openwrt-packages-dist/net/pdns-recursor/files/recursor.conf-dist

# Autogenerated configuration file template
#################################
# allow-from	If set, only allow these comma separated netmasks to recurse
#
# allow-from=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10

#################################
# allow-from-file	If set, load allowed netmasks from this file
#
# allow-from-file=

#################################
# any-to-tcp	Answer ANY queries with tc=1, shunting to TCP
#
# any-to-tcp=no

#################################
# api-config-dir	Directory where REST API stores config and zones
#
# api-config-dir=

#################################
# api-key	Static pre-shared authentication key for access to the REST API
#
# api-key=

#################################
# api-logfile	Location of the server logfile (used by the REST API)
#
# api-logfile=/var/log/pdns.log

#################################
# api-readonly	Disallow data modification through the REST API when set
#
# api-readonly=no

#################################
# auth-zones	Zones for which we have authoritative data, comma separated domain=file pairs 
#
# auth-zones=

#################################
# carbon-interval	Number of seconds between carbon (graphite) updates
#
# carbon-interval=30

#################################
# carbon-ourname	If set, overrides our reported hostname for carbon stats
#
# carbon-ourname=

#################################
# carbon-server	If set, send metrics in carbon (graphite) format to this server IP address
#
# carbon-server=

#################################
# chroot	switch to chroot jail
#
# chroot=

#################################
# client-tcp-timeout	Timeout in seconds when talking to TCP clients
#
# client-tcp-timeout=2

#################################
# config-dir	Location of configuration directory (recursor.conf)
#
# config-dir=/usr/local/etc

#################################
# config-name	Name of this virtual configuration - will rename the binary image
#
# config-name=

#################################
# cpu-map	Thread to CPU mapping, space separated thread-id=cpu1,cpu2..cpuN pairs
#
# cpu-map=

#################################
# daemon	Operate as a daemon
#
# daemon=no

#################################
# delegation-only	Which domains we only accept delegations from
#
# delegation-only=

#################################
# disable-packetcache	Disable packetcache
#
# disable-packetcache=no

#################################
# disable-real-memory-usage	Disable expensive real-memory-usage metric
#
# disable-real-memory-usage=no

#################################
# disable-syslog	Disable logging to syslog, useful when running inside a supervisor that logs stdout
#
# disable-syslog=no

#################################
# distribution-load-factor	The load factor used when PowerDNS is distributing queries to worker threads
#
# distribution-load-factor=0.0

#################################
# dnssec	DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate
#
# dnssec=process-no-validate

#################################
# dnssec-log-bogus	Log DNSSEC bogus validations
#
# dnssec-log-bogus=no

#################################
# dont-query	If set, do not query these netmasks for DNS data
#
# dont-query=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, ::ffff:0:0/96, 100::/64, 2001:db8::/32

#################################
# ecs-cache-limit-ttl	Minimum TTL to cache ECS response
#
# ecs-cache-limit-ttl=0

#################################
# ecs-ipv4-bits	Number of bits of IPv4 address to pass for EDNS Client Subnet
#
# ecs-ipv4-bits=24

#################################
# ecs-ipv4-cache-bits	Maximum number of bits of IPv4 mask to cache ECS response
#
# ecs-ipv4-cache-bits=24

#################################
# ecs-ipv6-bits	Number of bits of IPv6 address to pass for EDNS Client Subnet
#
# ecs-ipv6-bits=56

#################################
# ecs-ipv6-cache-bits	Maximum number of bits of IPv6 mask to cache ECS response
#
# ecs-ipv6-cache-bits=56

#################################
# ecs-scope-zero-address	Address to send to whitelisted authoritative servers for incoming queries with ECS prefix-length source of 0
#
# ecs-scope-zero-address=

#################################
# edns-outgoing-bufsize	Outgoing EDNS buffer size
#
# edns-outgoing-bufsize=1680

#################################
# edns-subnet-whitelist	List of netmasks and domains that we should enable EDNS subnet for
#
# edns-subnet-whitelist=

#################################
# entropy-source	If set, read entropy from this file
#
# entropy-source=/dev/urandom

#################################
# etc-hosts-file	Path to 'hosts' file
#
# etc-hosts-file=/etc/hosts

#################################
# export-etc-hosts	If we should serve up contents from /etc/hosts
#
# export-etc-hosts=off

