OpenWrt
/
packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
packages/net/pdns-recursor/files/recursor.conf-dist

1189 lines
41 KiB
Plaintext
Raw Permalink Blame History

######### SECTION carbon #########
carbon:
##### If set overwrites the instance name default
# instance: recursor
##### Number of seconds between carbon (graphite) updates
# interval: 30
##### If set overwrites the first part of the carbon string
# ns: pdns
##### If set, overrides our reported hostname for carbon stats
# ourname: ''
##### If set, send metrics in carbon (graphite) format to this server IP address
# server: []
######### SECTION dnssec #########
dnssec:
##### Maximum estimated NSEC3 cost for a given query to consider aggressive use of the NSEC3 cache
# aggressive_cache_max_nsec3_hash_cost: 150
##### The minimum expected hit ratio to store NSEC3 records into the aggressive cache
# aggressive_cache_min_nsec3_hit_ratio: 2000
##### The number of records to cache in the aggressive cache. If set to a value greater than 0, and DNSSEC processing or validation is enabled, the recursor will cache NSEC and NSEC3 records to generate negative answers, as defined in rfc8198
# aggressive_nsec_cache_size: 100000
##### List of DNSSEC algorithm numbers that are considered unsupported
# disabled_algorithms: []
##### Log DNSSEC bogus validations
# log_bogus: false
##### Maximum number of DNSKEYs with the same algorithm and tag to consider when validating a given record
# max_dnskeys: 2
##### Maximum number of DS records to consider per zone
# max_ds_per_zone: 8
##### Maximum number of NSEC3 hashes that we are willing to compute during DNSSEC validation, per incoming query
# max_nsec3_hash_computations_per_query: 600
##### Maximum number of NSEC3s to consider when validating a given denial of existence
# max_nsec3s_per_record: 10
##### Maximum number of RRSIGs to consider when validating a given record
# max_rrsigs_per_record: 2
##### Maximum number of RRSIG signatures we are willing to validate per incoming query
# max_signature_validations_per_query: 30
#####
# negative_trustanchors: []
##### Maximum number of iterations allowed for an NSEC3 record
# nsec3_max_iterations: 50
##### Allow the signature inception to be off by this number of seconds
# signature_inception_skew: 60
##### A path to a zone file containing trust anchors
# trustanchorfile: ''
#####
# trustanchorfile_interval: 24
##### Sequence of trust anchors
# trustanchors: []
##### DNSSEC mode: off/process-no-validate/process (default)/log-fail/validate
# validation: process
##### Collect DNSSEC statistics for names or suffixes in this list in separate x-dnssec counters
# x_dnssec_names: []
######### SECTION ecs #########
ecs:
##### List of client netmasks for which EDNS Client Subnet will be added
# add_for:
# - 0.0.0.0/0
# - ::/0
# - '!127.0.0.0/8'
# - '!10.0.0.0/8'
# - '!100.64.0.0/10'
# - '!169.254.0.0/16'
# - '!192.168.0.0/16'
# - '!172.16.0.0/12'
# - '!::1/128'
# - '!fc00::/7'
# - '!fe80::/10'
##### Minimum TTL to cache ECS response
# cache_limit_ttl: 0
##### Number of bits of IPv4 address to pass for EDNS Client Subnet
# ipv4_bits: 24
##### Maximum number of bits of IPv4 mask to cache ECS response
# ipv4_cache_bits: 24
##### If we should never cache IPv4 ECS responses
# ipv4_never_cache: false
##### Number of bits of IPv6 address to pass for EDNS Client Subnet
# ipv6_bits: 56
##### Maximum number of bits of IPv6 mask to cache ECS response
# ipv6_cache_bits: 56
##### If we should never cache IPv6 ECS responses
# ipv6_never_cache: false
##### The minimum TTL for records in ECS-specific answers
# minimum_ttl_override: 1
##### Address to send to allow-listed authoritative servers for incoming queries with ECS prefix-length source of 0
# scope_zero_address: ''
######### SECTION incoming #########
incoming:
##### If set, only allow these comma separated netmasks to recurse
# allow_from:
# - 127.0.0.0/8
# - 10.0.0.0/8
# - 100.64.0.0/10
# - 169.254.0.0/16
# - 192.168.0.0/16
# - 172.16.0.0/12
# - ::1/128
# - fc00::/7
# - fe80::/10
##### If set, load allowed netmasks from this file
# allow_from_file: ''
##### Allow 'no recursion desired (RD=0)' queries.
# allow_no_rd: false
##### If set, NOTIFY requests for these zones will be allowed
# allow_notify_for: []
##### If set, load NOTIFY-allowed zones from this file
# allow_notify_for_file: ''
##### If set, NOTIFY requests from these comma separated netmasks will be allowed
# allow_notify_from: []
##### If set, load NOTIFY-allowed netmasks from this file
# allow_notify_from_file: ''
##### The load factor used when PowerDNS is distributing queries to worker threads
# distribution_load_factor: 0.0
##### Size in bytes of the internal buffer of the pipe used by the distributor to pass incoming queries to a worker thread
# distribution_pipe_buffer_size: 0
##### Launch this number of distributor threads, distributing queries to other threads
# distributor_threads: 0
##### List of netmasks (proxy IP in case of proxy-protocol presence, client IP otherwise) for which EDNS padding will be enabled in responses, provided that 'edns-padding-mode' applies
# edns_padding_from: []
##### Whether to add EDNS padding to all responses ('always') or only to responses for queries containing the EDNS padding option ('padded-queries-only', the default). In both modes, padding will only be added to responses for queries coming from 'setting-edns-padding-from' sources
# edns_padding_mode: padded-queries-only
##### Packetcache tag associated to responses sent with EDNS padding, to prevent sending these to clients for which padding is not enabled.
