######### SECTION carbon ######### carbon: ##### If set overwrites the instance name default # instance: recursor ##### Number of seconds between carbon (graphite) updates # interval: 30 ##### If set overwrites the first part of the carbon string # ns: pdns ##### If set, overrides our reported hostname for carbon stats # ourname: '' ##### If set, send metrics in carbon (graphite) format to this server IP address # server: [] ######### SECTION dnssec ######### dnssec: ##### Maximum estimated NSEC3 cost for a given query to consider aggressive use of the NSEC3 cache # aggressive_cache_max_nsec3_hash_cost: 150 ##### The minimum expected hit ratio to store NSEC3 records into the aggressive cache # aggressive_cache_min_nsec3_hit_ratio: 2000 ##### The number of records to cache in the aggressive cache. If set to a value greater than 0, and DNSSEC processing or validation is enabled, the recursor will cache NSEC and NSEC3 records to generate negative answers, as defined in rfc8198 # aggressive_nsec_cache_size: 100000 ##### List of DNSSEC algorithm numbers that are considered unsupported # disabled_algorithms: [] ##### Log DNSSEC bogus validations # log_bogus: false ##### Maximum number of DNSKEYs with the same algorithm and tag to consider when validating a given record # max_dnskeys: 2 ##### Maximum number of DS records to consider per zone # max_ds_per_zone: 8 ##### Maximum number of NSEC3 hashes that we are willing to compute during DNSSEC validation, per incoming query # max_nsec3_hash_computations_per_query: 600 ##### Maximum number of NSEC3s to consider when validating a given denial of existence # max_nsec3s_per_record: 10 ##### Maximum number of RRSIGs to consider when validating a given record # max_rrsigs_per_record: 2 ##### Maximum number of RRSIG signatures we are willing to validate per incoming query # max_signature_validations_per_query: 30 ##### # negative_trustanchors: [] ##### Maximum number of iterations allowed for an NSEC3 record # nsec3_max_iterations: 50 ##### Allow the signature inception to be off by this number of seconds # signature_inception_skew: 60 ##### A path to a zone file containing trust anchors # trustanchorfile: '' ##### # trustanchorfile_interval: 24 ##### Sequence of trust anchors # trustanchors: [] ##### DNSSEC mode: off/process-no-validate/process (default)/log-fail/validate # validation: process ##### Collect DNSSEC statistics for names or suffixes in this list in separate x-dnssec counters # x_dnssec_names: [] ######### SECTION ecs ######### ecs: ##### List of client netmasks for which EDNS Client Subnet will be added # add_for: # - 0.0.0.0/0 # - ::/0 # - '!127.0.0.0/8' # - '!10.0.0.0/8' # - '!100.64.0.0/10' # - '!169.254.0.0/16' # - '!192.168.0.0/16' # - '!172.16.0.0/12' # - '!::1/128' # - '!fc00::/7' # - '!fe80::/10' ##### Minimum TTL to cache ECS response # cache_limit_ttl: 0 ##### Number of bits of IPv4 address to pass for EDNS Client Subnet # ipv4_bits: 24 ##### Maximum number of bits of IPv4 mask to cache ECS response # ipv4_cache_bits: 24 ##### If we should never cache IPv4 ECS responses # ipv4_never_cache: false ##### Number of bits of IPv6 address to pass for EDNS Client Subnet # ipv6_bits: 56 ##### Maximum number of bits of IPv6 mask to cache ECS response # ipv6_cache_bits: 56 ##### If we should never cache IPv6 ECS responses # ipv6_never_cache: false ##### The minimum TTL for records in ECS-specific answers # minimum_ttl_override: 1 ##### Address to send to allow-listed authoritative servers for incoming queries with ECS prefix-length source of 0 # scope_zero_address: '' ######### SECTION incoming ######### incoming: ##### If set, only allow these comma separated netmasks to recurse # allow_from: # - 127.0.0.0/8 # - 10.0.0.0/8 # - 100.64.0.0/10 # - 169.254.0.0/16 # - 192.168.0.0/16 # - 172.16.0.0/12 # - ::1/128 # - fc00::/7 # - fe80::/10 ##### If set, load allowed netmasks from this file # allow_from_file: '' ##### Allow 'no recursion desired (RD=0)' queries. # allow_no_rd: false ##### If set, NOTIFY requests for these zones will be allowed # allow_notify_for: [] ##### If set, load NOTIFY-allowed zones from this file # allow_notify_for_file: '' ##### If set, NOTIFY requests from these comma separated netmasks will be allowed # allow_notify_from: [] ##### If set, load NOTIFY-allowed netmasks from this file # allow_notify_from_file: '' ##### The load factor used when PowerDNS is distributing queries to worker threads # distribution_load_factor: 0.0 ##### Size in bytes of the internal buffer of the pipe used by the distributor to pass incoming queries to a worker thread # distribution_pipe_buffer_size: 0 ##### Launch this number of distributor threads, distributing queries to other threads # distributor_threads: 0 ##### List of netmasks (proxy IP in case of proxy-protocol presence, client IP otherwise) for which EDNS padding will be enabled in responses, provided that 'edns-padding-mode' applies # edns_padding_from: [] ##### Whether to add EDNS padding to all