diff --git a/net/pdns-recursor/Makefile b/net/pdns-recursor/Makefile index 6ba6bd72249adb..094d4073d158d1 100644 --- a/net/pdns-recursor/Makefile +++ b/net/pdns-recursor/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pdns-recursor -PKG_VERSION:=5.0.7 +PKG_VERSION:=5.1.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/ -PKG_HASH:=700a825aa087f3f37888ccb65cec6291a1aa5345838af202dc19ebe5691451b9 +PKG_HASH:=5b7ab793ace822294a3f38092fe72ee64748ff0cbb8a5283dc77f40780605ae9 PKG_MAINTAINER:=Peter van Dijk , Remi Gacogne PKG_LICENSE:=GPL-2.0-only diff --git a/net/pdns-recursor/files/recursor.conf-dist b/net/pdns-recursor/files/recursor.conf-dist index 785b0c2acc00ef..b01eff2c62419c 100644 --- a/net/pdns-recursor/files/recursor.conf-dist +++ b/net/pdns-recursor/files/recursor.conf-dist @@ -1,932 +1,1188 @@ -# Autogenerated configuration file template -################################# -# ignore-unknown-settings Configuration settings to ignore if they are unknown -# -# ignore-unknown-settings= - -################################# -# aggressive-nsec-cache-size The number of records to cache in the aggressive cache. If set to a value greater than 0, and DNSSEC processing or validation is enabled, the recursor will cache NSEC and NSEC3 records to generate negative answers, as defined in rfc8198 -# -# aggressive-nsec-cache-size=100000 - -################################# -# allow-from If set, only allow these comma separated netmasks to recurse -# -# allow-from=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10 - -################################# -# allow-from-file If set, load allowed netmasks from this file -# -# allow-from-file= - -################################# -# allow-notify-for If set, NOTIFY requests for these zones will be allowed -# -# allow-notify-for= - -################################# -# allow-notify-for-file If set, load NOTIFY-allowed zones from this file -# -# allow-notify-for-file= - -################################# -# allow-notify-from If set, NOTIFY requests from these comma separated netmasks will be allowed -# -# allow-notify-from= - -################################# -# allow-notify-from-file If set, load NOTIFY-allowed netmasks from this file -# -# allow-notify-from-file= - -################################# -# allow-trust-anchor-query Allow queries for trustanchor.server CH TXT and negativetrustanchor.server CH TXT -# -# allow-trust-anchor-query=no - -################################# -# any-to-tcp Answer ANY queries with tc=1, shunting to TCP -# -# any-to-tcp=no - -################################# -# api-config-dir Directory where REST API stores config and zones -# -# api-config-dir= - -################################# -# api-key Static pre-shared authentication key for access to the REST API -# -# api-key= - -################################# -# auth-zones Zones for which we have authoritative data, comma separated domain=file pairs -# -# auth-zones= - -################################# -# carbon-instance If set overwrites the instance name default -# -# carbon-instance=recursor - -################################# -# carbon-interval Number of seconds between carbon (graphite) updates -# -# carbon-interval=30 - -################################# -# carbon-namespace If set overwrites the first part of the carbon string -# -# carbon-namespace=pdns - -################################# -# carbon-ourname If set, overrides our reported hostname for carbon stats -# -# carbon-ourname= - -################################# -# carbon-server If set, send metrics in carbon (graphite) format to this server IP address -# -# carbon-server= - -################################# -# chroot switch to chroot jail -# -# chroot= - -################################# -# client-tcp-timeout Timeout in seconds when talking to TCP clients -# -# client-tcp-timeout=2 - -################################# -# config-dir Location of configuration directory (recursor.conf) -# -# config-dir=/etc/powerdns - -################################# -# config-name Name of this virtual configuration - will rename the binary image -# -# config-name= - -################################# -# cpu-map Thread to CPU mapping, space separated thread-id=cpu1,cpu2..cpuN pairs -# -# cpu-map= - -################################# -# daemon Operate as a daemon -# -# daemon=no - -################################# -# disable-packetcache Disable packetcache -# -# disable-packetcache=no - -################################# -# disable-syslog Disable logging to syslog, useful when running inside a supervisor that logs stdout -# -# disable-syslog=no - -################################# -# distribution-load-factor The load factor used when PowerDNS is distributing queries to worker threads -# -# distribution-load-factor=0.0 - -################################# -# distribution-pipe-buffer-size Size in bytes of the internal buffer of the pipe used by the distributor to pass incoming queries to a worker thread -# -# distribution-pipe-buffer-size=0 - -################################# -# distributor-threads Launch this number of distributor threads, distributing queries to other threads -# -# distributor-threads=0 - -################################# -# dns64-prefix DNS64 prefix -# -# dns64-prefix= - -################################# -# dnssec DNSSEC mode: off/process-no-validate/process (default)/log-fail/validate -# -# dnssec=process - -################################# -# dnssec-log-bogus Log DNSSEC bogus validations -# -# dnssec-log-bogus=no - -################################# -# dont-query If set, do not query these netmasks for DNS data -# -# dont-query=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, ::ffff:0:0/96, 100::/64, 2001:db8::/32 - -################################# -# dont-throttle-names Do not throttle nameservers with this name or suffix -# -# dont-throttle-names= - -################################# -# dont-throttle-netmasks Do not throttle nameservers with this IP netmask -# -# dont-throttle-netmasks= - -################################# -# dot-to-auth-names Use DoT to authoritative servers with these names or suffixes -# -# dot-to-auth-names= - -################################# -# dot-to-port-853 Force DoT connection to target port 853 if DoT compiled in -# -# dot-to-port-853=yes - -################################# -# ecs-add-for List of client netmasks for which EDNS Client Subnet will be added -# -# ecs-add-for=0.0.0.0/0, ::/0, !127.0.0.0/8, !10.0.0.0/8, !100.64.0.0/10, !169.254.0.0/16, !192.168.0.0/16, !172.16.0.0/12, !::1/128, !fc00::/7, !fe80::/10 - -################################# -# ecs-cache-limit-ttl Minimum TTL to cache ECS response -# -# ecs-cache-limit-ttl=0 - -################################# -# ecs-ipv4-bits Number of bits of IPv4 address to pass for EDNS Client Subnet -# -# ecs-ipv4-bits=24 - -################################# -# ecs-ipv4-cache-bits Maximum number of bits of IPv4 mask to cache ECS response -# -# ecs-ipv4-cache-bits=24 - -################################# -# ecs-ipv4-never-cache If we should never cache IPv4 ECS responses -# -# ecs-ipv4-never-cache=no - -################################# -# ecs-ipv6-bits Number of bits of IPv6 address to pass for EDNS Client Subnet -# -# ecs-ipv6-bits=56 - -################################# -# ecs-ipv6-cache-bits Maximum number of bits of IPv6 mask to cache ECS response -# -# ecs-ipv6-cache-bits=56 - -################################# -# ecs-ipv6-never-cache If we should never cache IPv6 ECS responses -# -# ecs-ipv6-never-cache=no - -################################# -# ecs-minimum-ttl-override The minimum TTL for records in ECS-specific answers -# -# ecs-minimum-ttl-override=1 - -################################# -# ecs-scope-zero-address Address to send to allow-listed authoritative servers for incoming queries with ECS prefix-length source of 0 -# -# ecs-scope-zero-address= - -################################# -# edns-outgoing-bufsize Outgoing EDNS buffer size -# -# edns-outgoing-bufsize=1232 - -################################# -# edns-padding-from List of netmasks (proxy IP in case of XPF or proxy-protocol presence, client IP otherwise) for which EDNS padding will be enabled in responses, provided that 'edns-padding-mode' applies -# -# edns-padding-from= - -################################# -# edns-padding-mode Whether to add EDNS padding to all responses ('always') or only to responses for queries containing the EDNS padding option ('padded-queries-only', the default). In both modes, padding will only be added to responses for queries coming from `edns-padding-from`_ sources -# -# edns-padding-mode=padded-queries-only - -################################# -# edns-padding-tag Packetcache tag associated to responses sent with EDNS padding, to prevent sending these to clients for which padding is not enabled. -# -# edns-padding-tag=7830 - -################################# -# edns-subnet-allow-list List of netmasks and domains that we should enable EDNS subnet for -# -# edns-subnet-allow-list= - -################################# -# edns-subnet-whitelist List of netmasks and domains that we should enable EDNS subnet for (deprecated) -# -# edns-subnet-whitelist= - -################################# -# entropy-source If set, read entropy from this file -# -# entropy-source=/dev/urandom - -################################# -# etc-hosts-file Path to 'hosts' file -# -# etc-hosts-file=/etc/hosts - -################################# -# event-trace-enabled If set, event traces are collected and send out via protobuf logging (1), logfile (2) or both(3) -# -# event-trace-enabled=0 - -################################# -# export-etc-hosts If we should serve up contents from /etc/hosts -# -# export-etc-hosts=off - -################################# -# export-etc-hosts-search-suffix Also serve up the contents of /etc/hosts with this suffix -# -# export-etc-hosts-search-suffix= - -################################# -# extended-resolution-errors If set, send an EDNS Extended Error extension on resolution failures, like DNSSEC validation errors -# -# extended-resolution-errors=no - -################################# -# forward-zones Zones for which we forward queries, comma separated domain=ip pairs -# -# forward-zones= - -################################# -# forward-zones-file File with (+)domain=ip pairs for forwarding -# -# forward-zones-file= - -################################# -# forward-zones-recurse Zones for which we forward queries with recursion bit, comma separated domain=ip pairs -# -# forward-zones-recurse= - -################################# -# gettag-needs-edns-options If EDNS Options should be extracted before calling the gettag() hook -# -# gettag-needs-edns-options=no - -################################# -# hint-file If set, load root hints from this file -# -# hint-file= - -################################# -# include-dir Include *.conf files from this directory -# -# include-dir= - -################################# -# latency-statistic-size Number of latency values to calculate the qa-latency average -# -# latency-statistic-size=10000 - -################################# -# local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports. -# -# local-address=127.0.0.1 - -################################# -# local-port port to listen on -# -# local-port=53 - -################################# -# log-common-errors If we should log rather common errors -# -# log-common-errors=no - -################################# -# log-rpz-changes Log additions and removals to RPZ zones at Info level -# -# log-rpz-changes=no - -################################# -# log-timestamp Print timestamps in log lines, useful to disable when running with a tool that timestamps stdout already -# -# log-timestamp=yes - -################################# -# logging-facility Facility to log messages as. 0 corresponds to local0 -# -# logging-facility= - -################################# -# loglevel Amount of logging. Higher is more. Do not set below 3 -# -# loglevel=6 - -################################# -# lowercase-outgoing Force outgoing questions to lowercase -# -# lowercase-outgoing=no - -################################# -# lua-config-file More powerful configuration options -# -# lua-config-file= - -################################# -# lua-dns-script Filename containing an optional 'lua' script that will be used to modify dns answers -# -# lua-dns-script= - -################################# -# lua-maintenance-interval Number of seconds between calls to the lua user defined maintenance() function -# -# lua-maintenance-interval=1 - -################################# -# max-cache-bogus-ttl maximum number of seconds to keep a Bogus (positive or negative) cached entry in memory -# -# max-cache-bogus-ttl=3600 - -################################# -# max-cache-entries If set, maximum number of entries in the main cache -# -# max-cache-entries=1000000 - -################################# -# max-cache-ttl maximum number of seconds to keep a cached entry in memory -# -# max-cache-ttl=86400 - -################################# -# max-concurrent-requests-per-tcp-connection Maximum number of requests handled concurrently per TCP connection -# -# max-concurrent-requests-per-tcp-connection=10 - -################################# -# max-generate-steps Maximum number of $GENERATE steps when loading a zone from a file -# -# max-generate-steps=0 - -################################# -# max-include-depth Maximum nested $INCLUDE depth when loading a zone from a file -# -# max-include-depth=20 - -################################# -# max-mthreads Maximum number of simultaneous Mtasker threads -# -# max-mthreads=2048 - -################################# -# max-negative-ttl maximum number of seconds to keep a negative cached entry in memory -# -# max-negative-ttl=3600 - -################################# -# max-ns-address-qperq Maximum outgoing NS address queries per query -# -# max-ns-address-qperq=10 - -################################# -# max-packetcache-entries maximum number of entries to keep in the packetcache -# -# max-packetcache-entries=500000 - -################################# -# max-qperq Maximum outgoing queries per query -# -# max-qperq=60 - -################################# -# max-recursion-depth Maximum number of internal recursion calls per query, 0 for unlimited -# -# max-recursion-depth=40 - -################################# -# max-tcp-clients Maximum number of simultaneous TCP clients -# -# max-tcp-clients=128 - -################################# -# max-tcp-per-client If set, maximum number of TCP sessions per client (IP address) -# -# max-tcp-per-client=0 - -################################# -# max-tcp-queries-per-connection If set, maximum number of TCP queries in a TCP connection -# -# max-tcp-queries-per-connection=0 - -################################# -# max-total-msec Maximum total wall-clock time per query in milliseconds, 0 for unlimited -# -# max-total-msec=7000 - -################################# -# max-udp-queries-per-round Maximum number of UDP queries processed per recvmsg() round, before returning back to normal processing -# -# max-udp-queries-per-round=10000 - -################################# -# minimum-ttl-override The minimum TTL -# -# minimum-ttl-override=1 - -################################# -# network-timeout Wait this number of milliseconds for network i/o -# -# network-timeout=1500 - -################################# -# new-domain-db-size Size of the DB used to track new domains in terms of number of cells. Defaults to 67108864 -# -# new-domain-db-size=67108864 - -################################# -# new-domain-history-dir Persist new domain tracking data here to persist between restarts -# -# new-domain-history-dir=/var/lib/pdns-recursor/nod - -################################# -# new-domain-ignore-list List of domains (and implicitly all subdomains) which will never be considered a new domain -# -# new-domain-ignore-list= - -################################# -# new-domain-log Log newly observed domains. -# -# new-domain-log=yes - -################################# -# new-domain-lookup Perform a DNS lookup newly observed domains as a subdomain of the configured domain -# -# new-domain-lookup= - -################################# -# new-domain-pb-tag If protobuf is configured, the tag to use for messages containing newly observed domains. Defaults to 'pdns-nod' -# -# new-domain-pb-tag=pdns-nod - -################################# -# new-domain-tracking Track newly observed domains (i.e. never seen before). -# -# new-domain-tracking=no - -################################# -# new-domain-whitelist List of domains (and implicitly all subdomains) which will never be considered a new domain (deprecated) -# -# new-domain-whitelist= - -################################# -# no-shuffle Don't change -# -# no-shuffle=off - -################################# -# non-local-bind Enable binding to non-local addresses by using FREEBIND / BINDANY socket options -# -# non-local-bind=no - -################################# -# non-resolving-ns-max-fails Number of failed address resolves of a nameserver to start throttling it, 0 is disabled -# -# non-resolving-ns-max-fails=5 - -################################# -# non-resolving-ns-throttle-time Number of seconds to throttle a nameserver with a name failing to resolve -# -# non-resolving-ns-throttle-time=60 - -################################# -# nothing-below-nxdomain When an NXDOMAIN exists in cache for a name with fewer labels than the qname, send NXDOMAIN without doing a lookup (see RFC 8020) -# -# nothing-below-nxdomain=dnssec - -################################# -# nsec3-max-iterations Maximum number of iterations allowed for an NSEC3 record -# -# nsec3-max-iterations=150 - -################################# -# packetcache-servfail-ttl maximum number of seconds to keep a cached servfail entry in packetcache -# -# packetcache-servfail-ttl=60 - -################################# -# packetcache-ttl maximum number of seconds to keep a cached entry in packetcache -# -# packetcache-ttl=3600 - -################################# -# pdns-distributes-queries If PowerDNS itself should distribute queries over threads -# -# pdns-distributes-queries=yes - -################################# -# processes Launch this number of processes (EXPERIMENTAL, DO NOT CHANGE) -# -# processes=1 - -################################# -# protobuf-use-kernel-timestamp Compute the latency of queries in protobuf messages by using the timestamp set by the kernel when the query was received (when available) -# -# protobuf-use-kernel-timestamp= - -################################# -# proxy-protocol-from A Proxy Protocol header is only allowed from these subnets -# -# proxy-protocol-from= - -################################# -# proxy-protocol-maximum-size The maximum size of a proxy protocol payload, including the TLV values -# -# proxy-protocol-maximum-size=512 - -################################# -# public-suffix-list-file Path to the Public Suffix List file, if any -# -# public-suffix-list-file= - -################################# -# qname-minimization Use Query Name Minimization -# -# qname-minimization=yes - -################################# -# query-local-address Source IP address for sending queries -# -# query-local-address=0.0.0.0 - -################################# -# quiet Suppress logging of questions and answers -# -# quiet= - -################################# -# record-cache-shards Number of shards in the record cache -# -# record-cache-shards=1024 - -################################# -# refresh-on-ttl-perc If a record is requested from the cache and only this % of original TTL remains, refetch -# -# refresh-on-ttl-perc=0 - -################################# -# reuseport Enable SO_REUSEPORT allowing multiple recursors processes to listen to 1 address -# -# reuseport=no - -################################# -# rng Specify random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom. -# -# rng=auto - -################################# -# root-nx-trust If set, believe that an NXDOMAIN from the root means the TLD does not exist -# -# root-nx-trust=yes - -################################# -# security-poll-suffix Domain name from which to query security update notifications -# -# security-poll-suffix=secpoll.powerdns.com. - -################################# -# serve-rfc1918 If we should be authoritative for RFC 1918 private IP space -# -# serve-rfc1918=yes - -################################# -# server-down-max-fails Maximum number of consecutive timeouts (and unreachables) to mark a server as down ( 0 => disabled ) -# -# server-down-max-fails=64 - -################################# -# server-down-throttle-time Number of seconds to throttle all queries to a server after being marked as down -# -# server-down-throttle-time=60 - -################################# -# server-id Returned when queried for 'id.server' TXT or NSID, defaults to hostname, set custom or 'disabled' -# -# server-id= - -################################# -# setgid If set, change group id to this gid for more security. When running inside systemd, use the User and Group settings in the unit-file! -# -# setgid= - -################################# -# setuid If set, change user id to this uid for more security. When running inside systemd, use the User and Group settings in the unit-file! -# -# setuid= - -################################# -# signature-inception-skew Allow the signature inception to be off by this number of seconds -# -# signature-inception-skew=60 - -################################# -# single-socket If set, only use a single socket for outgoing queries -# -# single-socket=off - -################################# -# snmp-agent If set, register as an SNMP agent -# -# snmp-agent=no - -################################# -# snmp-daemon-socket If set and snmp-agent is set, the socket to use to register to the SNMP daemon -# -# snmp-daemon-socket= - -################################# -# snmp-master-socket If set and snmp-agent is set, the socket to use to register to the SNMP daemon (deprecated) -# -# snmp-master-socket= - -################################# -# soa-minimum-ttl Don't change -# -# soa-minimum-ttl=0 - -################################# -# socket-dir Where the controlsocket will live, /var/run/pdns-recursor when unset and not chrooted. Set to the RUNTIME_DIRECTORY environment variable when that variable has a value (e.g. under systemd). -# -# socket-dir= - -################################# -# socket-group Group of socket -# -# socket-group= - -################################# -# socket-mode Permissions for socket -# -# socket-mode= - -################################# -# socket-owner Owner of socket -# -# socket-owner= - -################################# -# spoof-nearmiss-max If non-zero, assume spoofing after this many near misses -# -# spoof-nearmiss-max=1 - -################################# -# stack-size stack size per mthread -# -# stack-size=200000 - -################################# -# statistics-interval Number of seconds between printing of recursor statistics, 0 to disable -# -# statistics-interval=1800 - -################################# -# stats-api-blacklist List of statistics that are disabled when retrieving the complete list of statistics via the API (deprecated) -# -# stats-api-blacklist=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128 - -################################# -# stats-api-disabled-list List of statistics that are disabled when retrieving the complete list of statistics via the API -# -# stats-api-disabled-list=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128 - -################################# -# stats-carbon-blacklist List of statistics that are prevented from being exported via Carbon (deprecated) -# -# stats-carbon-blacklist=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128, cumul-clientanswers, cumul-authanswers, policy-hits - -################################# -# stats-carbon-disabled-list List of statistics that are prevented from being exported via Carbon -# -# stats-carbon-disabled-list=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128, cumul-clientanswers, cumul-authanswers, policy-hits - -################################# -# stats-rec-control-blacklist List of statistics that are prevented from being exported via rec_control get-all (deprecated) -# -# stats-rec-control-blacklist=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128, cumul-clientanswers, cumul-authanswers, policy-hits - -################################# -# stats-rec-control-disabled-list List of statistics that are prevented from being exported via rec_control get-all -# -# stats-rec-control-disabled-list=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128, cumul-clientanswers, cumul-authanswers, policy-hits - -################################# -# stats-ringbuffer-entries maximum number of packets to store statistics for -# -# stats-ringbuffer-entries=10000 - -################################# -# stats-snmp-blacklist List of statistics that are prevented from being exported via SNMP (deprecated) -# -# stats-snmp-blacklist=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128, cumul-clientanswers, cumul-authanswers, policy-hits - -################################# -# stats-snmp-disabled-list List of statistics that are prevented from being exported via SNMP -# -# stats-snmp-disabled-list=cache-bytes, packetcache-bytes, special-memory-usage, ecs-v4-response-bits-1, ecs-v4-response-bits-2, ecs-v4-response-bits-3, ecs-v4-response-bits-4, ecs-v4-response-bits-5, ecs-v4-response-bits-6, ecs-v4-response-bits-7, ecs-v4-response-bits-8, ecs-v4-response-bits-9, ecs-v4-response-bits-10, ecs-v4-response-bits-11, ecs-v4-response-bits-12, ecs-v4-response-bits-13, ecs-v4-response-bits-14, ecs-v4-response-bits-15, ecs-v4-response-bits-16, ecs-v4-response-bits-17, ecs-v4-response-bits-18, ecs-v4-response-bits-19, ecs-v4-response-bits-20, ecs-v4-response-bits-21, ecs-v4-response-bits-22, ecs-v4-response-bits-23, ecs-v4-response-bits-24, ecs-v4-response-bits-25, ecs-v4-response-bits-26, ecs-v4-response-bits-27, ecs-v4-response-bits-28, ecs-v4-response-bits-29, ecs-v4-response-bits-30, ecs-v4-response-bits-31, ecs-v4-response-bits-32, ecs-v6-response-bits-1, ecs-v6-response-bits-2, ecs-v6-response-bits-3, ecs-v6-response-bits-4, ecs-v6-response-bits-5, ecs-v6-response-bits-6, ecs-v6-response-bits-7, ecs-v6-response-bits-8, ecs-v6-response-bits-9, ecs-v6-response-bits-10, ecs-v6-response-bits-11, ecs-v6-response-bits-12, ecs-v6-response-bits-13, ecs-v6-response-bits-14, ecs-v6-response-bits-15, ecs-v6-response-bits-16, ecs-v6-response-bits-17, ecs-v6-response-bits-18, ecs-v6-response-bits-19, ecs-v6-response-bits-20, ecs-v6-response-bits-21, ecs-v6-response-bits-22, ecs-v6-response-bits-23, ecs-v6-response-bits-24, ecs-v6-response-bits-25, ecs-v6-response-bits-26, ecs-v6-response-bits-27, ecs-v6-response-bits-28, ecs-v6-response-bits-29, ecs-v6-response-bits-30, ecs-v6-response-bits-31, ecs-v6-response-bits-32, ecs-v6-response-bits-33, ecs-v6-response-bits-34, ecs-v6-response-bits-35, ecs-v6-response-bits-36, ecs-v6-response-bits-37, ecs-v6-response-bits-38, ecs-v6-response-bits-39, ecs-v6-response-bits-40, ecs-v6-response-bits-41, ecs-v6-response-bits-42, ecs-v6-response-bits-43, ecs-v6-response-bits-44, ecs-v6-response-bits-45, ecs-v6-response-bits-46, ecs-v6-response-bits-47, ecs-v6-response-bits-48, ecs-v6-response-bits-49, ecs-v6-response-bits-50, ecs-v6-response-bits-51, ecs-v6-response-bits-52, ecs-v6-response-bits-53, ecs-v6-response-bits-54, ecs-v6-response-bits-55, ecs-v6-response-bits-56, ecs-v6-response-bits-57, ecs-v6-response-bits-58, ecs-v6-response-bits-59, ecs-v6-response-bits-60, ecs-v6-response-bits-61, ecs-v6-response-bits-62, ecs-v6-response-bits-63, ecs-v6-response-bits-64, ecs-v6-response-bits-65, ecs-v6-response-bits-66, ecs-v6-response-bits-67, ecs-v6-response-bits-68, ecs-v6-response-bits-69, ecs-v6-response-bits-70, ecs-v6-response-bits-71, ecs-v6-response-bits-72, ecs-v6-response-bits-73, ecs-v6-response-bits-74, ecs-v6-response-bits-75, ecs-v6-response-bits-76, ecs-v6-response-bits-77, ecs-v6-response-bits-78, ecs-v6-response-bits-79, ecs-v6-response-bits-80, ecs-v6-response-bits-81, ecs-v6-response-bits-82, ecs-v6-response-bits-83, ecs-v6-response-bits-84, ecs-v6-response-bits-85, ecs-v6-response-bits-86, ecs-v6-response-bits-87, ecs-v6-response-bits-88, ecs-v6-response-bits-89, ecs-v6-response-bits-90, ecs-v6-response-bits-91, ecs-v6-response-bits-92, ecs-v6-response-bits-93, ecs-v6-response-bits-94, ecs-v6-response-bits-95, ecs-v6-response-bits-96, ecs-v6-response-bits-97, ecs-v6-response-bits-98, ecs-v6-response-bits-99, ecs-v6-response-bits-100, ecs-v6-response-bits-101, ecs-v6-response-bits-102, ecs-v6-response-bits-103, ecs-v6-response-bits-104, ecs-v6-response-bits-105, ecs-v6-response-bits-106, ecs-v6-response-bits-107, ecs-v6-response-bits-108, ecs-v6-response-bits-109, ecs-v6-response-bits-110, ecs-v6-response-bits-111, ecs-v6-response-bits-112, ecs-v6-response-bits-113, ecs-v6-response-bits-114, ecs-v6-response-bits-115, ecs-v6-response-bits-116, ecs-v6-response-bits-117, ecs-v6-response-bits-118, ecs-v6-response-bits-119, ecs-v6-response-bits-120, ecs-v6-response-bits-121, ecs-v6-response-bits-122, ecs-v6-response-bits-123, ecs-v6-response-bits-124, ecs-v6-response-bits-125, ecs-v6-response-bits-126, ecs-v6-response-bits-127, ecs-v6-response-bits-128, cumul-clientanswers, cumul-authanswers, policy-hits - -################################# -# structured-logging Prefer structured logging -# -# structured-logging=yes - -################################# -# tcp-fast-open Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size -# -# tcp-fast-open=0 - -################################# -# tcp-fast-open-connect Enable TCP Fast Open support on outgoing sockets -# -# tcp-fast-open-connect=no - -################################# -# tcp-out-max-idle-ms Time TCP/DoT connections are left idle in milliseconds or 0 if no limit -# -# tcp-out-max-idle-ms=10000 - -################################# -# tcp-out-max-idle-per-auth Maximum number of idle TCP/DoT connections to a specific IP per thread, 0 means do not keep idle connections open -# -# tcp-out-max-idle-per-auth=10 - -################################# -# tcp-out-max-idle-per-thread Maximum number of idle TCP/DoT connections per thread -# -# tcp-out-max-idle-per-thread=100 - -################################# -# tcp-out-max-queries Maximum total number of queries per TCP/DoT connection, 0 means no limit -# -# tcp-out-max-queries=0 - -################################# -# threads Launch this number of threads -# -# threads=2 - -################################# -# trace if we should output heaps of logging. set to 'fail' to only log failing domains -# -# trace=off - -################################# -# udp-source-port-avoid List of comma separated UDP port number to avoid -# -# udp-source-port-avoid=11211 - -################################# -# udp-source-port-max Maximum UDP port to bind on -# -# udp-source-port-max=65535 - -################################# -# udp-source-port-min Minimum UDP port to bind on -# -# udp-source-port-min=1024 - -################################# -# udp-truncation-threshold Maximum UDP response size before we truncate -# -# udp-truncation-threshold=1232 - -################################# -# unique-response-db-size Size of the DB used to track unique responses in terms of number of cells. Defaults to 67108864 -# -# unique-response-db-size=67108864 - -################################# -# unique-response-history-dir Persist unique response tracking data here to persist between restarts -# -# unique-response-history-dir=/var/lib/pdns-recursor/udr - -################################# -# unique-response-log Log unique responses -# -# unique-response-log=yes - -################################# -# unique-response-pb-tag If protobuf is configured, the tag to use for messages containing unique DNS responses. Defaults to 'pdns-udr' -# -# unique-response-pb-tag=pdns-udr - -################################# -# unique-response-tracking Track unique responses (tuple of query name, type and RR). -# -# unique-response-tracking=no - -################################# -# use-incoming-edns-subnet Pass along received EDNS Client Subnet information -# -# use-incoming-edns-subnet=no - -################################# -# version-string string reported on version.pdns or version.bind -# -# version-string=PowerDNS Recursor 4.6.0 - -################################# -# webserver Start a webserver (for REST API) -# -# webserver=no - -################################# -# webserver-address IP Address of webserver to listen on -# -# webserver-address=127.0.0.1 - -################################# -# webserver-allow-from Webserver access is only allowed from these subnets -# -# webserver-allow-from=127.0.0.1,::1 - -################################# -# webserver-hash-plaintext-credentials Whether to hash passwords and api keys supplied in plaintext, to prevent keeping the plaintext version in memory at runtime -# -# webserver-hash-plaintext-credentials=no - -################################# -# webserver-loglevel Amount of logging in the webserver (none, normal, detailed) -# -# webserver-loglevel=normal - -################################# -# webserver-password Password required for accessing the webserver -# -# webserver-password= - -################################# -# webserver-port Port of webserver to listen on -# -# webserver-port=8082 - -################################# -# write-pid Write a PID file -# -# write-pid=yes - -################################# -# x-dnssec-names Collect DNSSEC statistics for names or suffixes in this list in separate x-dnssec counters -# -# x-dnssec-names= - -################################# -# xpf-allow-from XPF information is only processed from these subnets -# -# xpf-allow-from= - -################################# -# xpf-rr-code XPF option code to use -# -# xpf-rr-code=0 +######### SECTION carbon ######### +carbon: +##### If set overwrites the instance name default +# instance: recursor +##### Number of seconds between carbon (graphite) updates +# interval: 30 +##### If set overwrites the first part of the carbon string +# ns: pdns +##### If set, overrides our reported hostname for carbon stats +# ourname: '' +##### If set, send metrics in carbon (graphite) format to this server IP address +# server: [] + +######### SECTION dnssec ######### +dnssec: +##### Maximum estimated NSEC3 cost for a given query to consider aggressive use of the NSEC3 cache +# aggressive_cache_max_nsec3_hash_cost: 150 +##### The minimum expected hit ratio to store NSEC3 records into the aggressive cache +# aggressive_cache_min_nsec3_hit_ratio: 2000 +##### The number of records to cache in the aggressive cache. If set to a value greater than 0, and DNSSEC processing or validation is enabled, the recursor will cache NSEC and NSEC3 records to generate negative answers, as defined in rfc8198 +# aggressive_nsec_cache_size: 100000 +##### List of DNSSEC algorithm numbers that are considered unsupported +# disabled_algorithms: [] +##### Log DNSSEC bogus validations +# log_bogus: false +##### Maximum number of DNSKEYs with the same algorithm and tag to consider when validating a given record +# max_dnskeys: 2 +##### Maximum number of DS records to consider per zone +# max_ds_per_zone: 8 +##### Maximum number of NSEC3 hashes that we are willing to compute during DNSSEC validation, per incoming query +# max_nsec3_hash_computations_per_query: 600 +##### Maximum number of NSEC3s to consider when validating a given denial of existence +# max_nsec3s_per_record: 10 +##### Maximum number of RRSIGs to consider when validating a given record +# max_rrsigs_per_record: 2 +##### Maximum number of RRSIG signatures we are willing to validate per incoming query +# max_signature_validations_per_query: 30 +##### +# negative_trustanchors: [] +##### Maximum number of iterations allowed for an NSEC3 record +# nsec3_max_iterations: 50 +##### Allow the signature inception to be off by this number of seconds +# signature_inception_skew: 60 +##### A path to a zone file containing trust anchors +# trustanchorfile: '' +##### +# trustanchorfile_interval: 24 +##### Sequence of trust anchors +# trustanchors: [] +##### DNSSEC mode: off/process-no-validate/process (default)/log-fail/validate +# validation: process +##### Collect DNSSEC statistics for names or suffixes in this list in separate x-dnssec counters +# x_dnssec_names: [] + +######### SECTION ecs ######### +ecs: +##### List of client netmasks for which EDNS Client Subnet will be added +# add_for: +# - 0.0.0.0/0 +# - ::/0 +# - '!127.0.0.0/8' +# - '!10.0.0.0/8' +# - '!100.64.0.0/10' +# - '!169.254.0.0/16' +# - '!192.168.0.0/16' +# - '!172.16.0.0/12' +# - '!::1/128' +# - '!fc00::/7' +# - '!fe80::/10' +##### Minimum TTL to cache ECS response +# cache_limit_ttl: 0 +##### Number of bits of IPv4 address to pass for EDNS Client Subnet +# ipv4_bits: 24 +##### Maximum number of bits of IPv4 mask to cache ECS response +# ipv4_cache_bits: 24 +##### If we should never cache IPv4 ECS responses +# ipv4_never_cache: false +##### Number of bits of IPv6 address to pass for EDNS Client Subnet +# ipv6_bits: 56 +##### Maximum number of bits of IPv6 mask to cache ECS response +# ipv6_cache_bits: 56 +##### If we should never cache IPv6 ECS responses +# ipv6_never_cache: false +##### The minimum TTL for records in ECS-specific answers +# minimum_ttl_override: 1 +##### Address to send to allow-listed authoritative servers for incoming queries with ECS prefix-length source of 0 +# scope_zero_address: '' + +######### SECTION incoming ######### +incoming: +##### If set, only allow these comma separated netmasks to recurse +# allow_from: +# - 127.0.0.0/8 +# - 10.0.0.0/8 +# - 100.64.0.0/10 +# - 169.254.0.0/16 +# - 192.168.0.0/16 +# - 172.16.0.0/12 +# - ::1/128 +# - fc00::/7 +# - fe80::/10 +##### If set, load allowed netmasks from this file +# allow_from_file: '' +##### Allow 'no recursion desired (RD=0)' queries. +# allow_no_rd: false +##### If set, NOTIFY requests for these zones will be allowed +# allow_notify_for: [] +##### If set, load NOTIFY-allowed zones from this file +# allow_notify_for_file: '' +##### If set, NOTIFY requests from these comma separated netmasks will be allowed +# allow_notify_from: [] +##### If set, load NOTIFY-allowed netmasks from this file +# allow_notify_from_file: '' +##### The load factor used when PowerDNS is distributing queries to worker threads +# distribution_load_factor: 0.0 +##### Size in bytes of the internal buffer of the pipe used by the distributor to pass incoming queries to a worker thread +# distribution_pipe_buffer_size: 0 +##### Launch this number of distributor threads, distributing queries to other threads +# distributor_threads: 0 +##### List of netmasks (proxy IP in case of proxy-protocol presence, client IP otherwise) for which EDNS padding will be enabled in responses, provided that 'edns-padding-mode' applies +# edns_padding_from: [] +##### Whether to add EDNS padding to all responses ('always') or only to responses for queries containing the EDNS padding option ('padded-queries-only', the default). In both modes, padding will only be added to responses for queries coming from 'setting-edns-padding-from' sources +# edns_padding_mode: padded-queries-only +##### Packetcache tag associated to responses sent with EDNS padding, to prevent sending these to clients for which padding is not enabled. +# edns_padding_tag: 7830 +##### If EDNS Options should be extracted before calling the gettag() hook +# gettag_needs_edns_options: false +##### IP addresses to listen on, separated by spaces or commas. Also accepts ports. +# listen: +# - 127.0.0.1 +##### Maximum number of requests handled concurrently per TCP connection +# max_concurrent_requests_per_tcp_connection: 10 +##### Maximum number of simultaneous TCP clients +# max_tcp_clients: 128 +##### If set, maximum number of TCP sessions per client (IP address) +# max_tcp_per_client: 0 +##### If set, maximum number of TCP queries in a TCP connection +# max_tcp_queries_per_connection: 0 +##### Maximum number of UDP queries processed per recvmsg() round, before returning back to normal processing +# max_udp_queries_per_round: 10000 +##### Enable binding to non-local addresses by using FREEBIND / BINDANY socket options +# non_local_bind: false +##### If PowerDNS itself should distribute queries over threads +# pdns_distributes_queries: false +##### port to listen on +# port: 53 +##### A Proxy Protocol header should not be used for these listen addresses. +# proxy_protocol_exceptions: [] +##### A Proxy Protocol header is required from these subnets +# proxy_protocol_from: [] +##### The maximum size of a proxy protocol payload, including the TLV values +# proxy_protocol_maximum_size: 512 +##### Sequence of ProxyMapping +# proxymappings: [] +##### Enable SO_REUSEPORT allowing multiple recursors processes to listen to 1 address +# reuseport: true +##### Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size +# tcp_fast_open: 0 +##### Timeout in seconds when talking to TCP clients +# tcp_timeout: 2 +##### Maximum UDP response size before we truncate +# udp_truncation_threshold: 1232 +##### Pass along received EDNS Client Subnet information +# use_incoming_edns_subnet: false + +######### SECTION logging ######### +logging: +##### If we should log rather common errors +# common_errors: false +##### Disable logging to syslog, useful when running inside a supervisor that logs stderr +# disable_syslog: false +##### +# dnstap_framestream_servers: [] +##### +# dnstap_nod_framestream_servers: [] +##### Facility to log messages as. 0 corresponds to local0 +# facility: '' +##### Amount of logging. Higher is more. Do not set below 3 +# loglevel: 6 +##### +# outgoing_protobuf_servers: [] +##### +# protobuf_servers: [] +##### Compute the latency of queries in protobuf messages by using the timestamp set by the kernel when the query was received (when available) +# protobuf_use_kernel_timestamp: false +##### Suppress logging of questions and answers +# quiet: true +##### Log additions and removals to RPZ zones at Info level +# rpz_changes: false +##### Number of seconds between printing of recursor statistics, 0 to disable +# statistics_interval: 1800 +##### Prefer structured logging +# structured_logging: true +##### Structured logging backend +# structured_logging_backend: default +##### Print timestamps in log lines, useful to disable when running with a tool that timestamps stderr already +# timestamp: true +##### if we should output heaps of logging. set to 'fail' to only log failing domains +# trace: no + +######### SECTION nod ######### +nod: +##### Size of the DB used to track new domains in terms of number of cells. Defaults to 67108864 +# db_size: 67108864 +##### Interval (in seconds) to write the NOD and UDR DB snapshots +# db_snapshot_interval: 600 +##### Persist new domain tracking data here to persist between restarts +# history_dir: /var/lib/pdns-recursor/nod +##### List of domains (and implicitly all subdomains) which will never be considered a new domain +# ignore_list: [] +##### File with a list of domains (and implicitly all subdomains) which will never be considered a new domain +# ignore_list_file: '' +##### Log newly observed domains. +# log: true +##### Perform a DNS lookup newly observed domains as a subdomain of the configured domain +# lookup: '' +##### If protobuf is configured, the tag to use for messages containing newly observed domains. Defaults to 'pdns-nod' +# pb_tag: pdns-nod +##### Track newly observed domains (i.e. never seen before). +# tracking: false +##### Size of the DB used to track unique responses in terms of number of cells. Defaults to 67108864 +# unique_response_db_size: 67108864 +##### Persist unique response tracking data here to persist between restarts +# unique_response_history_dir: /var/lib/pdns-recursor/udr +##### List of domains (and implicitly all subdomains) which will never be considered for UDR +# unique_response_ignore_list: [] +##### File with list of domains (and implicitly all subdomains) which will never be considered for UDR +# unique_response_ignore_list_file: '' +##### Log unique responses +# unique_response_log: true +##### If protobuf is configured, the tag to use for messages containing unique DNS responses. Defaults to 'pdns-udr' +# unique_response_pb_tag: pdns-udr +##### Track unique responses (tuple of query name, type and RR). +# unique_response_tracking: false + +######### SECTION outgoing ######### +outgoing: +##### Determines the probability of a server marked down to be used anyway +# bypass_server_throttling_probability: 25 +##### If set, do not query these netmasks for DNS data +# dont_query: +# - 127.0.0.0/8 +# - 10.0.0.0/8 +# - 100.64.0.0/10 +# - 169.254.0.0/16 +# - 192.168.0.0/16 +# - 172.16.0.0/12 +# - ::1/128 +# - fc00::/7 +# - fe80::/10 +# - 0.0.0.0/8 +# - 192.0.0.0/24 +# - 192.0.2.0/24 +# - 198.51.100.0/24 +# - 203.0.113.0/24 +# - 240.0.0.0/4 +# - ::/96 +# - ::ffff:0:0/96 +# - 100::/64 +# - 2001:db8::/32 +##### Do not throttle nameservers with this name or suffix +# dont_throttle_names: [] +##### Do not throttle nameservers with this IP netmask +# dont_throttle_netmasks: [] +##### Use DoT to authoritative servers with these names or suffixes +# dot_to_auth_names: [] +##### Force DoT connection to target port 853 if DoT compiled in +# dot_to_port_853: true +##### Outgoing EDNS buffer size +# edns_bufsize: 1232 +##### Whether to add EDNS padding to outgoing DoT messages +# edns_padding: true +##### List of netmasks and domains that we should enable EDNS subnet for +# edns_subnet_allow_list: [] +##### Force outgoing questions to lowercase +# lowercase: false +##### Maximum number of concurrent DoT probes +# max_busy_dot_probes: 0 +##### Maximum outgoing NS address queries per query +# max_ns_address_qperq: 10 +##### Maximum number of NS records to consider to resolve a name, 0 is no limit +# max_ns_per_resolve: 13 +##### Maximum outgoing queries per query +# max_qperq: 50 +##### Wait this number of milliseconds for network i/o +# network_timeout: 1500 +##### Number of failed address resolves of a nameserver to start throttling it, 0 is disabled +# non_resolving_ns_max_fails: 5 +##### Number of seconds to throttle a nameserver with a name failing to resolve +# non_resolving_ns_throttle_time: 60 +##### Maximum number of consecutive timeouts (and unreachables) to mark a server as down ( 0 => disabled ) +# server_down_max_fails: 64 +##### Number of seconds to throttle all queries to a server after being marked as down +# server_down_throttle_time: 60 +##### If set, only use a single socket for outgoing queries +# single_socket: false +##### Source IP address for sending queries +# source_address: +# - 0.0.0.0 +##### Enable TCP Fast Open support on outgoing sockets +# tcp_fast_open_connect: false +##### Time TCP/DoT connections are left idle in milliseconds or 0 if no limit +# tcp_max_idle_ms: 10000 +##### Maximum number of idle TCP/DoT connections to a specific IP per thread, 0 means do not keep idle connections open +# tcp_max_idle_per_auth: 10 +##### Maximum number of idle TCP/DoT connections per thread +# tcp_max_idle_per_thread: 100 +##### Maximum total number of queries per TCP/DoT connection, 0 means no limit +# tcp_max_queries: 0 +##### List of comma separated UDP port number to avoid +# udp_source_port_avoid: +# - '11211' +##### Maximum UDP port to bind on +# udp_source_port_max: 65535 +##### Minimum UDP port to bind on +# udp_source_port_min: 1024 + +######### SECTION packetcache ######### +packetcache: +##### Disable packetcache +# disable: false +##### maximum number of entries to keep in the packetcache +# max_entries: 500000 +##### maximum number of seconds to keep a cached NxDomain or NoData entry in packetcache +# negative_ttl: 60 +##### maximum number of seconds to keep a cached servfail entry in packetcache +# servfail_ttl: 60 +##### Number of shards in the packet cache +# shards: 1024 +##### maximum number of seconds to keep a cached entry in packetcache +# ttl: 86400 + +######### SECTION recordcache ######### +recordcache: +##### Replace records in record cache only after this % of original TTL has passed +# locked_ttl_perc: 0 +##### maximum number of seconds to keep a Bogus (positive or negative) cached entry in memory +# max_cache_bogus_ttl: 3600 +##### If set, maximum number of entries in the main cache +# max_entries: 1000000 +##### maximum number of seconds to keep a negative cached entry in memory +# max_negative_ttl: 3600 +##### maximum number of seconds to keep a cached entry in memory +# max_ttl: 86400 +##### If a record is requested from the cache and only this % of original TTL remains, refetch +# refresh_on_ttl_perc: 0 +##### Number of times a record's ttl is extended by 30s to be served stale +# serve_stale_extensions: 0 +##### Number of shards in the record cache +# shards: 1024 +##### Sequence of ZoneToCache entries +# zonetocaches: [] + +######### SECTION recursor ######### +recursor: +##### Allow queries for trustanchor.server CH TXT and negativetrustanchor.server CH TXT +# allow_trust_anchor_query: false +##### +# allowed_additional_qtypes: [] +##### Answer ANY queries with tc=1, shunting to TCP +# any_to_tcp: false +##### Zones for which we have authoritative data, comma separated domain=file pairs +# auth_zones: [] +##### switch to chroot jail +# chroot: '' +##### Location of configuration directory (recursor.conf or recursor.yml) +# config_dir: /etc/powerdns +##### Name of this virtual configuration - will rename the binary image +# config_name: '' +##### Thread to CPU mapping, space separated thread-id=cpu1,cpu2..cpuN pairs +# cpu_map: '' +##### Operate as a daemon +# daemon: false +##### internal use only +# devonly_regression_test_mode: false +##### DNS64 prefix +# dns64_prefix: '' +##### Path to 'hosts' file +# etc_hosts_file: /etc/hosts +##### If set, event traces are collected and send out via protobuf logging (1), logfile (2) or both(3) +# event_trace_enabled: 0 +##### If we should serve up contents from /etc/hosts +# export_etc_hosts: false +##### Also serve up the contents of /etc/hosts with this suffix +# export_etc_hosts_search_suffix: '' +##### If set, send an EDNS Extended Error extension on resolution failures, like DNSSEC validation errors +# extended_resolution_errors: true +##### Zones for which we forward queries, comma separated domain=ip pairs +# forward_zones: [] +##### File with (+)domain=ip pairs for forwarding +# forward_zones_file: '' +##### Zones for which we forward queries with recursion bit, comma separated domain=ip pairs +# forward_zones_recurse: [] +##### If set, load root hints from this file +# hint_file: '' +##### Configuration settings to ignore if they are unknown +# ignore_unknown_settings: [] +##### Include *.conf files from this directory +# include_dir: '' +##### Number of latency values to calculate the qa-latency average +# latency_statistic_size: 10000 +##### More powerful configuration options +# lua_config_file: '' +##### Filename containing an optional Lua script that will be used to modify dns answers +# lua_dns_script: '' +##### Number of seconds between calls to the lua user defined maintenance() function +# lua_maintenance_interval: 1 +##### maximum number of queries that can be chained to an outgoing request, 0 is no limit +# max_chain_length: 0 +##### Maximum number CNAME records followed +# max_cnames_followed: 10 +##### Maximum number of $GENERATE steps when loading a zone from a file +# max_generate_steps: 0 +##### Maximum nested $INCLUDE depth when loading a zone from a file +# max_include_depth: 20 +##### Maximum number of simultaneous Mtasker threads +# max_mthreads: 2048 +##### Maximum number of internal recursion calls per query, 0 for unlimited +# max_recursion_depth: 16 +##### Maximum total wall-clock time per query in milliseconds, 0 for unlimited +# max_total_msec: 7000 +##### The minimum TTL +# minimum_ttl_override: 1 +##### When an NXDOMAIN exists in cache for a name with fewer labels than the qname, send NXDOMAIN without doing a lookup (see RFC 8020) +# nothing_below_nxdomain: dnssec +##### Path to the Public Suffix List file, if any +# public_suffix_list_file: '' +##### RFC9156 max minimize count +# qname_max_minimize_count: 10 +##### Use Query Name Minimization +# qname_minimization: true +##### RFC9156 minimize one label parameter +# qname_minimize_one_label: 4 +##### If set, believe that an NXDOMAIN from the root means the TLD does not exist +# root_nx_trust: true +##### Sequence of RPZ entries +# rpzs: [] +##### Save parent NS set to be used if child NS set fails +# save_parent_ns_set: true +##### Domain name from which to query security update notifications +# security_poll_suffix: secpoll.powerdns.com. +##### If we should be authoritative for RFC 1918 private IP space +# serve_rfc1918: true +##### Returned when queried for 'id.server' TXT or NSID, defaults to hostname, set custom or 'disabled' +# server_id: '*runtime determined*' +##### If set, change group id to this gid for more security +# setgid: '' +##### If set, change user id to this uid for more security +# setuid: '' +##### Where the controlsocket will live, /var/run/pdns-recursor when unset and not chrooted +# socket_dir: '' +##### Group of socket +# socket_group: '' +##### Permissions for socket +# socket_mode: '' +##### Owner of socket +# socket_owner: '' +##### Sequence of sort lists +# sortlists: [] +##### If non-zero, assume spoofing after this many near misses +# spoof_nearmiss_max: 1 +##### Size of the stack cache, per mthread +# stack_cache_size: 100 +##### stack size per mthread +# stack_size: 200000 +##### List of statistics that are disabled when retrieving the complete list of statistics via the API +# stats_api_disabled_list: +# - cache-bytes +# - packetcache-bytes +# - special-memory-usage +# - ecs-v4-response-bits-1 +# - ecs-v4-response-bits-2 +# - ecs-v4-response-bits-3 +# - ecs-v4-response-bits-4 +# - ecs-v4-response-bits-5 +# - ecs-v4-response-bits-6 +# - ecs-v4-response-bits-7 +# - ecs-v4-response-bits-8 +# - ecs-v4-response-bits-9 +# - ecs-v4-response-bits-10 +# - ecs-v4-response-bits-11 +# - ecs-v4-response-bits-12 +# - ecs-v4-response-bits-13 +# - ecs-v4-response-bits-14 +# - ecs-v4-response-bits-15 +# - ecs-v4-response-bits-16 +# - ecs-v4-response-bits-17 +# - ecs-v4-response-bits-18 +# - ecs-v4-response-bits-19 +# - ecs-v4-response-bits-20 +# - ecs-v4-response-bits-21 +# - ecs-v4-response-bits-22 +# - ecs-v4-response-bits-23 +# - ecs-v4-response-bits-24 +# - ecs-v4-response-bits-25 +# - ecs-v4-response-bits-26 +# - ecs-v4-response-bits-27 +# - ecs-v4-response-bits-28 +# - ecs-v4-response-bits-29 +# - ecs-v4-response-bits-30 +# - ecs-v4-response-bits-31 +# - ecs-v4-response-bits-32 +# - ecs-v6-response-bits-1 +# - ecs-v6-response-bits-2 +# - ecs-v6-response-bits-3 +# - ecs-v6-response-bits-4 +# - ecs-v6-response-bits-5 +# - ecs-v6-response-bits-6 +# - ecs-v6-response-bits-7 +# - ecs-v6-response-bits-8 +# - ecs-v6-response-bits-9 +# - ecs-v6-response-bits-10 +# - ecs-v6-response-bits-11 +# - ecs-v6-response-bits-12 +# - ecs-v6-response-bits-13 +# - ecs-v6-response-bits-14 +# - ecs-v6-response-bits-15 +# - ecs-v6-response-bits-16 +# - ecs-v6-response-bits-17 +# - ecs-v6-response-bits-18 +# - ecs-v6-response-bits-19 +# - ecs-v6-response-bits-20 +# - ecs-v6-response-bits-21 +# - ecs-v6-response-bits-22 +# - ecs-v6-response-bits-23 +# - ecs-v6-response-bits-24 +# - ecs-v6-response-bits-25 +# - ecs-v6-response-bits-26 +# - ecs-v6-response-bits-27 +# - ecs-v6-response-bits-28 +# - ecs-v6-response-bits-29 +# - ecs-v6-response-bits-30 +# - ecs-v6-response-bits-31 +# - ecs-v6-response-bits-32 +# - ecs-v6-response-bits-33 +# - ecs-v6-response-bits-34 +# - ecs-v6-response-bits-35 +# - ecs-v6-response-bits-36 +# - ecs-v6-response-bits-37 +# - ecs-v6-response-bits-38 +# - ecs-v6-response-bits-39 +# - ecs-v6-response-bits-40 +# - ecs-v6-response-bits-41 +# - ecs-v6-response-bits-42 +# - ecs-v6-response-bits-43 +# - ecs-v6-response-bits-44 +# - ecs-v6-response-bits-45 +# - ecs-v6-response-bits-46 +# - ecs-v6-response-bits-47 +# - ecs-v6-response-bits-48 +# - ecs-v6-response-bits-49 +# - ecs-v6-response-bits-50 +# - ecs-v6-response-bits-51 +# - ecs-v6-response-bits-52 +# - ecs-v6-response-bits-53 +# - ecs-v6-response-bits-54 +# - ecs-v6-response-bits-55 +# - ecs-v6-response-bits-56 +# - ecs-v6-response-bits-57 +# - ecs-v6-response-bits-58 +# - ecs-v6-response-bits-59 +# - ecs-v6-response-bits-60 +# - ecs-v6-response-bits-61 +# - ecs-v6-response-bits-62 +# - ecs-v6-response-bits-63 +# - ecs-v6-response-bits-64 +# - ecs-v6-response-bits-65 +# - ecs-v6-response-bits-66 +# - ecs-v6-response-bits-67 +# - ecs-v6-response-bits-68 +# - ecs-v6-response-bits-69 +# - ecs-v6-response-bits-70 +# - ecs-v6-response-bits-71 +# - ecs-v6-response-bits-72 +# - ecs-v6-response-bits-73 +# - ecs-v6-response-bits-74 +# - ecs-v6-response-bits-75 +# - ecs-v6-response-bits-76 +# - ecs-v6-response-bits-77 +# - ecs-v6-response-bits-78 +# - ecs-v6-response-bits-79 +# - ecs-v6-response-bits-80 +# - ecs-v6-response-bits-81 +# - ecs-v6-response-bits-82 +# - ecs-v6-response-bits-83 +# - ecs-v6-response-bits-84 +# - ecs-v6-response-bits-85 +# - ecs-v6-response-bits-86 +# - ecs-v6-response-bits-87 +# - ecs-v6-response-bits-88 +# - ecs-v6-response-bits-89 +# - ecs-v6-response-bits-90 +# - ecs-v6-response-bits-91 +# - ecs-v6-response-bits-92 +# - ecs-v6-response-bits-93 +# - ecs-v6-response-bits-94 +# - ecs-v6-response-bits-95 +# - ecs-v6-response-bits-96 +# - ecs-v6-response-bits-97 +# - ecs-v6-response-bits-98 +# - ecs-v6-response-bits-99 +# - ecs-v6-response-bits-100 +# - ecs-v6-response-bits-101 +# - ecs-v6-response-bits-102 +# - ecs-v6-response-bits-103 +# - ecs-v6-response-bits-104 +# - ecs-v6-response-bits-105 +# - ecs-v6-response-bits-106 +# - ecs-v6-response-bits-107 +# - ecs-v6-response-bits-108 +# - ecs-v6-response-bits-109 +# - ecs-v6-response-bits-110 +# - ecs-v6-response-bits-111 +# - ecs-v6-response-bits-112 +# - ecs-v6-response-bits-113 +# - ecs-v6-response-bits-114 +# - ecs-v6-response-bits-115 +# - ecs-v6-response-bits-116 +# - ecs-v6-response-bits-117 +# - ecs-v6-response-bits-118 +# - ecs-v6-response-bits-119 +# - ecs-v6-response-bits-120 +# - ecs-v6-response-bits-121 +# - ecs-v6-response-bits-122 +# - ecs-v6-response-bits-123 +# - ecs-v6-response-bits-124 +# - ecs-v6-response-bits-125 +# - ecs-v6-response-bits-126 +# - ecs-v6-response-bits-127 +# - ecs-v6-response-bits-128 +##### List of statistics that are prevented from being exported via Carbon +# stats_carbon_disabled_list: +# - cache-bytes +# - packetcache-bytes +# - special-memory-usage +# - ecs-v4-response-bits-1 +# - ecs-v4-response-bits-2 +# - ecs-v4-response-bits-3 +# - ecs-v4-response-bits-4 +# - ecs-v4-response-bits-5 +# - ecs-v4-response-bits-6 +# - ecs-v4-response-bits-7 +# - ecs-v4-response-bits-8 +# - ecs-v4-response-bits-9 +# - ecs-v4-response-bits-10 +# - ecs-v4-response-bits-11 +# - ecs-v4-response-bits-12 +# - ecs-v4-response-bits-13 +# - ecs-v4-response-bits-14 +# - ecs-v4-response-bits-15 +# - ecs-v4-response-bits-16 +# - ecs-v4-response-bits-17 +# - ecs-v4-response-bits-18 +# - ecs-v4-response-bits-19 +# - ecs-v4-response-bits-20 +# - ecs-v4-response-bits-21 +# - ecs-v4-response-bits-22 +# - ecs-v4-response-bits-23 +# - ecs-v4-response-bits-24 +# - ecs-v4-response-bits-25 +# - ecs-v4-response-bits-26 +# - ecs-v4-response-bits-27 +# - ecs-v4-response-bits-28 +# - ecs-v4-response-bits-29 +# - ecs-v4-response-bits-30 +# - ecs-v4-response-bits-31 +# - ecs-v4-response-bits-32 +# - ecs-v6-response-bits-1 +# - ecs-v6-response-bits-2 +# - ecs-v6-response-bits-3 +# - ecs-v6-response-bits-4 +# - ecs-v6-response-bits-5 +# - ecs-v6-response-bits-6 +# - ecs-v6-response-bits-7 +# - ecs-v6-response-bits-8 +# - ecs-v6-response-bits-9 +# - ecs-v6-response-bits-10 +# - ecs-v6-response-bits-11 +# - ecs-v6-response-bits-12 +# - ecs-v6-response-bits-13 +# - ecs-v6-response-bits-14 +# - ecs-v6-response-bits-15 +# - ecs-v6-response-bits-16 +# - ecs-v6-response-bits-17 +# - ecs-v6-response-bits-18 +# - ecs-v6-response-bits-19 +# - ecs-v6-response-bits-20 +# - ecs-v6-response-bits-21 +# - ecs-v6-response-bits-22 +# - ecs-v6-response-bits-23 +# - ecs-v6-response-bits-24 +# - ecs-v6-response-bits-25 +# - ecs-v6-response-bits-26 +# - ecs-v6-response-bits-27 +# - ecs-v6-response-bits-28 +# - ecs-v6-response-bits-29 +# - ecs-v6-response-bits-30 +# - ecs-v6-response-bits-31 +# - ecs-v6-response-bits-32 +# - ecs-v6-response-bits-33 +# - ecs-v6-response-bits-34 +# - ecs-v6-response-bits-35 +# - ecs-v6-response-bits-36 +# - ecs-v6-response-bits-37 +# - ecs-v6-response-bits-38 +# - ecs-v6-response-bits-39 +# - ecs-v6-response-bits-40 +# - ecs-v6-response-bits-41 +# - ecs-v6-response-bits-42 +# - ecs-v6-response-bits-43 +# - ecs-v6-response-bits-44 +# - ecs-v6-response-bits-45 +# - ecs-v6-response-bits-46 +# - ecs-v6-response-bits-47 +# - ecs-v6-response-bits-48 +# - ecs-v6-response-bits-49 +# - ecs-v6-response-bits-50 +# - ecs-v6-response-bits-51 +# - ecs-v6-response-bits-52 +# - ecs-v6-response-bits-53 +# - ecs-v6-response-bits-54 +# - ecs-v6-response-bits-55 +# - ecs-v6-response-bits-56 +# - ecs-v6-response-bits-57 +# - ecs-v6-response-bits-58 +# - ecs-v6-response-bits-59 +# - ecs-v6-response-bits-60 +# - ecs-v6-response-bits-61 +# - ecs-v6-response-bits-62 +# - ecs-v6-response-bits-63 +# - ecs-v6-response-bits-64 +# - ecs-v6-response-bits-65 +# - ecs-v6-response-bits-66 +# - ecs-v6-response-bits-67 +# - ecs-v6-response-bits-68 +# - ecs-v6-response-bits-69 +# - ecs-v6-response-bits-70 +# - ecs-v6-response-bits-71 +# - ecs-v6-response-bits-72 +# - ecs-v6-response-bits-73 +# - ecs-v6-response-bits-74 +# - ecs-v6-response-bits-75 +# - ecs-v6-response-bits-76 +# - ecs-v6-response-bits-77 +# - ecs-v6-response-bits-78 +# - ecs-v6-response-bits-79 +# - ecs-v6-response-bits-80 +# - ecs-v6-response-bits-81 +# - ecs-v6-response-bits-82 +# - ecs-v6-response-bits-83 +# - ecs-v6-response-bits-84 +# - ecs-v6-response-bits-85 +# - ecs-v6-response-bits-86 +# - ecs-v6-response-bits-87 +# - ecs-v6-response-bits-88 +# - ecs-v6-response-bits-89 +# - ecs-v6-response-bits-90 +# - ecs-v6-response-bits-91 +# - ecs-v6-response-bits-92 +# - ecs-v6-response-bits-93 +# - ecs-v6-response-bits-94 +# - ecs-v6-response-bits-95 +# - ecs-v6-response-bits-96 +# - ecs-v6-response-bits-97 +# - ecs-v6-response-bits-98 +# - ecs-v6-response-bits-99 +# - ecs-v6-response-bits-100 +# - ecs-v6-response-bits-101 +# - ecs-v6-response-bits-102 +# - ecs-v6-response-bits-103 +# - ecs-v6-response-bits-104 +# - ecs-v6-response-bits-105 +# - ecs-v6-response-bits-106 +# - ecs-v6-response-bits-107 +# - ecs-v6-response-bits-108 +# - ecs-v6-response-bits-109 +# - ecs-v6-response-bits-110 +# - ecs-v6-response-bits-111 +# - ecs-v6-response-bits-112 +# - ecs-v6-response-bits-113 +# - ecs-v6-response-bits-114 +# - ecs-v6-response-bits-115 +# - ecs-v6-response-bits-116 +# - ecs-v6-response-bits-117 +# - ecs-v6-response-bits-118 +# - ecs-v6-response-bits-119 +# - ecs-v6-response-bits-120 +# - ecs-v6-response-bits-121 +# - ecs-v6-response-bits-122 +# - ecs-v6-response-bits-123 +# - ecs-v6-response-bits-124 +# - ecs-v6-response-bits-125 +# - ecs-v6-response-bits-126 +# - ecs-v6-response-bits-127 +# - ecs-v6-response-bits-128 +# - cumul-clientanswers +# - cumul-authanswers +# - policy-hits +# - proxy-mapping-total +# - remote-logger-count +##### List of statistics that are prevented from being exported via rec_control get-all +# stats_rec_control_disabled_list: +# - cache-bytes +# - packetcache-bytes +# - special-memory-usage +# - ecs-v4-response-bits-1 +# - ecs-v4-response-bits-2 +# - ecs-v4-response-bits-3 +# - ecs-v4-response-bits-4 +# - ecs-v4-response-bits-5 +# - ecs-v4-response-bits-6 +# - ecs-v4-response-bits-7 +# - ecs-v4-response-bits-8 +# - ecs-v4-response-bits-9 +# - ecs-v4-response-bits-10 +# - ecs-v4-response-bits-11 +# - ecs-v4-response-bits-12 +# - ecs-v4-response-bits-13 +# - ecs-v4-response-bits-14 +# - ecs-v4-response-bits-15 +# - ecs-v4-response-bits-16 +# - ecs-v4-response-bits-17 +# - ecs-v4-response-bits-18 +# - ecs-v4-response-bits-19 +# - ecs-v4-response-bits-20 +# - ecs-v4-response-bits-21 +# - ecs-v4-response-bits-22 +# - ecs-v4-response-bits-23 +# - ecs-v4-response-bits-24 +# - ecs-v4-response-bits-25 +# - ecs-v4-response-bits-26 +# - ecs-v4-response-bits-27 +# - ecs-v4-response-bits-28 +# - ecs-v4-response-bits-29 +# - ecs-v4-response-bits-30 +# - ecs-v4-response-bits-31 +# - ecs-v4-response-bits-32 +# - ecs-v6-response-bits-1 +# - ecs-v6-response-bits-2 +# - ecs-v6-response-bits-3 +# - ecs-v6-response-bits-4 +# - ecs-v6-response-bits-5 +# - ecs-v6-response-bits-6 +# - ecs-v6-response-bits-7 +# - ecs-v6-response-bits-8 +# - ecs-v6-response-bits-9 +# - ecs-v6-response-bits-10 +# - ecs-v6-response-bits-11 +# - ecs-v6-response-bits-12 +# - ecs-v6-response-bits-13 +# - ecs-v6-response-bits-14 +# - ecs-v6-response-bits-15 +# - ecs-v6-response-bits-16 +# - ecs-v6-response-bits-17 +# - ecs-v6-response-bits-18 +# - ecs-v6-response-bits-19 +# - ecs-v6-response-bits-20 +# - ecs-v6-response-bits-21 +# - ecs-v6-response-bits-22 +# - ecs-v6-response-bits-23 +# - ecs-v6-response-bits-24 +# - ecs-v6-response-bits-25 +# - ecs-v6-response-bits-26 +# - ecs-v6-response-bits-27 +# - ecs-v6-response-bits-28 +# - ecs-v6-response-bits-29 +# - ecs-v6-response-bits-30 +# - ecs-v6-response-bits-31 +# - ecs-v6-response-bits-32 +# - ecs-v6-response-bits-33 +# - ecs-v6-response-bits-34 +# - ecs-v6-response-bits-35 +# - ecs-v6-response-bits-36 +# - ecs-v6-response-bits-37 +# - ecs-v6-response-bits-38 +# - ecs-v6-response-bits-39 +# - ecs-v6-response-bits-40 +# - ecs-v6-response-bits-41 +# - ecs-v6-response-bits-42 +# - ecs-v6-response-bits-43 +# - ecs-v6-response-bits-44 +# - ecs-v6-response-bits-45 +# - ecs-v6-response-bits-46 +# - ecs-v6-response-bits-47 +# - ecs-v6-response-bits-48 +# - ecs-v6-response-bits-49 +# - ecs-v6-response-bits-50 +# - ecs-v6-response-bits-51 +# - ecs-v6-response-bits-52 +# - ecs-v6-response-bits-53 +# - ecs-v6-response-bits-54 +# - ecs-v6-response-bits-55 +# - ecs-v6-response-bits-56 +# - ecs-v6-response-bits-57 +# - ecs-v6-response-bits-58 +# - ecs-v6-response-bits-59 +# - ecs-v6-response-bits-60 +# - ecs-v6-response-bits-61 +# - ecs-v6-response-bits-62 +# - ecs-v6-response-bits-63 +# - ecs-v6-response-bits-64 +# - ecs-v6-response-bits-65 +# - ecs-v6-response-bits-66 +# - ecs-v6-response-bits-67 +# - ecs-v6-response-bits-68 +# - ecs-v6-response-bits-69 +# - ecs-v6-response-bits-70 +# - ecs-v6-response-bits-71 +# - ecs-v6-response-bits-72 +# - ecs-v6-response-bits-73 +# - ecs-v6-response-bits-74 +# - ecs-v6-response-bits-75 +# - ecs-v6-response-bits-76 +# - ecs-v6-response-bits-77 +# - ecs-v6-response-bits-78 +# - ecs-v6-response-bits-79 +# - ecs-v6-response-bits-80 +# - ecs-v6-response-bits-81 +# - ecs-v6-response-bits-82 +# - ecs-v6-response-bits-83 +# - ecs-v6-response-bits-84 +# - ecs-v6-response-bits-85 +# - ecs-v6-response-bits-86 +# - ecs-v6-response-bits-87 +# - ecs-v6-response-bits-88 +# - ecs-v6-response-bits-89 +# - ecs-v6-response-bits-90 +# - ecs-v6-response-bits-91 +# - ecs-v6-response-bits-92 +# - ecs-v6-response-bits-93 +# - ecs-v6-response-bits-94 +# - ecs-v6-response-bits-95 +# - ecs-v6-response-bits-96 +# - ecs-v6-response-bits-97 +# - ecs-v6-response-bits-98 +# - ecs-v6-response-bits-99 +# - ecs-v6-response-bits-100 +# - ecs-v6-response-bits-101 +# - ecs-v6-response-bits-102 +# - ecs-v6-response-bits-103 +# - ecs-v6-response-bits-104 +# - ecs-v6-response-bits-105 +# - ecs-v6-response-bits-106 +# - ecs-v6-response-bits-107 +# - ecs-v6-response-bits-108 +# - ecs-v6-response-bits-109 +# - ecs-v6-response-bits-110 +# - ecs-v6-response-bits-111 +# - ecs-v6-response-bits-112 +# - ecs-v6-response-bits-113 +# - ecs-v6-response-bits-114 +# - ecs-v6-response-bits-115 +# - ecs-v6-response-bits-116 +# - ecs-v6-response-bits-117 +# - ecs-v6-response-bits-118 +# - ecs-v6-response-bits-119 +# - ecs-v6-response-bits-120 +# - ecs-v6-response-bits-121 +# - ecs-v6-response-bits-122 +# - ecs-v6-response-bits-123 +# - ecs-v6-response-bits-124 +# - ecs-v6-response-bits-125 +# - ecs-v6-response-bits-126 +# - ecs-v6-response-bits-127 +# - ecs-v6-response-bits-128 +# - cumul-clientanswers +# - cumul-authanswers +# - policy-hits +# - proxy-mapping-total +# - remote-logger-count +##### maximum number of packets to store statistics for +# stats_ringbuffer_entries: 10000 +##### List of statistics that are prevented from being exported via SNMP +# stats_snmp_disabled_list: +# - cache-bytes +# - packetcache-bytes +# - special-memory-usage +# - ecs-v4-response-bits-1 +# - ecs-v4-response-bits-2 +# - ecs-v4-response-bits-3 +# - ecs-v4-response-bits-4 +# - ecs-v4-response-bits-5 +# - ecs-v4-response-bits-6 +# - ecs-v4-response-bits-7 +# - ecs-v4-response-bits-8 +# - ecs-v4-response-bits-9 +# - ecs-v4-response-bits-10 +# - ecs-v4-response-bits-11 +# - ecs-v4-response-bits-12 +# - ecs-v4-response-bits-13 +# - ecs-v4-response-bits-14 +# - ecs-v4-response-bits-15 +# - ecs-v4-response-bits-16 +# - ecs-v4-response-bits-17 +# - ecs-v4-response-bits-18 +# - ecs-v4-response-bits-19 +# - ecs-v4-response-bits-20 +# - ecs-v4-response-bits-21 +# - ecs-v4-response-bits-22 +# - ecs-v4-response-bits-23 +# - ecs-v4-response-bits-24 +# - ecs-v4-response-bits-25 +# - ecs-v4-response-bits-26 +# - ecs-v4-response-bits-27 +# - ecs-v4-response-bits-28 +# - ecs-v4-response-bits-29 +# - ecs-v4-response-bits-30 +# - ecs-v4-response-bits-31 +# - ecs-v4-response-bits-32 +# - ecs-v6-response-bits-1 +# - ecs-v6-response-bits-2 +# - ecs-v6-response-bits-3 +# - ecs-v6-response-bits-4 +# - ecs-v6-response-bits-5 +# - ecs-v6-response-bits-6 +# - ecs-v6-response-bits-7 +# - ecs-v6-response-bits-8 +# - ecs-v6-response-bits-9 +# - ecs-v6-response-bits-10 +# - ecs-v6-response-bits-11 +# - ecs-v6-response-bits-12 +# - ecs-v6-response-bits-13 +# - ecs-v6-response-bits-14 +# - ecs-v6-response-bits-15 +# - ecs-v6-response-bits-16 +# - ecs-v6-response-bits-17 +# - ecs-v6-response-bits-18 +# - ecs-v6-response-bits-19 +# - ecs-v6-response-bits-20 +# - ecs-v6-response-bits-21 +# - ecs-v6-response-bits-22 +# - ecs-v6-response-bits-23 +# - ecs-v6-response-bits-24 +# - ecs-v6-response-bits-25 +# - ecs-v6-response-bits-26 +# - ecs-v6-response-bits-27 +# - ecs-v6-response-bits-28 +# - ecs-v6-response-bits-29 +# - ecs-v6-response-bits-30 +# - ecs-v6-response-bits-31 +# - ecs-v6-response-bits-32 +# - ecs-v6-response-bits-33 +# - ecs-v6-response-bits-34 +# - ecs-v6-response-bits-35 +# - ecs-v6-response-bits-36 +# - ecs-v6-response-bits-37 +# - ecs-v6-response-bits-38 +# - ecs-v6-response-bits-39 +# - ecs-v6-response-bits-40 +# - ecs-v6-response-bits-41 +# - ecs-v6-response-bits-42 +# - ecs-v6-response-bits-43 +# - ecs-v6-response-bits-44 +# - ecs-v6-response-bits-45 +# - ecs-v6-response-bits-46 +# - ecs-v6-response-bits-47 +# - ecs-v6-response-bits-48 +# - ecs-v6-response-bits-49 +# - ecs-v6-response-bits-50 +# - ecs-v6-response-bits-51 +# - ecs-v6-response-bits-52 +# - ecs-v6-response-bits-53 +# - ecs-v6-response-bits-54 +# - ecs-v6-response-bits-55 +# - ecs-v6-response-bits-56 +# - ecs-v6-response-bits-57 +# - ecs-v6-response-bits-58 +# - ecs-v6-response-bits-59 +# - ecs-v6-response-bits-60 +# - ecs-v6-response-bits-61 +# - ecs-v6-response-bits-62 +# - ecs-v6-response-bits-63 +# - ecs-v6-response-bits-64 +# - ecs-v6-response-bits-65 +# - ecs-v6-response-bits-66 +# - ecs-v6-response-bits-67 +# - ecs-v6-response-bits-68 +# - ecs-v6-response-bits-69 +# - ecs-v6-response-bits-70 +# - ecs-v6-response-bits-71 +# - ecs-v6-response-bits-72 +# - ecs-v6-response-bits-73 +# - ecs-v6-response-bits-74 +# - ecs-v6-response-bits-75 +# - ecs-v6-response-bits-76 +# - ecs-v6-response-bits-77 +# - ecs-v6-response-bits-78 +# - ecs-v6-response-bits-79 +# - ecs-v6-response-bits-80 +# - ecs-v6-response-bits-81 +# - ecs-v6-response-bits-82 +# - ecs-v6-response-bits-83 +# - ecs-v6-response-bits-84 +# - ecs-v6-response-bits-85 +# - ecs-v6-response-bits-86 +# - ecs-v6-response-bits-87 +# - ecs-v6-response-bits-88 +# - ecs-v6-response-bits-89 +# - ecs-v6-response-bits-90 +# - ecs-v6-response-bits-91 +# - ecs-v6-response-bits-92 +# - ecs-v6-response-bits-93 +# - ecs-v6-response-bits-94 +# - ecs-v6-response-bits-95 +# - ecs-v6-response-bits-96 +# - ecs-v6-response-bits-97 +# - ecs-v6-response-bits-98 +# - ecs-v6-response-bits-99 +# - ecs-v6-response-bits-100 +# - ecs-v6-response-bits-101 +# - ecs-v6-response-bits-102 +# - ecs-v6-response-bits-103 +# - ecs-v6-response-bits-104 +# - ecs-v6-response-bits-105 +# - ecs-v6-response-bits-106 +# - ecs-v6-response-bits-107 +# - ecs-v6-response-bits-108 +# - ecs-v6-response-bits-109 +# - ecs-v6-response-bits-110 +# - ecs-v6-response-bits-111 +# - ecs-v6-response-bits-112 +# - ecs-v6-response-bits-113 +# - ecs-v6-response-bits-114 +# - ecs-v6-response-bits-115 +# - ecs-v6-response-bits-116 +# - ecs-v6-response-bits-117 +# - ecs-v6-response-bits-118 +# - ecs-v6-response-bits-119 +# - ecs-v6-response-bits-120 +# - ecs-v6-response-bits-121 +# - ecs-v6-response-bits-122 +# - ecs-v6-response-bits-123 +# - ecs-v6-response-bits-124 +# - ecs-v6-response-bits-125 +# - ecs-v6-response-bits-126 +# - ecs-v6-response-bits-127 +# - ecs-v6-response-bits-128 +# - cumul-clientanswers +# - cumul-authanswers +# - policy-hits +# - proxy-mapping-total +# - remote-logger-count +##### Set interval (in seconds) of the re-resolve checks of system resolver subsystem. +# system_resolver_interval: 0 +##### Check for potential self-resolve, default enabled. +# system_resolver_self_resolve_check: true +##### Set TTL of system resolver feature, 0 (default) is disabled +# system_resolver_ttl: 0 +##### Launch this number of threads listening for and processing TCP queries +# tcp_threads: 1 +##### Launch this number of threads +# threads: 2 +##### string reported on version.pdns or version.bind +# version_string: '*runtime determined*' +##### Write a PID file +# write_pid: true + +######### SECTION snmp ######### +snmp: +##### If set, register as an SNMP agent +# agent: false +##### If set and snmp-agent is set, the socket to use to register to the SNMP daemon +# daemon_socket: '' + +######### SECTION webservice ######### +webservice: +##### IP Address of webserver to listen on +# address: 127.0.0.1 +##### Webserver access is only allowed from these subnets +# allow_from: +# - 127.0.0.1 +# - ::1 +##### Directory where REST API stores config and zones +# api_dir: '' +##### Static pre-shared authentication key for access to the REST API +# api_key: '' +##### Whether to hash passwords and api keys supplied in plaintext, to prevent keeping the plaintext version in memory at runtime +# hash_plaintext_credentials: false +##### Amount of logging in the webserver (none, normal, detailed) +# loglevel: normal +##### Password required for accessing the webserver +# password: '' +##### Port of webserver to listen on +# port: 8082 +##### Start a webserver (for REST API) +# webserver: false diff --git a/net/pdns-recursor/patches/100-disable-recursor.conf-dist.patch b/net/pdns-recursor/patches/100-disable-recursor.yml-dist.patch similarity index 61% rename from net/pdns-recursor/patches/100-disable-recursor.conf-dist.patch rename to net/pdns-recursor/patches/100-disable-recursor.yml-dist.patch index c4199c4fc7fbe4..ea5f5118a1ef62 100644 --- a/net/pdns-recursor/patches/100-disable-recursor.conf-dist.patch +++ b/net/pdns-recursor/patches/100-disable-recursor.yml-dist.patch @@ -1,14 +1,11 @@ --- a/Makefile.am +++ b/Makefile.am -@@ -529,15 +529,6 @@ $(srcdir)/effective_tld_names.dat: +@@ -551,12 +551,6 @@ $(srcdir)/effective_tld_names.dat: pubsuffix.cc: $(srcdir)/effective_tld_names.dat - $(AM_V_GEN)./mkpubsuffixcc + $(srcdir)/mkpubsuffixcc $< $@ -## Config file --sysconf_DATA = recursor.conf-dist recursor.yml-dist -- --recursor.conf-dist: pdns_recursor -- $(AM_V_GEN)./pdns_recursor --config=default > $@ +-sysconf_DATA = recursor.yml-dist - -recursor.yml-dist: pdns_recursor - dir=$$(mktemp -d) && touch "$$dir/recursor.yml" && ./pdns_recursor --config-dir="$$dir" --config=default 2> /dev/null > $@ && rm "$$dir/recursor.yml" && rmdir "$$dir"