# edns_padding_tag: 7830
##### If EDNS Options should be extracted before calling the gettag() hook
# gettag_needs_edns_options: false
##### IP addresses to listen on, separated by spaces or commas. Also accepts ports.
# listen:
# - 127.0.0.1
##### Maximum number of requests handled concurrently per TCP connection
# max_concurrent_requests_per_tcp_connection: 10
##### Maximum number of simultaneous TCP clients
# max_tcp_clients: 128
##### If set, maximum number of TCP sessions per client (IP address)
# max_tcp_per_client: 0
##### If set, maximum number of TCP queries in a TCP connection
# max_tcp_queries_per_connection: 0
##### Maximum number of UDP queries processed per recvmsg() round, before returning back to normal processing
# max_udp_queries_per_round: 10000
##### Enable binding to non-local addresses by using FREEBIND / BINDANY socket options
# non_local_bind: false
##### If PowerDNS itself should distribute queries over threads
# pdns_distributes_queries: false
##### port to listen on
# port: 53
##### A Proxy Protocol header should not be used for these listen addresses.
# proxy_protocol_exceptions: []
##### A Proxy Protocol header is required from these subnets
# proxy_protocol_from: []
##### The maximum size of a proxy protocol payload, including the TLV values
# proxy_protocol_maximum_size: 512
##### Sequence of ProxyMapping
# proxymappings: []
##### Enable SO_REUSEPORT allowing multiple recursors processes to listen to 1 address
# reuseport: true
##### Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size
# tcp_fast_open: 0
##### Timeout in seconds when talking to TCP clients
# tcp_timeout: 2
##### Maximum UDP response size before we truncate
# udp_truncation_threshold: 1232
##### Pass along received EDNS Client Subnet information
# use_incoming_edns_subnet: false
######### SECTION logging #########
logging:
##### If we should log rather common errors
# common_errors: false
##### Disable logging to syslog, useful when running inside a supervisor that logs stderr
# disable_syslog: false
#####
# dnstap_framestream_servers: []
#####
# dnstap_nod_framestream_servers: []
##### Facility to log messages as. 0 corresponds to local0
# facility: ''
##### Amount of logging. Higher is more. Do not set below 3
# loglevel: 6
#####
# outgoing_protobuf_servers: []
#####
# protobuf_servers: []
##### Compute the latency of queries in protobuf messages by using the timestamp set by the kernel when the query was received (when available)
# protobuf_use_kernel_timestamp: false
##### Suppress logging of questions and answers
# quiet: true
##### Log additions and removals to RPZ zones at Info level
# rpz_changes: false
##### Number of seconds between printing of recursor statistics, 0 to disable
# statistics_interval: 1800
##### Prefer structured logging
# structured_logging: true
##### Structured logging backend
# structured_logging_backend: default
##### Print timestamps in log lines, useful to disable when running with a tool that timestamps stderr already
# timestamp: true
##### if we should output heaps of logging. set to 'fail' to only log failing domains
# trace: no
######### SECTION nod #########
nod:
##### Size of the DB used to track new domains in terms of number of cells. Defaults to 67108864
# db_size: 67108864
##### Interval (in seconds) to write the NOD and UDR DB snapshots
# db_snapshot_interval: 600
##### Persist new domain tracking data here to persist between restarts
# history_dir: /var/lib/pdns-recursor/nod
##### List of domains (and implicitly all subdomains) which will never be considered a new domain
# ignore_list: []
##### File with a list of domains (and implicitly all subdomains) which will never be considered a new domain
# ignore_list_file: ''
##### Log newly observed domains.
# log: true
##### Perform a DNS lookup newly observed domains as a subdomain of the configured domain
# lookup: ''
##### If protobuf is configured, the tag to use for messages containing newly observed domains. Defaults to 'pdns-nod'
# pb_tag: pdns-nod
##### Track newly observed domains (i.e. never seen before).
# tracking: false
##### Size of the DB used to track unique responses in terms of number of cells. Defaults to 67108864
# unique_response_db_size: 67108864
##### Persist unique response tracking data here to persist between restarts
# unique_response_history_dir: /var/lib/pdns-recursor/udr
##### List of domains (and implicitly all subdomains) which will never be considered for UDR
# unique_response_ignore_list: []
##### File with list of domains (and implicitly all subdomains) which will never be considered for UDR
# unique_response_ignore_list_file: ''
##### Log unique responses
# unique_response_log: true
##### If protobuf is configured, the tag to use for messages containing unique DNS responses. Defaults to 'pdns-udr'
# unique_response_pb_tag: pdns-udr
##### Track unique responses (tuple of query name, type and RR).
# unique_response_tracking: false
######### SECTION outgoing #########
outgoing:
##### Determines the probability of a server marked down to be used anyway
# bypass_server_throttling_probability: 25
##### If set, do not query these netmasks for DNS data
# dont_query:
# - 127.0.0.0/8
# - 10.0.0.0/8
# - 100.64.0.0/10
# - 169.254.0.0/16
# - 192.168.0.0/16
# - 172.16.0.0/12
# - ::1/128
# - fc00::/7
# - fe80::/10
# - 0.0.0.0/8
# - 192.0.0.0/24
# - 192.0.2.0/24
# - 198.51.100.0/24
# - 203.0.113.0/24
# - 240.0.0.0/4
# - ::/96
# - ::ffff:0:0/96
# - 100::/64
# - 2001:db8::/32
##### Do not throttle nameservers with this name or suffix
# dont_throttle_names: []
##### Do not throttle nameservers with this IP netmask
# dont_throttle_netmasks: []
##### Use DoT to authoritative servers with these names or suffixes
# dot_to_auth_names: []
##### Force DoT connection to target port 853 if DoT compiled in
# dot_to_port_853: true
##### Outgoing EDNS buffer size
# edns_bufsize: 1232
##### Whether to add EDNS padding to outgoing DoT messages
# edns_padding: true
##### List of netmasks and domains that we should enable EDNS subnet for
# edns_subnet_allow_list: []
##### Force outgoing questions to lowercase
# lowercase: false
##### Maximum number of concurrent DoT probes
# max_busy_dot_probes: 0
##### Maximum outgoing NS address queries per query
# max_ns_address_qperq: 10
##### Maximum number of NS records to consider to resolve a name, 0 is no limit
# max_ns_per_resolve: 13
##### Maximum outgoing queries per query
# max_qperq: 50
##### Wait this number of milliseconds for network i/o
# network_timeout: 1500
##### Number of failed address resolves of a nameserver to start throttling it, 0 is disabled
# non_resolving_ns_max_fails: 5
##### Number of seconds to throttle a nameserver with a name failing to resolve
# non_resolving_ns_throttle_time: 60
##### Maximum number of consecutive timeouts (and unreachables) to mark a server as down ( 0 => disabled )
# server_down_max_fails: 64
##### Number of seconds to throttle all queries to a server after being marked as down
# server_down_throttle_time: 60
##### If set, only use a single socket for outgoing queries
# single_socket: false
##### Source IP address for sending queries
# source_address:
# - 0.0.0.0
##### Enable TCP Fast Open support on outgoing sockets
# tcp_fast_open_connect: false
##### Time TCP/DoT connections are left idle in milliseconds or 0 if no limit
# tcp_max_idle_ms: 10000
##### Maximum number of idle TCP/DoT connections to a specific IP per thread, 0 means do not keep idle connections open
# tcp_max_idle_per_auth: 10
##### Maximum number of idle TCP/DoT connections per thread
# tcp_max_idle_per_thread: 100
##### Maximum total number of queries per TCP/DoT connection, 0 means no limit
# tcp_max_queries: 0
##### List of comma separated UDP port number to avoid
# udp_source_port_avoid:
# - '11211'
##### Maximum UDP port to bind on
# udp_source_port_max: 65535
##### Minimum UDP port to bind on
# udp_source_port_min: 1024
######### SECTION packetcache #########
packetcache:
##### Disable packetcache
# disable: false
##### maximum number of entries to keep in the packetcache
# max_entries: 500000
##### maximum number of seconds to keep a cached NxDomain or NoData entry in packetcache
# negative_ttl: 60
##### maximum number of seconds to keep a cached servfail entry in packetcache
# servfail_ttl: 60
##### Number of shards in the packet cache
# shards: 1024
##### maximum number of seconds to keep a cached entry in packetcache
# ttl: 86400
######### SECTION recordcache #########
recordcache:
##### Replace records in record cache only after this % of original TTL has passed
# locked_ttl_perc: 0
##### maximum number of seconds to keep a Bogus (positive or negative) cached entry in memory
# max_cache_bogus_ttl: 3600
##### If set, maximum number of entries in the main cache
# max_entries: 1000000
##### maximum number of seconds to keep a negative cached entry in memory
# max_negative_ttl: 3600
##### maximum number of seconds to keep a cached entry in memory
# max_ttl: 86400
##### If a record is requested from the cache and only this % of original TTL remains, refetch
# refresh_on_ttl_perc: 0
##### Number of times a record's ttl is extended by 30s to be served stale
# serve_stale_extensions: 0
##### Number of shards in the record cache
# shards: 1024
##### Sequence of ZoneToCache entries
# zonetocaches: []
######### SECTION recursor #########
recursor:
##### Allow queries for trustanchor.server CH TXT and negativetrustanchor.server CH TXT
# allow_trust_anchor_query: false
#####
# allowed_additional_qtypes: []
##### Answer ANY queries with tc=1, shunting to TCP
# any_to_tcp: false
##### Zones for which we have authoritative data, comma separated domain=file pairs
# auth_zones: []
##### switch to chroot jail
# chroot: ''
##### Location of configuration directory (recursor.conf or recursor.yml)
# config_dir: /etc/powerdns
##### Name of this virtual configuration - will rename the binary image
# config_name: ''
##### Thread to CPU mapping, space separated thread-id=cpu1,cpu2..cpuN pairs
# cpu_map: ''
##### Operate as a daemon
# daemon: false
##### internal use only
# devonly_regression_test_mode: false
##### DNS64 prefix
# dns64_prefix: ''
##### Path to 'hosts' file
# etc_hosts_file: /etc/hosts
##### If set, event traces are collected and send out via protobuf logging (1), logfile (2) or both(3)
# event_trace_enabled: 0
##### If we should serve up contents from /etc/hosts
# export_etc_hosts: false
##### Also serve up the contents of /etc/hosts with this suffix
# export_etc_hosts_search_suffix: ''
##### If set, send an EDNS Extended Error extension on resolution failures, like DNSSEC validation errors
# extended_resolution_errors: true
##### Zones for which we forward queries, comma separated domain=ip pairs
# forward_zones: []
##### File with (+)domain=ip pairs for forwarding
# forward_zones_file: ''
##### Zones for which we forward queries with recursion bit, comma separated domain=ip pairs
# forward_zones_recurse: []
##### If set, load root hints from this file
# hint_file: ''
##### Configuration settings to ignore if they are unknown
# ignore_unknown_settings: []
##### Include *.conf files from this directory
# include_dir: ''
##### Number of latency values to calculate the qa-latency average
# latency_statistic_size: 10000
##### More powerful configuration options
# lua_config_file: ''
##### Filename containing an optional Lua script that will be used to modify dns answers
# lua_dns_script: ''
##### Number of seconds between calls to the lua user defined maintenance() function
# lua_maintenance_interval: 1
##### maximum number of queries that can be chained to an outgoing request, 0 is no limit
# max_chain_length: 0
##### Maximum number CNAME records followed
# max_cnames_followed: 10
##### Maximum number of $GENERATE steps when loading a zone from a file
# max_generate_steps: 0
##### Maximum nested $INCLUDE depth when loading a zone from a file
# max_include_depth: 20
##### Maximum number of simultaneous Mtasker threads
# max_mthreads: 2048
##### Maximum number of internal recursion calls per query, 0 for unlimited
# max_recursion_depth: 16
##### Maximum total wall-clock time per query in milliseconds, 0 for unlimited
# max_total_msec: 7000
##### The minimum TTL
# minimum_ttl_override: 1
##### When an NXDOMAIN exists in cache for a name with fewer labels than the qname, send NXDOMAIN without doing a lookup (see RFC 8020)
