6', 'await-cut', 'no-edns', 'cached', 'no-cache', 'expiring', 'allow_local', 'dnssec-want', 'dnssec-bogus', 'dnssec-insecure', 'dnssec-cd', 'stub', 'always-cut', 'dnssec-wexpand', 'permissive', 'strict', 'badcookie-again', 'cname', 'reorder-rr', 'trace', 'no-0x20', 'dnssec-nods', 'dnssec-optout', 'nonauth', 'forward', 'dns64-mark', 'cache-tried', 'no-ns-found', 'pkt-is-sane', 'dns64-disable']`. -- **`forward-zones`** *(['array', 'null'])*: List of Forward Zones and its configuration. Default: `None`. - - **Items** *(object)*: Configuration of Forward Zone. - - **`name`** *(string)*: Domain name of the zone. - - **`tls`** *(boolean)*: Enable/disable TLS for Forward servers. Default: `False`. - - **`servers`**: IP address of Forward server. - - **`views`** *(['array', 'null'])*: Use this Forward Zone only for clients defined by views. Default: `None`. - - **Items** *(string)* - - **`options`** *(['array', 'null'])*: Configuration flags for Forward Zone. Default: `None`. - - **Items** *(string)*: Must be one of: `['no-minimize', 'no-ipv4', 'no-ipv6', 'tcp', 'resolved', 'await-ipv4', 'await-ipv6', 'await-cut', 'no-edns', 'cached', 'no-cache', 'expiring', 'allow_local', 'dnssec-want', 'dnssec-bogus', 'dnssec-insecure', 'dnssec-cd', 'stub', 'always-cut', 'dnssec-wexpand', 'permissive', 'strict', 'badcookie-again', 'cname', 'reorder-rr', 'trace', 'no-0x20', 'dnssec-nods', 'dnssec-optout', 'nonauth', 'forward', 'dns64-mark', 'cache-tried', 'no-ns-found', 'pkt-is-sane', 'dns64-disable']`. -- **`cache`** *(object)*: DNS resolver cache configuration. Default: `{'garbage_collector': True, 'storage': '/var/cache/knot-resolver', 'size_max': '100M', 'ttl_min': '5s', 'ttl_max': '6d', 'ns_timeout': '1000ms', 'prefill': None}`. - - **`garbage-collector`** *(boolean)*: Automatically use garbage collector to periodically clear cache. Default: `True`. - - **`storage`** *(string)*: Cache storage of the DNS resolver. Default: `/var/cache/knot-resolver`. - - **`size-max`** *(string)*: Maximum size of the cache. Default: `100M`. - - **`ttl-min`** *(string)*: Minimum time-to-live for the cache entries. Default: `5s`. - - **`ttl-max`** *(string)*: Maximum time-to-live for the cache entries. Default: `6d`. - - **`ns-timeout`** *(string)*: Time interval for which a nameserver address will be ignored after determining that it does not return (useful) answers. Default: `1000ms`. - - **`prefill`** *(['array', 'null'])*: Prefill the cache periodically by importing zone data obtained over HTTP. Default: `None`. - - **Items** *(object)*: Prefill the cache periodically by importing zone data obtained over HTTP. - - **`origin`** *(string)*: Origin for the imported data. Cache prefilling is only supported for the root zone ('.'). - - **`url`** *(string)*: URL of the zone data to be imported. - - **`refresh-interval`** *(string)*: Time interval between consecutive refreshes of the imported zone data. Default: `1d`. - - **`ca-file`** *(['string', 'null'])*: Path to the file containing a CA certificate bundle that is used to authenticate the HTTPS connection. Default: `None`. -- **`dnssec`**: Disable DNSSEC, enable with defaults or set new configuration. Default: `True`. -- **`dns64`**: Disable DNS64 (RFC 6147), enable with defaults or set new configuration. Default: `False`. -- **`logging`** *(object)*: Logging and debugging configuration. Default: `{'level': 'notice', 'target': 'stdout', 'groups': None, 'dnssec_bogus': False, 'dnstap': False, 'debugging': {'assertion_abort': False, 'assertion_fork': '5m'}}`. - - **`level`** *(string)*: Global logging level. Must be one of: `['crit', 'err', 'warning', 'notice', 'info', 'debug']`. Default: `notice`. - - **`target`**: Global logging stream target. "from-env" uses $KRES_LOG_TARGET and defaults to "stdout". Default: `from-env`. - - **`groups`** *(['array', 'null'])*: List of groups for which 'debug' logging level is set. Default: `None`. - - **Items** *(string)*: Must be one of: `['manager', 'supervisord', 'system', 'cache', 'io', 'net', 'ta', 'tasent', 'tasign', 'taupd', 'tls', 'gnutls', 'tls_cl', 'xdp', 'zimprt', 'zscann', 'doh', 'dnssec', 'hint', 'plan', 'iterat', 'valdtr', 'resolv', 'select', 'zonecut', 'cookie', 'statis', 'rebind', 'worker', 'policy', 'daf', 'timejm', 'timesk', 'graphi', 'prefil', 'primin', 'srvstl', 'wtchdg', 'nsid', 'dnstap', 'tests', 'dotaut', 'http', 'contrl', 'module', 'devel', 'reqdbg']`. - - **`dnssec-bogus`** *(boolean)*: Logging a message for each DNSSEC validation failure. Default: `False`. - - **`dnstap`**: Logging DNS requests and responses to a unix socket. Default: `False`. - - **`debugging`** *(object)*: Advanced debugging parameters for kresd (Knot Resolver daemon). Default: `{'assertion_abort': False, 'assertion_fork': '5m'}`. - - **`assertion-abort`** *(boolean)*: Allow the process to be aborted in case it encounters a failed assertion. Default: `False`. - - **`assertion-fork`** *(string)*: Fork and abord child kresd process to obtain a coredump, while the parent process recovers and keeps running. Default: `5m`. -- **`monitoring`** *(object)*: Metrics exposisition configuration (Prometheus, Graphite). Default: `{'enabled': 'lazy', 'graphite': False}`. - - **`enabled`** *(string)*: configures, whether statistics module will be loaded into resolver. Must be one of: `['manager-only', 'lazy', 'always']`. Default: `lazy`. - - **`graphite`**: optionally configures where should graphite metrics be sent to. Default: `False`. -- **`lua`** *(object)*: Custom Lua configuration. Default: `{'script_only': False, 'script': None, 'script_file': None}`. - - **`script-only`** *(boolean)*: Ignore declarative configuration and use only Lua script or file defined in this section. Default: `False`. - - **`script`** *(['string', 'null'])*: Custom Lua configuration script. Default: `None`. - - **`script-file`** *(['string', 'null'])*: Path to file that contains Lua configuration script. Default: `None`.