responses ('always') or only to responses for queries containing the EDNS padding option ('padded-queries-only', the default). In both modes, padding will only be added to responses for queries coming from 'setting-edns-padding-from' sources # edns_padding_mode: padded-queries-only ##### Packetcache tag associated to responses sent with EDNS padding, to prevent sending these to clients for which padding is not enabled. # edns_padding_tag: 7830 ##### If EDNS Options should be extracted before calling the gettag() hook # gettag_needs_edns_options: false ##### IP addresses to listen on, separated by spaces or commas. Also accepts ports. # listen: # - 127.0.0.1 ##### Maximum number of requests handled concurrently per TCP connection # max_concurrent_requests_per_tcp_connection: 10 ##### Maximum number of simultaneous TCP clients # max_tcp_clients: 128 ##### If set, maximum number of TCP sessions per client (IP address) # max_tcp_per_client: 0 ##### If set, maximum number of TCP queries in a TCP connection # max_tcp_queries_per_connection: 0 ##### Maximum number of UDP queries processed per recvmsg() round, before returning back to normal processing # max_udp_queries_per_round: 10000 ##### Enable binding to non-local addresses by using FREEBIND / BINDANY socket options # non_local_bind: false ##### If PowerDNS itself should distribute queries over threads # pdns_distributes_queries: false ##### port to listen on # port: 53 ##### A Proxy Protocol header should not be used for these listen addresses. # proxy_protocol_exceptions: [] ##### A Proxy Protocol header is required from these subnets # proxy_protocol_from: [] ##### The maximum size of a proxy protocol payload, including the TLV values # proxy_protocol_maximum_size: 512 ##### Sequence of ProxyMapping # proxymappings: [] ##### Enable SO_REUSEPORT allowing multiple recursors processes to listen to 1 address # reuseport: true ##### Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size # tcp_fast_open: 0 ##### Timeout in seconds when talking to TCP clients # tcp_timeout: 2 ##### Maximum UDP response size before we truncate # udp_truncation_threshold: 1232 ##### Pass along received EDNS Client Subnet information # use_incoming_edns_subnet: false ######### SECTION logging ######### logging: ##### If we should log rather common errors # common_errors: false ##### Disable logging to syslog, useful when running inside a supervisor that logs stderr # disable_syslog: false ##### # dnstap_framestream_servers: [] ##### # dnstap_nod_framestream_servers: [] ##### Facility to log messages as. 0 corresponds to local0 # facility: '' ##### Amount of logging. Higher is more. Do not set below 3 # loglevel: 6 ##### # outgoing_protobuf_servers: [] ##### # protobuf_servers: [] ##### Compute the latency of queries in protobuf messages by using the timestamp set by the kernel when the query was received (when available) # protobuf_use_kernel_timestamp: false ##### Suppress logging of questions and answers # quiet: true ##### Log additions and removals to RPZ zones at Info level # rpz_changes: false ##### Number of seconds between printing of recursor statistics, 0 to disable # statistics_interval: 1800 ##### Prefer structured logging # structured_logging: true ##### Structured logging backend # structured_logging_backend: default ##### Print timestamps in log lines, useful to disable when running with a tool that timestamps stderr already # timestamp: true ##### if we should output heaps of logging. set to 'fail' to only log failing domains # trace: no ######### SECTION nod ######### nod: ##### Size of the DB used to track new domains in terms of number of cells. Defaults to 67108864 # db_size: 67108864 ##### Interval (in seconds) to write the NOD and UDR DB snapshots # db_snapshot_interval: 600 ##### Persist new domain tracking data here to persist between restarts # history_dir: /var/lib/pdns-recursor/nod ##### List of domains (and implicitly all subdomains) which will never be considered a new domain # ignore_list: [] ##### File with a list of domains (and implicitly all subdomains) which will never be considered a new domain # ignore_list_file: '' ##### Log newly observed domains. # log: true ##### Perform a DNS lookup newly observed domains as a subdomain of the configured domain # lookup: '' ##### If protobuf is configured, the tag to use for messages containing newly observed domains. Defaults to 'pdns-nod' # pb_tag: pdns-nod ##### Track newly observed domains (i.e. never seen before). # tracking: false ##### Size of the DB used to track unique responses in terms of number of cells. Defaults to 67108864 # unique_response_db_size: 67108864 ##### Persist unique response tracking data here to persist between restarts # unique_response_history_dir: /var/lib/pdns-recursor/udr ##### List of domains (and implicitly all subdomains) which will never be considered for UDR # unique_response_ignore_list: [] ##### File with list of domains (and implicitly all subdomains) which will never be