# nothing_below_nxdomain: dnssec
##### Path to the Public Suffix List file, if any
# public_suffix_list_file: ''
##### RFC9156 max minimize count
# qname_max_minimize_count: 10
##### Use Query Name Minimization
# qname_minimization: true
##### RFC9156 minimize one label parameter
# qname_minimize_one_label: 4
##### If set, believe that an NXDOMAIN from the root means the TLD does not exist
# root_nx_trust: true
##### Sequence of RPZ entries
# rpzs: []
##### Save parent NS set to be used if child NS set fails
# save_parent_ns_set: true
##### Domain name from which to query security update notifications
# security_poll_suffix: secpoll.powerdns.com.
##### If we should be authoritative for RFC 1918 private IP space
# serve_rfc1918: true
##### Returned when queried for 'id.server' TXT or NSID, defaults to hostname, set custom or 'disabled'
# server_id: '*runtime determined*'
##### If set, change group id to this gid for more security
# setgid: ''
##### If set, change user id to this uid for more security
# setuid: ''
##### Where the controlsocket will live, /var/run/pdns-recursor when unset and not chrooted
# socket_dir: ''
##### Group of socket
# socket_group: ''
##### Permissions for socket
# socket_mode: ''
##### Owner of socket
# socket_owner: ''
##### Sequence of sort lists
# sortlists: []
##### If non-zero, assume spoofing after this many near misses
# spoof_nearmiss_max: 1
##### Size of the stack cache, per mthread
# stack_cache_size: 100
##### stack size per mthread
# stack_size: 200000
##### List of statistics that are disabled when retrieving the complete list of statistics via the API
# stats_api_disabled_list:
# - cache-bytes
# - packetcache-bytes
# - special-memory-usage
# - ecs-v4-response-bits-1
# - ecs-v4-response-bits-2
# - ecs-v4-response-bits-3
# - ecs-v4-response-bits-4
# - ecs-v4-response-bits-5
# - ecs-v4-response-bits-6
# - ecs-v4-response-bits-7
# - ecs-v4-response-bits-8
# - ecs-v4-response-bits-9
# - ecs-v4-response-bits-10
# - ecs-v4-response-bits-11
# - ecs-v4-response-bits-12
# - ecs-v4-response-bits-13
# - ecs-v4-response-bits-14
# - ecs-v4-response-bits-15
# - ecs-v4-response-bits-16
# - ecs-v4-response-bits-17
# - ecs-v4-response-bits-18
# - ecs-v4-response-bits-19
# - ecs-v4-response-bits-20
# - ecs-v4-response-bits-21
# - ecs-v4-response-bits-22
# - ecs-v4-response-bits-23
# - ecs-v4-response-bits-24
# - ecs-v4-response-bits-25
# - ecs-v4-response-bits-26
# - ecs-v4-response-bits-27
# - ecs-v4-response-bits-28
# - ecs-v4-response-bits-29
# - ecs-v4-response-bits-30
# - ecs-v4-response-bits-31
# - ecs-v4-response-bits-32
# - ecs-v6-response-bits-1
# - ecs-v6-response-bits-2
# - ecs-v6-response-bits-3
# - ecs-v6-response-bits-4
# - ecs-v6-response-bits-5
# - ecs-v6-response-bits-6
# - ecs-v6-response-bits-7
# - ecs-v6-response-bits-8
# - ecs-v6-response-bits-9
# - ecs-v6-response-bits-10
# - ecs-v6-response-bits-11
# - ecs-v6-response-bits-12
# - ecs-v6-response-bits-13
# - ecs-v6-response-bits-14
# - ecs-v6-response-bits-15
# - ecs-v6-response-bits-16
# - ecs-v6-response-bits-17
# - ecs-v6-response-bits-18
# - ecs-v6-response-bits-19
# - ecs-v6-response-bits-20
# - ecs-v6-response-bits-21
# - ecs-v6-response-bits-22
# - ecs-v6-response-bits-23
# - ecs-v6-response-bits-24
# - ecs-v6-response-bits-25
# - ecs-v6-response-bits-26
# - ecs-v6-response-bits-27
# - ecs-v6-response-bits-28
# - ecs-v6-response-bits-29
# - ecs-v6-response-bits-30
# - ecs-v6-response-bits-31
# - ecs-v6-response-bits-32
# - ecs-v6-response-bits-33
# - ecs-v6-response-bits-34
# - ecs-v6-response-bits-35
# - ecs-v6-response-bits-36
# - ecs-v6-response-bits-37
# - ecs-v6-response-bits-38
# - ecs-v6-response-bits-39
# - ecs-v6-response-bits-40
# - ecs-v6-response-bits-41
# - ecs-v6-response-bits-42
# - ecs-v6-response-bits-43
# - ecs-v6-response-bits-44
# - ecs-v6-response-bits-45
# - ecs-v6-response-bits-46
# - ecs-v6-response-bits-47
# - ecs-v6-response-bits-48
# - ecs-v6-response-bits-49
# - ecs-v6-response-bits-50
# - ecs-v6-response-bits-51
# - ecs-v6-response-bits-52
# - ecs-v6-response-bits-53
# - ecs-v6-response-bits-54
# - ecs-v6-response-bits-55
# - ecs-v6-response-bits-56
# - ecs-v6-response-bits-57
# - ecs-v6-response-bits-58
# - ecs-v6-response-bits-59
# - ecs-v6-response-bits-60
# - ecs-v6-response-bits-61
# - ecs-v6-response-bits-62
# - ecs-v6-response-bits-63
# - ecs-v6-response-bits-64
# - ecs-v6-response-bits-65
# - ecs-v6-response-bits-66