#################################
# export-etc-hosts-search-suffix	Also serve up the contents of /etc/hosts with this suffix
#
# export-etc-hosts-search-suffix=

#################################
# forward-zones	Zones for which we forward queries, comma separated domain=ip pairs
#
# forward-zones=

#################################
# forward-zones-file	File with (+)domain=ip pairs for forwarding
#
# forward-zones-file=

#################################
# forward-zones-recurse	Zones for which we forward queries with recursion bit, comma separated domain=ip pairs
#
# forward-zones-recurse=

#################################
# gettag-needs-edns-options	If EDNS Options should be extracted before calling the gettag() hook
#
# gettag-needs-edns-options=no

#################################
# hint-file	If set, load root hints from this file
#
# hint-file=

#################################
# include-dir	Include *.conf files from this directory
#
# include-dir=

#################################
# latency-statistic-size	Number of latency values to calculate the qa-latency average
#
# latency-statistic-size=10000

#################################
# local-address	IP addresses to listen on, separated by spaces or commas. Also accepts ports.
#
# local-address=127.0.0.1

#################################
# local-port	port to listen on
#
# local-port=53

#################################
# log-common-errors	If we should log rather common errors
#
# log-common-errors=no

#################################
# log-rpz-changes	Log additions and removals to RPZ zones at Info level
#
# log-rpz-changes=no

#################################
# log-timestamp	Print timestamps in log lines, useful to disable when running with a tool that timestamps stdout already
#
# log-timestamp=yes

#################################
# logging-facility	Facility to log messages as. 0 corresponds to local0
#
# logging-facility=

#################################
# loglevel	Amount of logging. Higher is more. Do not set below 3
#
# loglevel=6

#################################
# lowercase-outgoing	Force outgoing questions to lowercase
#
# lowercase-outgoing=no

#################################
# lua-config-file	More powerful configuration options
#
# lua-config-file=

#################################
# lua-dns-script	Filename containing an optional 'lua' script that will be used to modify dns answers
#
# lua-dns-script=

#################################
# max-cache-entries	If set, maximum number of entries in the main cache
#
# max-cache-entries=1000000

#################################
# max-cache-ttl	maximum number of seconds to keep a cached entry in memory
#
# max-cache-ttl=86400

#################################
# max-mthreads	Maximum number of simultaneous Mtasker threads
#
# max-mthreads=2048

#################################
# max-negative-ttl	maximum number of seconds to keep a negative cached entry in memory
#
# max-negative-ttl=3600

#################################
# max-packetcache-entries	maximum number of entries to keep in the packetcache
#
# max-packetcache-entries=500000

#################################
# max-qperq	Maximum outgoing queries per query
#
# max-qperq=50

#################################
# max-recursion-depth	Maximum number of internal recursion calls per query, 0 for unlimited
#
# max-recursion-depth=40

#################################
# max-tcp-clients	Maximum number of simultaneous TCP clients
#
# max-tcp-clients=128

#################################
# max-tcp-per-client	If set, maximum number of TCP sessions per client (IP address)
#
# max-tcp-per-client=0

#################################
# max-tcp-queries-per-connection	If set, maximum number of TCP queries in a TCP connection
#
# max-tcp-queries-per-connection=0

#################################
# max-total-msec	Maximum total wall-clock time per query in milliseconds, 0 for unlimited
#
# max-total-msec=7000

#################################
# max-udp-queries-per-round	Maximum number of UDP queries processed per recvmsg() round, before returning back to normal processing
#
# max-udp-queries-per-round=10000

#################################
# minimum-ttl-override	Set under adverse conditions, a minimum TTL
#
# minimum-ttl-override=0

#################################
# network-timeout	Wait this number of milliseconds for network i/o
#
# network-timeout=1500

#################################
# no-shuffle	Don't change
#
# no-shuffle=off

#################################
# non-local-bind	Enable binding to non-local addresses by using FREEBIND / BINDANY socket options
#
# non-local-bind=no

#################################
# nsec3-max-iterations	Maximum number of iterations allowed for an NSEC3 record
#
# nsec3-max-iterations=2500

#################################
# packetcache-servfail-ttl	maximum number of seconds to keep a cached servfail entry in packetcache
#
# packetcache-servfail-ttl=60

#################################
# packetcache-ttl	maximum number of seconds to keep a cached entry in packetcache
#
# packetcache-ttl=3600