considered for UDR # unique_response_ignore_list_file: '' ##### Log unique responses # unique_response_log: true ##### If protobuf is configured, the tag to use for messages containing unique DNS responses. Defaults to 'pdns-udr' # unique_response_pb_tag: pdns-udr ##### Track unique responses (tuple of query name, type and RR). # unique_response_tracking: false ######### SECTION outgoing ######### outgoing: ##### Determines the probability of a server marked down to be used anyway # bypass_server_throttling_probability: 25 ##### If set, do not query these netmasks for DNS data # dont_query: # - 127.0.0.0/8 # - 10.0.0.0/8 # - 100.64.0.0/10 # - 169.254.0.0/16 # - 192.168.0.0/16 # - 172.16.0.0/12 # - ::1/128 # - fc00::/7 # - fe80::/10 # - 0.0.0.0/8 # - 192.0.0.0/24 # - 192.0.2.0/24 # - 198.51.100.0/24 # - 203.0.113.0/24 # - 240.0.0.0/4 # - ::/96 # - ::ffff:0:0/96 # - 100::/64 # - 2001:db8::/32 ##### Do not throttle nameservers with this name or suffix # dont_throttle_names: [] ##### Do not throttle nameservers with this IP netmask # dont_throttle_netmasks: [] ##### Use DoT to authoritative servers with these names or suffixes # dot_to_auth_names: [] ##### Force DoT connection to target port 853 if DoT compiled in # dot_to_port_853: true ##### Outgoing EDNS buffer size # edns_bufsize: 1232 ##### Whether to add EDNS padding to outgoing DoT messages # edns_padding: true ##### List of netmasks and domains that we should enable EDNS subnet for # edns_subnet_allow_list: [] ##### Force outgoing questions to lowercase # lowercase: false ##### Maximum number of concurrent DoT probes # max_busy_dot_probes: 0 ##### Maximum outgoing NS address queries per query # max_ns_address_qperq: 10 ##### Maximum number of NS records to consider to resolve a name, 0 is no limit # max_ns_per_resolve: 13 ##### Maximum outgoing queries per query # max_qperq: 50 ##### Wait this number of milliseconds for network i/o # network_timeout: 1500 ##### Number of failed address resolves of a nameserver to start throttling it, 0 is disabled # non_resolving_ns_max_fails: 5 ##### Number of seconds to throttle a nameserver with a name failing to resolve # non_resolving_ns_throttle_time: 60 ##### Maximum number of consecutive timeouts (and unreachables) to mark a server as down ( 0 => disabled ) # server_down_max_fails: 64 ##### Number of seconds to throttle all queries to a server after being marked as down # server_down_throttle_time: 60 ##### If set, only use a single socket for outgoing queries # single_socket: false ##### Source IP address for sending queries # source_address: # - 0.0.0.0 ##### Enable TCP Fast Open support on outgoing sockets # tcp_fast_open_connect: false ##### Time TCP/DoT connections are left idle in milliseconds or 0 if no limit # tcp_max_idle_ms: 10000 ##### Maximum number of idle TCP/DoT connections to a specific IP per thread, 0 means do not keep idle connections open # tcp_max_idle_per_auth: 10 ##### Maximum number of idle TCP/DoT connections per thread # tcp_max_idle_per_thread: 100 ##### Maximum total number of queries per TCP/DoT connection, 0 means no limit # tcp_max_queries: 0 ##### List of comma separated UDP port number to avoid # udp_source_port_avoid: # - '11211' ##### Maximum UDP port to bind on # udp_source_port_max: 65535 ##### Minimum UDP port to bind on # udp_source_port_min: 1024 ######### SECTION packetcache ######### packetcache: ##### Disable packetcache # disable: false ##### maximum number of entries to keep in the packetcache # max_entries: 500000 ##### maximum number of seconds to keep a cached NxDomain or NoData entry in packetcache # negative_ttl: 60 ##### maximum number of seconds to keep a cached servfail entry in packetcache # servfail_ttl: 60 ##### Number of shards in the packet cache # shards: 1024 ##### maximum number of seconds to keep a cached entry in packetcache # ttl: 86400 ######### SECTION recordcache ######### recordcache: ##### Replace records in record cache only after this % of original TTL has passed # locked_ttl_perc: 0 ##### maximum number of seconds to keep a Bogus (positive or negative) cached entry in memory # max_cache_bogus_ttl: 3600 ##### If set, maximum number of entries in the main cache # max_entries: 1000000 ##### maximum number of seconds to keep a negative cached entry in memory # max_negative_ttl: 3600 ##### maximum number of seconds to keep a cached entry in memory # max_ttl: 86400 ##### If a record is requested from the cache and only this % of original TTL remains, refetch # refresh_on_ttl_perc: 0 ##### Number of times a record's ttl is extended by 30s to be served stale # serve_stale_extensions: 0 ##### Number of shards in the record cache # shards: 1024 ##### Sequence of ZoneToCache entries # zonetocaches: [] ######### SECTION recursor ######### recursor: ##### Allow queries for trustanchor.server CH TXT and negativetrustanchor.server CH TXT # allow_trust_anchor_query: false ##### # allowed_additional_qtypes: [] ##### Answer ANY queries with tc=1, shunting to