# - ecs-v6-response-bits-67
# - ecs-v6-response-bits-68
# - ecs-v6-response-bits-69
# - ecs-v6-response-bits-70
# - ecs-v6-response-bits-71
# - ecs-v6-response-bits-72
# - ecs-v6-response-bits-73
# - ecs-v6-response-bits-74
# - ecs-v6-response-bits-75
# - ecs-v6-response-bits-76
# - ecs-v6-response-bits-77
# - ecs-v6-response-bits-78
# - ecs-v6-response-bits-79
# - ecs-v6-response-bits-80
# - ecs-v6-response-bits-81
# - ecs-v6-response-bits-82
# - ecs-v6-response-bits-83
# - ecs-v6-response-bits-84
# - ecs-v6-response-bits-85
# - ecs-v6-response-bits-86
# - ecs-v6-response-bits-87
# - ecs-v6-response-bits-88
# - ecs-v6-response-bits-89
# - ecs-v6-response-bits-90
# - ecs-v6-response-bits-91
# - ecs-v6-response-bits-92
# - ecs-v6-response-bits-93
# - ecs-v6-response-bits-94
# - ecs-v6-response-bits-95
# - ecs-v6-response-bits-96
# - ecs-v6-response-bits-97
# - ecs-v6-response-bits-98
# - ecs-v6-response-bits-99
# - ecs-v6-response-bits-100
# - ecs-v6-response-bits-101
# - ecs-v6-response-bits-102
# - ecs-v6-response-bits-103
# - ecs-v6-response-bits-104
# - ecs-v6-response-bits-105
# - ecs-v6-response-bits-106
# - ecs-v6-response-bits-107
# - ecs-v6-response-bits-108
# - ecs-v6-response-bits-109
# - ecs-v6-response-bits-110
# - ecs-v6-response-bits-111
# - ecs-v6-response-bits-112
# - ecs-v6-response-bits-113
# - ecs-v6-response-bits-114
# - ecs-v6-response-bits-115
# - ecs-v6-response-bits-116
# - ecs-v6-response-bits-117
# - ecs-v6-response-bits-118
# - ecs-v6-response-bits-119
# - ecs-v6-response-bits-120
# - ecs-v6-response-bits-121
# - ecs-v6-response-bits-122
# - ecs-v6-response-bits-123
# - ecs-v6-response-bits-124
# - ecs-v6-response-bits-125
# - ecs-v6-response-bits-126
# - ecs-v6-response-bits-127
# - ecs-v6-response-bits-128
##### List of statistics that are prevented from being exported via Carbon
# stats_carbon_disabled_list:
# - cache-bytes
# - packetcache-bytes
# - special-memory-usage
# - ecs-v4-response-bits-1
# - ecs-v4-response-bits-2
# - ecs-v4-response-bits-3
# - ecs-v4-response-bits-4
# - ecs-v4-response-bits-5
# - ecs-v4-response-bits-6
# - ecs-v4-response-bits-7
# - ecs-v4-response-bits-8
# - ecs-v4-response-bits-9
# - ecs-v4-response-bits-10
# - ecs-v4-response-bits-11
# - ecs-v4-response-bits-12
# - ecs-v4-response-bits-13
# - ecs-v4-response-bits-14
# - ecs-v4-response-bits-15
# - ecs-v4-response-bits-16
# - ecs-v4-response-bits-17
# - ecs-v4-response-bits-18
# - ecs-v4-response-bits-19
# - ecs-v4-response-bits-20
# - ecs-v4-response-bits-21
# - ecs-v4-response-bits-22
# - ecs-v4-response-bits-23
# - ecs-v4-response-bits-24
# - ecs-v4-response-bits-25
# - ecs-v4-response-bits-26
# - ecs-v4-response-bits-27
# - ecs-v4-response-bits-28
# - ecs-v4-response-bits-29
# - ecs-v4-response-bits-30
# - ecs-v4-response-bits-31
# - ecs-v4-response-bits-32
# - ecs-v6-response-bits-1
# - ecs-v6-response-bits-2
# - ecs-v6-response-bits-3
# - ecs-v6-response-bits-4
# - ecs-v6-response-bits-5
# - ecs-v6-response-bits-6
# - ecs-v6-response-bits-7
# - ecs-v6-response-bits-8
# - ecs-v6-response-bits-9
# - ecs-v6-response-bits-10
# - ecs-v6-response-bits-11
# - ecs-v6-response-bits-12
# - ecs-v6-response-bits-13
# - ecs-v6-response-bits-14
# - ecs-v6-response-bits-15
# - ecs-v6-response-bits-16
# - ecs-v6-response-bits-17
# - ecs-v6-response-bits-18
# - ecs-v6-response-bits-19
# - ecs-v6-response-bits-20
# - ecs-v6-response-bits-21
# - ecs-v6-response-bits-22
# - ecs-v6-response-bits-23
# - ecs-v6-response-bits-24
# - ecs-v6-response-bits-25
# - ecs-v6-response-bits-26
# - ecs-v6-response-bits-27
# - ecs-v6-response-bits-28
# - ecs-v6-response-bits-29
# - ecs-v6-response-bits-30
# - ecs-v6-response-bits-31
# - ecs-v6-response-bits-32
# - ecs-v6-response-bits-33
# - ecs-v6-response-bits-34
# - ecs-v6-response-bits-35
# - ecs-v6-response-bits-36
# - ecs-v6-response-bits-37
# - ecs-v6-response-bits-38
# - ecs-v6-response-bits-39
# - ecs-v6-response-bits-40
# - ecs-v6-response-bits-41
# - ecs-v6-response-bits-42
# - ecs-v6-response-bits-43
# - ecs-v6-response-bits-44
# - ecs-v6-response-bits-45
# - ecs-v6-response-bits-46
# - ecs-v6-response-bits-47
# - ecs-v6-response-bits-48
# - ecs-v6-response-bits-49
# - ecs-v6-response-bits-50
# - ecs-v6-response-bits-51
# - ecs-v6-response-bits-52
# - ecs-v6-response-bits-53
# - ecs-v6-response-bits-54
# - ecs-v6-response-bits-55
# - ecs-v6-response-bits-56
# - ecs-v6-response-bits-57
# - ecs-v6-response-bits-58
# - ecs-v6-response-bits-59