#################################
# pdns-distributes-queries	If PowerDNS itself should distribute queries over threads
#
# pdns-distributes-queries=yes

#################################
# processes	Launch this number of processes (EXPERIMENTAL, DO NOT CHANGE)
#
# processes=1

#################################
# query-local-address	Source IP address for sending queries
#
# query-local-address=0.0.0.0

#################################
# query-local-address6	Source IPv6 address for sending queries. IF UNSET, IPv6 WILL NOT BE USED FOR OUTGOING QUERIES
#
# query-local-address6=

#################################
# quiet	Suppress logging of questions and answers
#
# quiet=

#################################
# reuseport	Enable SO_REUSEPORT allowing multiple recursors processes to listen to 1 address
#
# reuseport=no

#################################
# root-nx-trust	If set, believe that an NXDOMAIN from the root means the TLD does not exist
#
# root-nx-trust=yes

#################################
# security-poll-suffix	Domain name from which to query security update notifications
#
# security-poll-suffix=secpoll.powerdns.com.

#################################
# serve-rfc1918	If we should be authoritative for RFC 1918 private IP space
#
# serve-rfc1918=yes

#################################
# server-down-max-fails	Maximum number of consecutive timeouts (and unreachables) to mark a server as down ( 0 => disabled )
#
# server-down-max-fails=64

#################################
# server-down-throttle-time	Number of seconds to throttle all queries to a server after being marked as down
#
# server-down-throttle-time=60

#################################
# server-id	Returned when queried for 'id.server' TXT or NSID, defaults to hostname
#
# server-id=

#################################
# setgid	If set, change group id to this gid for more security
#
# setgid=

#################################
# setuid	If set, change user id to this uid for more security
#
# setuid=

#################################
# signature-inception-skew	Allow the signture inception to be off by this number of seconds
#
# signature-inception-skew=0

#################################
# single-socket	If set, only use a single socket for outgoing queries
#
# single-socket=off

#################################
# snmp-agent	If set, register as an SNMP agent
#
# snmp-agent=no

#################################
# snmp-master-socket	If set and snmp-agent is set, the socket to use to register to the SNMP master
#
# snmp-master-socket=

#################################
# soa-minimum-ttl	Don't change
#
# soa-minimum-ttl=0

#################################
# socket-dir	Where the controlsocket will live, /var/run when unset and not chrooted
#
# socket-dir=

#################################
# socket-group	Group of socket
#
# socket-group=

#################################
# socket-mode	Permissions for socket
#
# socket-mode=

#################################
# socket-owner	Owner of socket
#
# socket-owner=

#################################
# spoof-nearmiss-max	If non-zero, assume spoofing after this many near misses
#
# spoof-nearmiss-max=20

#################################
# stack-size	stack size per mthread
#
# stack-size=200000

#################################
# statistics-interval	Number of seconds between printing of recursor statistics, 0 to disable
#
# statistics-interval=1800

#################################
# stats-ringbuffer-entries	maximum number of packets to store statistics for
#
# stats-ringbuffer-entries=10000

#################################
# tcp-fast-open	Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size
#
# tcp-fast-open=0

#################################
# threads	Launch this number of threads
#
# threads=2

#################################
# trace	if we should output heaps of logging. set to 'fail' to only log failing domains
#
# trace=off

#################################
# udp-truncation-threshold	Maximum UDP response size before we truncate
#
# udp-truncation-threshold=1680

#################################
# use-incoming-edns-subnet	Pass along received EDNS Client Subnet information
#
# use-incoming-edns-subnet=no

#################################
# version-string	string reported on version.pdns or version.bind
#
# version-string=PowerDNS Recursor 4.1.13 (built Jun 14 2019 10:58:59 by xreaper@nimbus.for-no-reason.net)

#################################
# webserver	Start a webserver (for REST API)
#
# webserver=no

#################################
# webserver-address	IP Address of webserver to listen on
#
# webserver-address=127.0.0.1

#################################
# webserver-allow-from	Webserver access is only allowed from these subnets
#
# webserver-allow-from=127.0.0.1,::1

#################################
# webserver-password	Password required for accessing the webserver
#
# webserver-password=

#################################
# webserver-port	Port of webserver to listen on
#
# webserver-port=8082

#################################
# write-pid	Write a PID file
#
# write-pid=yes