TCP # any_to_tcp: false ##### Zones for which we have authoritative data, comma separated domain=file pairs # auth_zones: [] ##### switch to chroot jail # chroot: '' ##### Location of configuration directory (recursor.conf or recursor.yml) # config_dir: /etc/powerdns ##### Name of this virtual configuration - will rename the binary image # config_name: '' ##### Thread to CPU mapping, space separated thread-id=cpu1,cpu2..cpuN pairs # cpu_map: '' ##### Operate as a daemon # daemon: false ##### internal use only # devonly_regression_test_mode: false ##### DNS64 prefix # dns64_prefix: '' ##### Path to 'hosts' file # etc_hosts_file: /etc/hosts ##### If set, event traces are collected and send out via protobuf logging (1), logfile (2) or both(3) # event_trace_enabled: 0 ##### If we should serve up contents from /etc/hosts # export_etc_hosts: false ##### Also serve up the contents of /etc/hosts with this suffix # export_etc_hosts_search_suffix: '' ##### If set, send an EDNS Extended Error extension on resolution failures, like DNSSEC validation errors # extended_resolution_errors: true ##### Zones for which we forward queries, comma separated domain=ip pairs # forward_zones: [] ##### File with (+)domain=ip pairs for forwarding # forward_zones_file: '' ##### Zones for which we forward queries with recursion bit, comma separated domain=ip pairs # forward_zones_recurse: [] ##### If set, load root hints from this file # hint_file: '' ##### Configuration settings to ignore if they are unknown # ignore_unknown_settings: [] ##### Include *.conf files from this directory # include_dir: '' ##### Number of latency values to calculate the qa-latency average # latency_statistic_size: 10000 ##### More powerful configuration options # lua_config_file: '' ##### Filename containing an optional Lua script that will be used to modify dns answers # lua_dns_script: '' ##### Number of seconds between calls to the lua user defined maintenance() function # lua_maintenance_interval: 1 ##### maximum number of queries that can be chained to an outgoing request, 0 is no limit # max_chain_length: 0 ##### Maximum number CNAME records followed # max_cnames_followed: 10 ##### Maximum number of $GENERATE steps when loading a zone from a file # max_generate_steps: 0 ##### Maximum nested $INCLUDE depth when loading a zone from a file # max_include_depth: 20 ##### Maximum number of simultaneous Mtasker threads # max_mthreads: 2048 ##### Maximum number of internal recursion calls per query, 0 for unlimited # max_recursion_depth: 16 ##### Maximum total wall-clock time per query in milliseconds, 0 for unlimited # max_total_msec: 7000 ##### The minimum TTL # minimum_ttl_override: 1 ##### When an NXDOMAIN exists in cache for a name with fewer labels than the qname, send NXDOMAIN without doing a lookup (see RFC 8020) # nothing_below_nxdomain: dnssec ##### Path to the Public Suffix List file, if any # public_suffix_list_file: '' ##### RFC9156 max minimize count # qname_max_minimize_count: 10 ##### Use Query Name Minimization # qname_minimization: true ##### RFC9156 minimize one label parameter # qname_minimize_one_label: 4 ##### If set, believe that an NXDOMAIN from the root means the TLD does not exist # root_nx_trust: true ##### Sequence of RPZ entries # rpzs: [] ##### Save parent NS set to be used if child NS set fails # save_parent_ns_set: true ##### Domain name from which to query security update notifications # security_poll_suffix: secpoll.powerdns.com. ##### If we should be authoritative for RFC 1918 private IP space # serve_rfc1918: true ##### Returned when queried for 'id.server' TXT or NSID, defaults to hostname, set custom or 'disabled' # server_id: '*runtime determined*' ##### If set, change group id to this gid for more security # setgid: '' ##### If set, change user id to this uid for more security # setuid: '' ##### Where the controlsocket will live, /var/run/pdns-recursor when unset and not chrooted # socket_dir: '' ##### Group of socket # socket_group: '' ##### Permissions for socket # socket_mode: '' ##### Owner of socket # socket_owner: '' ##### Sequence of sort lists # sortlists: [] ##### If non-zero, assume spoofing after this many near misses # spoof_nearmiss_max: 1 ##### Size of the stack cache, per mthread # stack_cache_size: 100 ##### stack size per mthread # stack_size: 200000 ##### List of statistics that are disabled when retrieving the complete list of statistics via the API # stats_api_disabled_list: # - cache-bytes # - packetcache-bytes # - special-memory-usage # - ecs-v4-response-bits-1 # - ecs-v4-response-bits-2 # - ecs-v4-response-bits-3 # - ecs-v4-response-bits-4 # - ecs-v4-response-bits-5 # - ecs-v4-response-bits-6 # - ecs-v4-response-bits-7 # - ecs-v4-response-bits-8 # - ecs-v4-response-bits-9 # - ecs-v4-response-bits-10 # - ecs-v4-response-bits-11 # - ecs-v4-response-bits-12 # - ecs-v4-response-bits-13 # - ecs-v4-response-bits-14 # - ecs-v4-response-bits-15 # - ecs-v4-response-bits-16 # - ecs-v4-response-bits-17 # - ecs-v4-response-bits-18 # - ecs-v4-response-bits-19 # - ecs-v4-response-bits-20 # - ecs-v4-response-bits-21 # - ecs-v4-response-bits-22 # - ecs-v4-response-bits-23 # - ecs-v4-response-bits-24 # - ecs-v4-response-bits-25 # - ecs-v4-response-bits-26 # - ecs-v4-response-bits-27 # - ecs-v4-response-bits-28 # - ecs-v4-response-bits-29 # - ecs-v4-response-bits-30 # - ecs-v4-response-bits-31 # - ecs-v4-response-bits-32 # - ecs-v6-response-bits-1 # - ecs-v6-response-bits-2 # - ecs-v6-response-bits-3 # - ecs-v6-response-bits-4 # - ecs-v6-response-bits-5 # - ecs-v6-response-bits-6 # - ecs-v6-response-bits-7 # - ecs-v6-response-bits-8 # - ecs-v6-response-bits-9 # - ecs-v6-response-bits-10 # - ecs-v6-response-bits-11 # - ecs-v6-response-bits-12 # - ecs-v6-response-bits-13 # - ecs-v6-response-bits-14 # - ecs-v6-response-bits-15 # - ecs-v6-response-bits-16 # - ecs-v6-response-bits-17 # - ecs-v6-response-bits-18 # - ecs-v6-response-bits-19 # - ecs-v6-response-bits-20 # - ecs-v6-response-bits-21 # - ecs-v6-response-bits-22 # - ecs-v6-response-bits-23 # - ecs-v6-response-bits-24 # - ecs-v6-response-bits-25 # - ecs-v6-response-bits-26 # - ecs-v6-response-bits-27 # - ecs-v6-response-bits-28 # - ecs-v6-response-bits-29 # - ecs-v6-response-bits-30 # - ecs-v6-response-bits-31 # - ecs-v6-response-bits-32 # - ecs-v6-response-bits-33 # - ecs-v6-response-bits-34 # - ecs-v6-response-bits-35 # - ecs-v6-response-bits-36 # - ecs-v6-response-bits-37 # - ecs-v6-response-bits-38 # - ecs-v6-response-bits-39 # - ecs-v6-response-bits-40 # - ecs-v6-response-bits-41 # - ecs-v6-response-bits-42 # - ecs-v6-response-bits-43 # - ecs-v6-response-bits-44 # - ecs-v6-response-bits-45 # - ecs-v6-response-bits-46 # - ecs-v6-response-bits-47 # - ecs-v6-response-bits-48 # - ecs-v6-response-bits-49 # - ecs-v6-response-bits-50 # - ecs-v6-response-bits-51 # - ecs-v6-response-bits-52 # - ecs-v6-response-bits-53 # - ecs-v6-response-bits-54 # - ecs-v6-response-bits-55 # - ecs-v6-response-bits-56 # - ecs-v6-response-bits-57 # - ecs-v6-response-bits-58 # - ecs-v6-response-bits-59 # - ecs-v6-response-bits-60 # - ecs-v6-response-bits-61 # - ecs-v6-response-bits-62 # - ecs-v6-response-bits-63 # - ecs-v6-response-bits-64 # - ecs-v6-response-bits-65 # - ecs-v6-response-bits-66 # - ecs-v6-response-bits-67 # - ecs-v6-response-bits-68 # - ecs-v6-response-bits-69 # - ecs-v6-response-bits-70 # - ecs-v6-response-bits-71 # - ecs-v6-response-bits-72 # - ecs-v6-response-bits-73 # - ecs-v6-response-bits-74 # - ecs-v6-response-bits-75 # - ecs-v6-response-bits-76 # - ecs-v6-response-bits-77 # - ecs-v6-response-bits-78 # - ecs-v6-response-bits-79 # - ecs-v6-response-bits-80 # - ecs-v6-response-bits-81 # - ecs-v6-response-bits-82 # - ecs-v6-response-bits-83 # - ecs-v6-response-bits-84 # - ecs-v6-response-bits-85 # - ecs-v6-response-bits-86 # - ecs-v6-response-bits-87 # - ecs-v6-response-bits-88 # - ecs-v6-response-bits-89 # - ecs-v6-response-bits-90 # - ecs-v6-response-bits-91 # - ecs-v6-response-bits-92 # - ecs-v6-response-bits-93 # - ecs-v6-response-bits-94 # - ecs-v6-response-bits-95 # - ecs-v6-response-bits-96 # - ecs-v6-response-bits-97 # - ecs-v6-response-bits-98 # - ecs-v6-response-bits-99 # - ecs-v6-response-bits-100 # - ecs-v6-response-bits-101 # - ecs-v6-response-bits-102 # - ecs-v6-response-bits-103 # - ecs-v6-response-bits-104 # - ecs-v6-response-bits-105 # - ecs-v6-response-bits-106 # - ecs-v6-response-bits-107 # - ecs-v6-response-bits-108 # - ecs-v6-response-bits-109 # - ecs-v6-response-bits-110 # - ecs-v6-response-bits-111 # - ecs-v6-response-bits-112 # - ecs-v6-response-bits-113 # - ecs-v6-response-bits-114 # - ecs-v6-response-bits-115 # - ecs-v6-response-bits-116 # - ecs-v6-response-bits-117 # - ecs-v6-response-bits-118 # - ecs-v6-response-bits-119 # - ecs-v6-response-bits-120 # - ecs-v6-response-bits-121 # - ecs-v6-response-bits-122 # - ecs-v6-response-bits-123 # - ecs-v6-response-bits-124 # - ecs-v6-response-bits-125 # - ecs-v6-response-bits-126 # - ecs-v6-response-bits-127 # - ecs-v6-response-bits-128 ##### List of statistics that are prevented from being exported via Carbon # stats_carbon_disabled_list: # - cache-bytes # - packetcache-bytes # - special-memory-usage # - ecs-v4-response-bits-1 # - ecs-v4-response-bits-2 # - ecs-v4-response-bits-3 # - ecs-v4-response-bits-4 # - ecs-v4-response-bits-5 # - ecs-v4-response-bits-6 # - ecs-v4-response-bits-7 # - ecs-v4-response-bits-8 # - ecs-v4-response-bits-9 # - ecs-v4-response-bits-10 # - ecs-v4-response-bits-11 # - ecs-v4-response-bits-12 # - ecs-v4-response-bits-13 # - ecs-v4-response-bits-14 # - ecs-v4-response-bits-15 # - ecs-v4-response-bits-16 # - ecs-v4-response-bits-17 # - ecs-v4-response-bits-18 # - ecs-v4-response-bits-19 # - ecs-v4-response-bits-20 # - ecs-v4-response-bits-21 # - ecs-v4-response-bits-22 # - ecs-v4-response-bits-23 # - ecs-v4-response-bits-24 # - ecs-v4-response-bits-25 # - ecs-v4-response-bits-26 # - ecs-v4-response-bits-27 # - ecs-v4-response-bits-28 # - ecs-v4-response-bits-29 # - ecs-v4-response-bits-30 # - ecs-v4-response-bits-31 # - ecs-v4-response-bits-32 # - ecs-v6-response-bits-1 # - ecs-v6-response-bits-2 # - ecs-v6-response-bits-3 # - ecs-v6-response-bits-4 # - ecs-v6-response-bits-5 # - ecs-v6-response-bits-6 # - ecs-v6-response-bits-7 # - ecs-v6-response-bits-8 # - ecs-v6-response-bits-9 # - ecs-v6-response-bits-10 # - ecs-v6-response-bits-11 # - ecs-v6-response-bits-12 # - ecs-v6-response-bits-13 # - ecs-v6-response-bits-14 # - ecs-v6-response-bits-15 # - ecs-v6-response-bits-16 # - ecs-v6-response-bits-17 # - ecs-v6-response-bits-18 # - ecs-v6-response-bits-19 # - ecs-v6-response-bits-20 # - ecs-v6-response-bits-21 # - ecs-v6-response-bits-22 # - ecs-v6-response-bits-23 # - ecs-v6-response-bits-24 # - ecs-v6-response-bits-25 # - ecs-v6-response-bits-26 # - ecs-v6-response-bits-27 # - ecs-v6-response-bits-28 # - ecs-v6-response-bits-29 # - ecs-v6-response-bits-30 # - ecs-v6-response-bits-31 # - ecs-v6-response-bits-32 # - ecs-v6-response-bits-33 # - ecs-v6-response-bits-34 # - ecs-v6-response-bits-35 # - ecs-v6-response-bits-36 # - ecs-v6-response-bits-37 # - ecs-v6-response-bits-38 # - ecs-v6-response-bits-39 # - ecs-v6-response-bits-40 # - ecs-v6-response-bits-41 # - ecs-v6-response-bits-42 # - ecs-v6-response-bits-43 # - ecs-v6-response-bits-44 # - ecs-v6-response-bits-45 # - ecs-v6-response-bits-46 # - ecs-v6-response-bits-47 # - ecs-v6-response-bits-48 # - ecs-v6-response-bits-49 # - ecs-v6-response-bits-50 # - ecs-v6-response-bits-51 # - ecs-v6-response-bits-52 # - ecs-v6-response-bits-53 # - ecs-v6-response-bits-54 # - ecs-v6-response-bits-55 # - ecs-v6-response-bits-56 # - ecs-v6-response-bits-57 # - ecs-v6-response-bits-58 # - ecs-v6-response-bits-59 # - ecs-v6-response-bits-60 # - ecs-v6-response-bits-61 # - ecs-v6-response-bits-62 # - ecs-v6-response-bits-63 # - ecs-v6-response-bits-64 # - ecs-v6-response-bits-65 # - ecs-v6-response-bits-66 # - ecs-v6-response-bits-67 # - ecs-v6-response-bits-68 # - ecs-v6-response-bits-69 # - ecs-v6-response-bits-70 # - ecs-v6-response-bits-71 # - ecs-v6-response-bits-72 # - ecs-v6-response-bits-73 # - ecs-v6-response-bits-74 # - ecs-v6-response-bits-75 # - ecs-v6-response-bits-76 # - ecs-v6-response-bits-77 # - ecs-v6-response-bits-78 # - ecs-v6-response-bits-79 # - ecs-v6-response-bits-80 # - ecs-v6-response-bits-81 # - ecs-v6-response-bits-82 # - ecs-v6-response-bits-83 # - ecs-v6-response-bits-84 # - ecs-v6-response-bits-85 # - ecs-v6-response-bits-86 # - ecs-v6-response-bits-87 # - ecs-v6-response-bits-88 # - ecs-v6-response-bits-89 # - ecs-v6-response-bits-90 # - ecs-v6-response-bits-91 # - ecs-v6-response-bits-92 # - ecs-v6-response-bits-93 # - ecs-v6-response-bits-94 # - ecs-v6-response-bits-95 # - ecs-v6-response-bits-96 # - ecs-v6-response-bits-97 # - ecs-v6-response-bits-98 # - ecs-v6-response-bits-99 # - ecs-v6-response-bits-100 # - ecs-v6-response-bits-101 # - ecs-v6-response-bits-102 # - ecs-v6-response-bits-103 # - ecs-v6-response-bits-104 # - ecs-v6-response-bits-105 # - ecs-v6-response-bits-106 # - ecs-v6-response-bits-107 # - ecs-v6-response-bits-108 # - ecs-v6-response-bits-109 # - ecs-v6-response-bits-110 # - ecs-v6-response-bits-111 # - ecs-v6-response-bits-112 # - ecs-v6-response-bits-113 # - ecs-v6-response-bits-114 # - ecs-v6-response-bits-115 # - ecs-v6-response-bits-116 # - ecs-v6-response-bits-117 # - ecs-v6-response-bits-118 # - ecs-v6-response-bits-119 # - ecs-v6-response-bits-120 # - ecs-v6-response-bits-121 # - ecs-v6-response-bits-122 # - ecs-v6-response-bits-123 # - ecs-v6-response-bits-124 # - ecs-v6-response-bits-125 # - ecs-v6-response-bits-126 # - ecs-v6-response-bits-127 # - ecs-v6-response-bits-128 # - cumul-clientanswers # - cumul-authanswers # - policy-hits # - proxy-mapping-total # - remote-logger-count ##### List of statistics that are prevented from being exported via rec_control get-all # stats_rec_control_disabled_list: # - cache-bytes # - packetcache-bytes # - special-memory-usage # - ecs-v4-response-bits-1 # - ecs-v4-response-bits-2 # - ecs-v4-response-bits-3 # - ecs-v4-response-bits-4 # - ecs-v4-response-bits-5 # - ecs-v4-response-bits-6 # - ecs-v4-response-bits-7 # - ecs-v4-response-bits-8 # - ecs-v4-response-bits-9 # - ecs-v4-response-bits-10 # - ecs-v4-response-bits-11 # - ecs-v4-response-bits-12 # - ecs-v4-response-bits-13 # - ecs-v4-response-bits-14 # - ecs-v4-response-bits-15 # - ecs-v4-response-bits-16 # - ecs-v4-response-bits-17 # - ecs-v4-response-bits-18 # - ecs-v4-response-bits-19 # - ecs-v4-response-bits-20 # - ecs-v4-response-bits-21 # - ecs-v4-response-bits-22 # - ecs-v4-response-bits-23 # - ecs-v4-response-bits-24 # - ecs-v4-response-bits-25 # - ecs-v4-response-bits-26 # - ecs-v4-response-bits-27 # - ecs-v4-response-bits-28 # - ecs-v4-response-bits-29 # - ecs-v4-response-bits-30 # - ecs-v4-response-bits-31 # - ecs-v4-response-bits-32 # - ecs-v6-response-bits-1 # - ecs-v6-response-bits-2 # - ecs-v6-response-bits-3 # - ecs-v6-response-bits-4 # - ecs-v6-response-bits-5 # - ecs-v6-response-bits-6 # - ecs-v6-response-bits-7 # - ecs-v6-response-bits-8 # - ecs-v6-response-bits-9 # - ecs-v6-response-bits-10 # - ecs-v6-response-bits-11 # - ecs-v6-response-bits-12 # - ecs-v6-response-bits-13 # - ecs-v6-response-bits-14 # - ecs-v6-response-bits-15 # - ecs-v6-response-bits-16 # - ecs-v6-response-bits-17 # - ecs-v6-response-bits-18 # - ecs-v6-response-bits-19 # - ecs-v6-response-bits-20 # - ecs-v6-response-bits-21 # - ecs-v6-response-bits-22 # - ecs-v6-response-bits-23 # - ecs-v6-response-bits-24 # - ecs-v6-response-bits-25 # - ecs-v6-response-bits-26 # - ecs-v6-response-bits-27 # - ecs-v6-response-bits-28 # - ecs-v6-response-bits-29 # - ecs-v6-response-bits-30 # - ecs-v6-response-bits-31 # - ecs-v6-response-bits-32 # - ecs-v6-response-bits-33 # - ecs-v6-response-bits-34 # - ecs-v6-response-bits-35 # - ecs-v6-response-bits-36 # - ecs-v6-response-bits-37 # - ecs-v6-response-bits-38 # - ecs-v6-response-bits-39 # - ecs-v6-response-bits-40 # - ecs-v6-response-bits-41 # - ecs-v6-response-bits-42 # - ecs-v6-response-bits-43 # - ecs-v6-response-bits-44 # - ecs-v6-response-bits-45 # - ecs-v6-response-bits-46 # - ecs-v6-response-bits-47 # - ecs-v6-response-bits-48 # - ecs-v6-response-bits-49 # - ecs-v6-response-bits-50 # - ecs-v6-response-bits-51 # - ecs-v6-response-bits-52 # - ecs-v6-response-bits-53 # - ecs-v6-response-bits-54 # - ecs-v6-response-bits-55 # - ecs-v6-response-bits-56 # - ecs-v6-response-bits-57 # - ecs-v6-response-bits-58 # - ecs-v6-response-bits-59 # - ecs-v6-response-bits-60 # - ecs-v6-response-bits-61 # - ecs-v6-response-bits-62 # - ecs-v6-response-bits-63 # - ecs-v6-response-bits-64 # - ecs-v6-response-bits-65 # - ecs-v6-response-bits-66 # - ecs-v6-response-bits-67 # - ecs-v6-response-bits-68 # - ecs-v6-response-bits-69 # - ecs-v6-response-bits-70 # - ecs-v6-response-bits-71 # - ecs-v6-response-bits-72 # - ecs-v6-response-bits-73 # - ecs-v6-response-bits-74 # - ecs-v6-response-bits-75 # - ecs-v6-response-bits-76 # - ecs-v6-response-bits-77 # - ecs-v6-response-bits-78 # - ecs-v6-response-bits-79 # - ecs-v6-response-bits-80 # - ecs-v6-response-bits-81 # - ecs-v6-response-bits-82 # - ecs-v6-response-bits-83 # - ecs-v6-response-bits-84 # - ecs-v6-response-bits-85 # - ecs-v6-response-bits-86 # - ecs-v6-response-bits-87 # - ecs-v6-response-bits-88 # - ecs-v6-response-bits-89 # - ecs-v6-response-bits-90 # - ecs-v6-response-bits-91 # - ecs-v6-response-bits-92 # - ecs-v6-response-bits-93 # - ecs-v6-response-bits-94 # - ecs-v6-response-bits-95 # - ecs-v6-response-bits-96 # - ecs-v6-response-bits-97 # - ecs-v6-response-bits-98 # - ecs-v6-response-bits-99 # - ecs-v6-response-bits-100 # - ecs-v6-response-bits-101 # - ecs-v6-response-bits-102 # - ecs-v6-response-bits-103 # - ecs-v6-response-bits-104 # - ecs-v6-response-bits-105 # - ecs-v6-response-bits-106 # - ecs-v6-response-bits-107 # - ecs-v6-response-bits-108 # - ecs-v6-response-bits-109 # - ecs-v6-response-bits-110 # - ecs-v6-response-bits-111 # - ecs-v6-response-bits-112 # - ecs-v6-response-bits-113 # - ecs-v6-response-bits-114 # - ecs-v6-response-bits-115 # - ecs-v6-response-bits-116 # - ecs-v6-response-bits-117 # - ecs-v6-response-bits-118 # - ecs-v6-response-bits-119 # - ecs-v6-response-bits-120 # - ecs-v6-response-bits-121 # - ecs-v6-response-bits-122 # - ecs-v6-response-bits-123 # - ecs-v6-response-bits-124 # - ecs-v6-response-bits-125 # - ecs-v6-response-bits-126 # - ecs-v6-response-bits-127 # - ecs-v6-response-bits-128 # - cumul-clientanswers # - cumul-authanswers # - policy-hits # - proxy-mapping-total # - remote-logger-count ##### maximum number of packets to store statistics for # stats_ringbuffer_entries: 10000 ##### List of statistics that are prevented from being exported via SNMP # stats_snmp_disabled_list: # - cache-bytes # - packetcache-bytes # - special-memory-usage # - ecs-v4-response-bits-1 # - ecs-v4-response-bits-2 # - ecs-v4-response-bits-3 # - ecs-v4-response-bits-4 # - ecs-v4-response-bits-5 # - ecs-v4-response-bits-6 # - ecs-v4-response-bits-7 # - ecs-v4-response-bits-8 # - ecs-v4-response-bits-9 # - ecs-v4-response-bits-10 # - ecs-v4-response-bits-11 # - ecs-v4-response-bits-12 # - ecs-v4-response-bits-13 # - ecs-v4-response-bits-14 # - ecs-v4-response-bits-15 # - ecs-v4-response-bits-16 # - ecs-v4-response-bits-17 # - ecs-v4-response-bits-18 # - ecs-v4-response-bits-19 # - ecs-v4-response-bits-20 # - ecs-v4-response-bits-21 # - ecs-v4-response-bits-22 # - ecs-v4-response-bits-23 # - ecs-v4-response-bits-24 # - ecs-v4-response-bits-25 # - ecs-v4-response-bits-26 # - ecs-v4-response-bits-27 # - ecs-v4-response-bits-28 # - ecs-v4-response-bits-29 # - ecs-v4-response-bits-30 # - ecs-v4-response-bits-31 # - ecs-v4-response-bits-32 # - ecs-v6-response-bits-1 # - ecs-v6-response-bits-2 # - ecs-v6-response-bits-3 # - ecs-v6-response-bits-4 # - ecs-v6-response-bits-5 # - ecs-v6-response-bits-6 # - ecs-v6-response-bits-7 # - ecs-v6-response-bits-8 # - ecs-v6-response-bits-9 # - ecs-v6-response-bits-10 # - ecs-v6-response-bits-11 # - ecs-v6-response-bits-12 # - ecs-v6-response-bits-13 # - ecs-v6-response-bits-14 # - ecs-v6-response-bits-15 # - ecs-v6-response-bits-16 # - ecs-v6-response-bits-17 # - ecs-v6-response-bits-18 # - ecs-v6-response-bits-19 # - ecs-v6-response-bits-20 # - ecs-v6-response-bits-21 # - ecs-v6-response-bits-22 # - ecs-v6-response-bits-23 # - ecs-v6-response-bits-24 # - ecs-v6-response-bits-25 # - ecs-v6-response-bits-26 # - ecs-v6-response-bits-27 # - ecs-v6-response-bits-28 # - ecs-v6-response-bits-29 # - ecs-v6-response-bits-30 # - ecs-v6-response-bits-31 # - ecs-v6-response-bits-32 # - ecs-v6-response-bits-33 # - ecs-v6-response-bits-34 # - ecs-v6-response-bits-35 # - ecs-v6-response-bits-36 # - ecs-v6-response-bits-37 # - ecs-v6-response-bits-38 # - ecs-v6-response-bits-39 # - ecs-v6-response-bits-40 # - ecs-v6-response-bits-41 # - ecs-v6-response-bits-42 # - ecs-v6-response-bits-43 # - ecs-v6-response-bits-44 # - ecs-v6-response-bits-45 # - ecs-v6-response-bits-46 # - ecs-v6-response-bits-47 # - ecs-v6-response-bits-48 # - ecs-v6-response-bits-49 # - ecs-v6-response-bits-50 # - ecs-v6-response-bits-51 # - ecs-v6-response-bits-52 # - ecs-v6-response-bits-53 # - ecs-v6-response-bits-54 # - ecs-v6-response-bits-55 # - ecs-v6-response-bits-56 # - ecs-v6-response-bits-57 # - ecs-v6-response-bits-58 # - ecs-v6-response-bits-59 # - ecs-v6-response-bits-60 # - ecs-v6-response-bits-61 # - ecs-v6-response-bits-62 # - ecs-v6-response-bits-63 # - ecs-v6-response-bits-64 # - ecs-v6-response-bits-65 # - ecs-v6-response-bits-66 # - ecs-v6-response-bits-67 # - ecs-v6-response-bits-68 # - ecs-v6-response-bits-69 # - ecs-v6-response-bits-70 # - ecs-v6-response-bits-71 # - ecs-v6-response-bits-72 # - ecs-v6-response-bits-73 # - ecs-v6-response-bits-74 # - ecs-v6-response-bits-75 # - ecs-v6-response-bits-76 # - ecs-v6-response-bits-77 # - ecs-v6-response-bits-78 # - ecs-v6-response-bits-79 # - ecs-v6-response-bits-80 # - ecs-v6-response-bits-81 # - ecs-v6-response-bits-82 # - ecs-v6-response-bits-83 # - ecs-v6-response-bits-84 # - ecs-v6-response-bits-85 # - ecs-v6-response-bits-86 # - ecs-v6-response-bits-87 # - ecs-v6-response-bits-88 # - ecs-v6-response-bits-89 # - ecs-v6-response-bits-90 # - ecs-v6-response-bits-91 # - ecs-v6-response-bits-92 # - ecs-v6-response-bits-93 # - ecs-v6-response-bits-94 # - ecs-v6-response-bits-95 # - ecs-v6-response-bits-96 # - ecs-v6-response-bits-97 # - ecs-v6-response-bits-98 # - ecs-v6-response-bits-99 # - ecs-v6-response-bits-100 # - ecs-v6-response-bits-101 # - ecs-v6-response-bits-102 # - ecs-v6-response-bits-103 # - ecs-v6-response-bits-104 # - ecs-v6-response-bits-105 # - ecs-v6-response-bits-106 # - ecs-v6-response-bits-107 # - ecs-v6-response-bits-108 # - ecs-v6-response-bits-109 # - ecs-v6-response-bits-110 # - ecs-v6-response-bits-111 # - ecs-v6-response-bits-112 # - ecs-v6-response-bits-113 # - ecs-v6-response-bits-114 # - ecs-v6-response-bits-115 # - ecs-v6-response-bits-116 # - ecs-v6-response-bits-117 # - ecs-v6-response-bits-118 # - ecs-v6-response-bits-119 # - ecs-v6-response-bits-120 # - ecs-v6-response-bits-121 # - ecs-v6-response-bits-122 # - ecs-v6-response-bits-123 # - ecs-v6-response-bits-124 # - ecs-v6-response-bits-125 # - ecs-v6-response-bits-126 # - ecs-v6-response-bits-127 # - ecs-v6-response-bits-128 # - cumul-clientanswers # - cumul-authanswers # - policy-hits # - proxy-mapping-total # - remote-logger-count ##### Set interval (in seconds) of the re-resolve checks of system resolver subsystem. # system_resolver_interval: 0 ##### Check for potential self-resolve, default enabled. # system_resolver_self_resolve_check: true ##### Set TTL of system resolver feature, 0 (default) is disabled # system_resolver_ttl: 0 ##### Launch this number of threads listening for and processing TCP queries # tcp_threads: 1 ##### Launch this number of threads # threads: 2 ##### string reported on version.pdns or version.bind # version_string: '*runtime determined*' ##### Write a PID file # write_pid: true ######### SECTION snmp ######### snmp: ##### If set, register as an SNMP agent # agent: false ##### If set and snmp-agent is set, the socket to use to register to the SNMP daemon # daemon_socket: '' ######### SECTION webservice ######### webservice: ##### IP Address of webserver to listen on # address: 127.0.0.1 ##### Webserver access is only allowed from these subnets # allow_from: # - 127.0.0.1 # - ::1 ##### Directory where REST API stores config and zones # api_dir: '' ##### Static pre-shared authentication key for access to the REST API # api_key: '' ##### Whether to hash passwords and api keys supplied in plaintext, to prevent keeping the plaintext version in memory at runtime # hash_plaintext_credentials: false ##### Amount of logging in the webserver (none, normal, detailed) # loglevel: normal ##### Password required for accessing the webserver # password: '' ##### Port of webserver to listen on # port: 8082 ##### Start a webserver (for REST API) # webserver: false