# - ecs-v6-response-bits-60
# - ecs-v6-response-bits-61
# - ecs-v6-response-bits-62
# - ecs-v6-response-bits-63
# - ecs-v6-response-bits-64
# - ecs-v6-response-bits-65
# - ecs-v6-response-bits-66
# - ecs-v6-response-bits-67
# - ecs-v6-response-bits-68
# - ecs-v6-response-bits-69
# - ecs-v6-response-bits-70
# - ecs-v6-response-bits-71
# - ecs-v6-response-bits-72
# - ecs-v6-response-bits-73
# - ecs-v6-response-bits-74
# - ecs-v6-response-bits-75
# - ecs-v6-response-bits-76
# - ecs-v6-response-bits-77
# - ecs-v6-response-bits-78
# - ecs-v6-response-bits-79
# - ecs-v6-response-bits-80
# - ecs-v6-response-bits-81
# - ecs-v6-response-bits-82
# - ecs-v6-response-bits-83
# - ecs-v6-response-bits-84
# - ecs-v6-response-bits-85
# - ecs-v6-response-bits-86
# - ecs-v6-response-bits-87
# - ecs-v6-response-bits-88
# - ecs-v6-response-bits-89
# - ecs-v6-response-bits-90
# - ecs-v6-response-bits-91
# - ecs-v6-response-bits-92
# - ecs-v6-response-bits-93
# - ecs-v6-response-bits-94
# - ecs-v6-response-bits-95
# - ecs-v6-response-bits-96
# - ecs-v6-response-bits-97
# - ecs-v6-response-bits-98
# - ecs-v6-response-bits-99
# - ecs-v6-response-bits-100
# - ecs-v6-response-bits-101
# - ecs-v6-response-bits-102
# - ecs-v6-response-bits-103
# - ecs-v6-response-bits-104
# - ecs-v6-response-bits-105
# - ecs-v6-response-bits-106
# - ecs-v6-response-bits-107
# - ecs-v6-response-bits-108
# - ecs-v6-response-bits-109
# - ecs-v6-response-bits-110
# - ecs-v6-response-bits-111
# - ecs-v6-response-bits-112
# - ecs-v6-response-bits-113
# - ecs-v6-response-bits-114
# - ecs-v6-response-bits-115
# - ecs-v6-response-bits-116
# - ecs-v6-response-bits-117
# - ecs-v6-response-bits-118
# - ecs-v6-response-bits-119
# - ecs-v6-response-bits-120
# - ecs-v6-response-bits-121
# - ecs-v6-response-bits-122
# - ecs-v6-response-bits-123
# - ecs-v6-response-bits-124
# - ecs-v6-response-bits-125
# - ecs-v6-response-bits-126
# - ecs-v6-response-bits-127
# - ecs-v6-response-bits-128
# - cumul-clientanswers
# - cumul-authanswers
# - policy-hits
# - proxy-mapping-total
# - remote-logger-count
##### List of statistics that are prevented from being exported via rec_control get-all
# stats_rec_control_disabled_list:
# - cache-bytes
# - packetcache-bytes
# - special-memory-usage
# - ecs-v4-response-bits-1
# - ecs-v4-response-bits-2
# - ecs-v4-response-bits-3
# - ecs-v4-response-bits-4
# - ecs-v4-response-bits-5
# - ecs-v4-response-bits-6
# - ecs-v4-response-bits-7
# - ecs-v4-response-bits-8
# - ecs-v4-response-bits-9
# - ecs-v4-response-bits-10
# - ecs-v4-response-bits-11
# - ecs-v4-response-bits-12
# - ecs-v4-response-bits-13
# - ecs-v4-response-bits-14
# - ecs-v4-response-bits-15
# - ecs-v4-response-bits-16
# - ecs-v4-response-bits-17
# - ecs-v4-response-bits-18
# - ecs-v4-response-bits-19
# - ecs-v4-response-bits-20
# - ecs-v4-response-bits-21
# - ecs-v4-response-bits-22
# - ecs-v4-response-bits-23
# - ecs-v4-response-bits-24
# - ecs-v4-response-bits-25
# - ecs-v4-response-bits-26
# - ecs-v4-response-bits-27
# - ecs-v4-response-bits-28
# - ecs-v4-response-bits-29
# - ecs-v4-response-bits-30
# - ecs-v4-response-bits-31
# - ecs-v4-response-bits-32
# - ecs-v6-response-bits-1
# - ecs-v6-response-bits-2
# - ecs-v6-response-bits-3
# - ecs-v6-response-bits-4
# - ecs-v6-response-bits-5
# - ecs-v6-response-bits-6
# - ecs-v6-response-bits-7
# - ecs-v6-response-bits-8
# - ecs-v6-response-bits-9
# - ecs-v6-response-bits-10
# - ecs-v6-response-bits-11
# - ecs-v6-response-bits-12
# - ecs-v6-response-bits-13
# - ecs-v6-response-bits-14
# - ecs-v6-response-bits-15
# - ecs-v6-response-bits-16
# - ecs-v6-response-bits-17
# - ecs-v6-response-bits-18
# - ecs-v6-response-bits-19
# - ecs-v6-response-bits-20
# - ecs-v6-response-bits-21
# - ecs-v6-response-bits-22
# - ecs-v6-response-bits-23
# - ecs-v6-response-bits-24
# - ecs-v6-response-bits-25
# - ecs-v6-response-bits-26
# - ecs-v6-response-bits-27
# - ecs-v6-response-bits-28
# - ecs-v6-response-bits-29
# - ecs-v6-response-bits-30
# - ecs-v6-response-bits-31
# - ecs-v6-response-bits-32
# - ecs-v6-response-bits-33
# - ecs-v6-response-bits-34
# - ecs-v6-response-bits-35
# - ecs-v6-response-bits-36
# - ecs-v6-response-bits-37
# - ecs-v6-response-bits-38
# - ecs-v6-response-bits-39
# - ecs-v6-response-bits-40
# - ecs-v6-response-bits-41
# - ecs-v6-response-bits-42
# - ecs-v6-response-bits-43
# - ecs-v6-response-bits-44
# - ecs-v6-response-bits-45
# - ecs-v6-response-bits-46
# - ecs-v6-response-bits-47
