forked from pool/pdns-recursor
Marcus Rueckert
e870722ff6
- turn off chroot by default as it is not supported on systemd
enabled systems
- set query-local-address to ::,0.0.0.0
to make ipv6 only nameservers work out of the box
OBS-URL: https://build.opensuse.org/package/show/server:dns/pdns-recursor?expand=0&rev=153
125 lines
2.1 KiB
Plaintext
125 lines
2.1 KiB
Plaintext
## turn on to do AAAA additional processing (slow)
|
|
##
|
|
#aaaa-additional-processing=off
|
|
|
|
##
|
|
## If set, only allow these comma separated netmasks to recurse
|
|
##
|
|
## By default it only allows queries from
|
|
##
|
|
## 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12
|
|
##
|
|
#allow-from=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12
|
|
|
|
##
|
|
## switch to chroot jail
|
|
##
|
|
#chroot=/var/lib/pdns
|
|
|
|
##
|
|
## Timeout in seconds when talking to TCP clients
|
|
##
|
|
#client-tcp-timeout=2
|
|
|
|
##
|
|
## Operate as a daemon
|
|
##
|
|
#daemon=yes
|
|
|
|
##
|
|
## Which domains we only accept delegations from
|
|
##
|
|
#delegation-only=
|
|
|
|
##
|
|
## Process DNSSEC entries and validate them. Send SERVFAIL to
|
|
## clients on bogus responses.
|
|
##
|
|
## Values: off, process-no-validate, process, log-fail, validate
|
|
##
|
|
dnssec=validate
|
|
|
|
##
|
|
## If set, fork the daemon for possible double performance
|
|
##
|
|
#fork=no
|
|
|
|
##
|
|
## If set, load root hints from this file
|
|
##
|
|
#hint-file=
|
|
|
|
##
|
|
## IP addresses to listen on, separated by spaces or commas
|
|
##
|
|
## By default it only listens on 127.0.0.1. If you want to serve
|
|
## for more than one host you should change this.
|
|
##
|
|
#local-address=127.0.0.1
|
|
|
|
##
|
|
## port to listen on
|
|
##
|
|
#local-port=53
|
|
|
|
##
|
|
## If we should log rather common errors
|
|
##
|
|
#log-common-errors=yes
|
|
|
|
##
|
|
## If set, maximum number of entries in the main cache
|
|
##
|
|
#max-cache-entries=0
|
|
|
|
##
|
|
## Maximum number of simultaneous TCP clients
|
|
##
|
|
#max-tcp-clients=128
|
|
|
|
##
|
|
## If set, maximum number of TCP sessions per client (IP address)
|
|
##
|
|
#max-tcp-per-client=0
|
|
|
|
##
|
|
## Source IP address for sending queries
|
|
##
|
|
#query-local-address=0.0.0.0
|
|
query-local-address=::,0.0.0.0
|
|
|
|
##
|
|
## Source port address for sending queries, defaults to random
|
|
##
|
|
#query-local-port=12345
|
|
|
|
##
|
|
## Suppress logging of questions and answers
|
|
##
|
|
#quiet=yes
|
|
|
|
##
|
|
## If set, change group id to this gid for more security
|
|
##
|
|
setgid=pdns
|
|
|
|
##
|
|
## If set, change user id to this uid for more security
|
|
##
|
|
setuid=pdns
|
|
|
|
##
|
|
## If set, only use a single socket for outgoing queries
|
|
##
|
|
#single-socket=off
|
|
|
|
##
|
|
## If non-zero, assume spoofing after this many near misses
|
|
##
|
|
#spoof-nearmiss-max=20
|
|
|
|
##
|
|
## if we should output heaps of logging
|
|
##
|
|
#trace=off
|