# - ecs-v6-response-bits-48
# - ecs-v6-response-bits-49
# - ecs-v6-response-bits-50
# - ecs-v6-response-bits-51
# - ecs-v6-response-bits-52
# - ecs-v6-response-bits-53
# - ecs-v6-response-bits-54
# - ecs-v6-response-bits-55
# - ecs-v6-response-bits-56
# - ecs-v6-response-bits-57
# - ecs-v6-response-bits-58
# - ecs-v6-response-bits-59
# - ecs-v6-response-bits-60
# - ecs-v6-response-bits-61
# - ecs-v6-response-bits-62
# - ecs-v6-response-bits-63
# - ecs-v6-response-bits-64
# - ecs-v6-response-bits-65
# - ecs-v6-response-bits-66
# - ecs-v6-response-bits-67
# - ecs-v6-response-bits-68
# - ecs-v6-response-bits-69
# - ecs-v6-response-bits-70
# - ecs-v6-response-bits-71
# - ecs-v6-response-bits-72
# - ecs-v6-response-bits-73
# - ecs-v6-response-bits-74
# - ecs-v6-response-bits-75
# - ecs-v6-response-bits-76
# - ecs-v6-response-bits-77
# - ecs-v6-response-bits-78
# - ecs-v6-response-bits-79
# - ecs-v6-response-bits-80
# - ecs-v6-response-bits-81
# - ecs-v6-response-bits-82
# - ecs-v6-response-bits-83
# - ecs-v6-response-bits-84
# - ecs-v6-response-bits-85
# - ecs-v6-response-bits-86
# - ecs-v6-response-bits-87
# - ecs-v6-response-bits-88
# - ecs-v6-response-bits-89
# - ecs-v6-response-bits-90
# - ecs-v6-response-bits-91
# - ecs-v6-response-bits-92
# - ecs-v6-response-bits-93
# - ecs-v6-response-bits-94
# - ecs-v6-response-bits-95
# - ecs-v6-response-bits-96
# - ecs-v6-response-bits-97
# - ecs-v6-response-bits-98
# - ecs-v6-response-bits-99
# - ecs-v6-response-bits-100
# - ecs-v6-response-bits-101
# - ecs-v6-response-bits-102
# - ecs-v6-response-bits-103
# - ecs-v6-response-bits-104
# - ecs-v6-response-bits-105
# - ecs-v6-response-bits-106
# - ecs-v6-response-bits-107
# - ecs-v6-response-bits-108
# - ecs-v6-response-bits-109
# - ecs-v6-response-bits-110
# - ecs-v6-response-bits-111
# - ecs-v6-response-bits-112
# - ecs-v6-response-bits-113
# - ecs-v6-response-bits-114
# - ecs-v6-response-bits-115
# - ecs-v6-response-bits-116
# - ecs-v6-response-bits-117
# - ecs-v6-response-bits-118
# - ecs-v6-response-bits-119
# - ecs-v6-response-bits-120
# - ecs-v6-response-bits-121
# - ecs-v6-response-bits-122
# - ecs-v6-response-bits-123
# - ecs-v6-response-bits-124
# - ecs-v6-response-bits-125
# - ecs-v6-response-bits-126
# - ecs-v6-response-bits-127
# - ecs-v6-response-bits-128
# - cumul-clientanswers
# - cumul-authanswers
# - policy-hits
# - proxy-mapping-total
# - remote-logger-count
##### maximum number of packets to store statistics for
# stats_ringbuffer_entries: 10000
##### List of statistics that are prevented from being exported via SNMP
# stats_snmp_disabled_list:
# - cache-bytes
# - packetcache-bytes
# - special-memory-usage
# - ecs-v4-response-bits-1
# - ecs-v4-response-bits-2
# - ecs-v4-response-bits-3
# - ecs-v4-response-bits-4
# - ecs-v4-response-bits-5
# - ecs-v4-response-bits-6
# - ecs-v4-response-bits-7
# - ecs-v4-response-bits-8
# - ecs-v4-response-bits-9
# - ecs-v4-response-bits-10
# - ecs-v4-response-bits-11
# - ecs-v4-response-bits-12
# - ecs-v4-response-bits-13
# - ecs-v4-response-bits-14
# - ecs-v4-response-bits-15
# - ecs-v4-response-bits-16
# - ecs-v4-response-bits-17
# - ecs-v4-response-bits-18
# - ecs-v4-response-bits-19
# - ecs-v4-response-bits-20
# - ecs-v4-response-bits-21
# - ecs-v4-response-bits-22
# - ecs-v4-response-bits-23
# - ecs-v4-response-bits-24
# - ecs-v4-response-bits-25
# - ecs-v4-response-bits-26
# - ecs-v4-response-bits-27
# - ecs-v4-response-bits-28
# - ecs-v4-response-bits-29
# - ecs-v4-response-bits-30
# - ecs-v4-response-bits-31
# - ecs-v4-response-bits-32
# - ecs-v6-response-bits-1
# - ecs-v6-response-bits-2
# - ecs-v6-response-bits-3
# - ecs-v6-response-bits-4
# - ecs-v6-response-bits-5
# - ecs-v6-response-bits-6
# - ecs-v6-response-bits-7
# - ecs-v6-response-bits-8
# - ecs-v6-response-bits-9
# - ecs-v6-response-bits-10
# - ecs-v6-response-bits-11
# - ecs-v6-response-bits-12
# - ecs-v6-response-bits-13
# - ecs-v6-response-bits-14
# - ecs-v6-response-bits-15
# - ecs-v6-response-bits-16
# - ecs-v6-response-bits-17
# - ecs-v6-response-bits-18
# - ecs-v6-response-bits-19
# - ecs-v6-response-bits-20
# - ecs-v6-response-bits-21
# - ecs-v6-response-bits-22
# - ecs-v6-response-bits-23
# - ecs-v6-response-bits-24
# - ecs-v6-response-bits-25
# - ecs-v6-response-bits-26
# - ecs-v6-response-bits-27
# - ecs-v6-response-bits-28
# - ecs-v6-response-bits-29
# - ecs-v6-response-bits-30
# - ecs-v6-response-bits-31
# - ecs-v6-response-bits-32
# - ecs-v6-response-bits-33
# - ecs-v6-response-bits-34
# - ecs-v6-response-bits-35
# - ecs-v6-response-bits-36
# - ecs-v6-response-bits-37
# - ecs-v6-response-bits-38
# - ecs-v6-response-bits-39
# - ecs-v6-response-bits-40
# - ecs-v6-response-bits-41
# - ecs-v6-response-bits-42
# - ecs-v6-response-bits-43
# - ecs-v6-response-bits-44
# - ecs-v6-response-bits-45
# - ecs-v6-response-bits-46
# - ecs-v6-response-bits-47
# - ecs-v6-response-bits-48
# - ecs-v6-response-bits-49
# - ecs-v6-response-bits-50
# - ecs-v6-response-bits-51
# - ecs-v6-response-bits-52
# - ecs-v6-response-bits-53
# - ecs-v6-response-bits-54
# - ecs-v6-response-bits-55
# - ecs-v6-response-bits-56
# - ecs-v6-response-bits-57
# - ecs-v6-response-bits-58
# - ecs-v6-response-bits-59
# - ecs-v6-response-bits-60
# - ecs-v6-response-bits-61
# - ecs-v6-response-bits-62
# - ecs-v6-response-bits-63
# - ecs-v6-response-bits-64
# - ecs-v6-response-bits-65
# - ecs-v6-response-bits-66
# - ecs-v6-response-bits-67
# - ecs-v6-response-bits-68
# - ecs-v6-response-bits-69
# - ecs-v6-response-bits-70
# - ecs-v6-response-bits-71
# - ecs-v6-response-bits-72
# - ecs-v6-response-bits-73
# - ecs-v6-response-bits-74
# - ecs-v6-response-bits-75
# - ecs-v6-response-bits-76
# - ecs-v6-response-bits-77
# - ecs-v6-response-bits-78
# - ecs-v6-response-bits-79
# - ecs-v6-response-bits-80
# - ecs-v6-response-bits-81
# - ecs-v6-response-bits-82
# - ecs-v6-response-bits-83
# - ecs-v6-response-bits-84
# - ecs-v6-response-bits-85
# - ecs-v6-response-bits-86
# - ecs-v6-response-bits-87
# - ecs-v6-response-bits-88
# - ecs-v6-response-bits-89
# - ecs-v6-response-bits-90
# - ecs-v6-response-bits-91
# - ecs-v6-response-bits-92
# - ecs-v6-response-bits-93
# - ecs-v6-response-bits-94
# - ecs-v6-response-bits-95
# - ecs-v6-response-bits-96
# - ecs-v6-response-bits-97
# - ecs-v6-response-bits-98
# - ecs-v6-response-bits-99
# - ecs-v6-response-bits-100
# - ecs-v6-response-bits-101
# - ecs-v6-response-bits-102
# - ecs-v6-response-bits-103
# - ecs-v6-response-bits-104
# - ecs-v6-response-bits-105
# - ecs-v6-response-bits-106
# - ecs-v6-response-bits-107
# - ecs-v6-response-bits-108
# - ecs-v6-response-bits-109
# - ecs-v6-response-bits-110
# - ecs-v6-response-bits-111
# - ecs-v6-response-bits-112
# - ecs-v6-response-bits-113
# - ecs-v6-response-bits-114
# - ecs-v6-response-bits-115
# - ecs-v6-response-bits-116
# - ecs-v6-response-bits-117
# - ecs-v6-response-bits-118
# - ecs-v6-response-bits-119
# - ecs-v6-response-bits-120
# - ecs-v6-response-bits-121
# - ecs-v6-response-bits-122
# - ecs-v6-response-bits-123
# - ecs-v6-response-bits-124
# - ecs-v6-response-bits-125
# - ecs-v6-response-bits-126
# - ecs-v6-response-bits-127
# - ecs-v6-response-bits-128
# - cumul-clientanswers
# - cumul-authanswers
# - policy-hits
# - proxy-mapping-total
# - remote-logger-count
##### Set interval (in seconds) of the re-resolve checks of system resolver subsystem.
# system_resolver_interval: 0
##### Check for potential self-resolve, default enabled.
# system_resolver_self_resolve_check: true
##### Set TTL of system resolver feature, 0 (default) is disabled
# system_resolver_ttl: 0
##### Launch this number of threads listening for and processing TCP queries
# tcp_threads: 1
##### Launch this number of threads
# threads: 2
##### string reported on version.pdns or version.bind
# version_string: '*runtime determined*'
##### Write a PID file
# write_pid: true
######### SECTION snmp #########
snmp:
##### If set, register as an SNMP agent
# agent: false
##### If set and snmp-agent is set, the socket to use to register to the SNMP daemon
# daemon_socket: ''
######### SECTION webservice #########
webservice:
##### IP Address of webserver to listen on
# address: 127.0.0.1
##### Webserver access is only allowed from these subnets
# allow_from:
# - 127.0.0.1
# - ::1
##### Directory where REST API stores config and zones
# api_dir: ''
##### Static pre-shared authentication key for access to the REST API
# api_key: ''
##### Whether to hash passwords and api keys supplied in plaintext, to prevent keeping the plaintext version in memory at runtime
# hash_plaintext_credentials: false
##### Amount of logging in the webserver (none, normal, detailed)
# loglevel: normal
##### Password required for accessing the webserver
# password: ''
##### Port of webserver to listen on
# port: 8082
##### Start a webserver (for REST API)
# webserver: false
Reference in New Issue View Git Blame Copy Permalink