# ignore-unknown-settings Configuration settings to ignore if they are unknown
#
# ignore-unknown-settings=
#################################
#################################
# 8bit-dns Allow 8bit dns queries
# 8bit-dns Allow 8bit dns queries
#
#
@ -20,7 +26,12 @@
# allow-notify-from=0.0.0.0/0,::/0
# allow-notify-from=0.0.0.0/0,::/0
#################################
#################################
# allow-unsigned-notify Allow unsigned notifications for TSIG secured domains
# allow-unsigned-autoprimary Allow autoprimaries to create zones without TSIG signed NOTIFY
#
# allow-unsigned-autoprimary=yes
#################################
# allow-unsigned-notify Allow unsigned notifications for TSIG secured zones
#
#
# allow-unsigned-notify=yes
# allow-unsigned-notify=yes
@ -30,7 +41,7 @@
# allow-unsigned-supermaster=yes
# allow-unsigned-supermaster=yes
#################################
#################################
# also-notify When notifying a domain, also notify these nameservers
# also-notify When notifying a zone, also notify these nameservers
#
#
# also-notify=
# also-notify=
@ -49,6 +60,11 @@
#
#
# api-key=
# api-key=
#################################
# autosecondary Act as an autosecondary (formerly superslave)
#
# autosecondary=no
#################################
#################################
# axfr-fetch-timeout Maximum time in seconds for inbound AXFR to start or be idle after starting
# axfr-fetch-timeout Maximum time in seconds for inbound AXFR to start or be idle after starting
#
#
@ -65,7 +81,7 @@
# cache-ttl=20
# cache-ttl=20
#################################
#################################
# carbon-instance If set overwrites the the instance name default
# carbon-instance If set overwrites the instance name default
#
#
# carbon-instance=auth
# carbon-instance=auth
@ -104,6 +120,11 @@
#
#
# config-name=
# config-name=
#################################
# consistent-backends Assume individual zones are not divided over backends. Send only ANY lookup operations to the backend to reduce the number of lookups
#
# consistent-backends=yes
#################################
#################################
# control-console Debugging switch - don't use
# control-console Debugging switch - don't use
#
#
@ -130,24 +151,29 @@
# default-ksk-size=0
# default-ksk-size=0
#################################
#################################
# default-soa-edit Default SOA-EDIT value
# default-publish-cdnskey Default value for PUBLISH-CDNSKEY
#
#
# default-soa-edit=
# default-publish-cdnskey=
#################################
#################################
# default-soa-edit-signed Default SOA-EDIT value for signed zones
# default-publish-cds Default value for PUBLISH-CDS
# default-ttl Seconds a result is valid if not set otherwise
# default-ttl Seconds a result is valid if not set otherwise
@ -205,14 +231,9 @@
# dnsupdate=no
# dnsupdate=no
#################################
#################################
# do-ipv6-additional-processing Do AAAA additional processing
# domain-metadata-cache-ttl Seconds to cache zone metadata from the database
#
#
# do-ipv6-additional-processing=yes
#################################
# domain-metadata-cache-ttl Seconds to cache domain metadata from the database
#
# domain-metadata-cache-ttl=60
# domain-metadata-cache-ttl=
#################################
#################################
# edns-subnet-processing If we should act on EDNS Subnet options
# edns-subnet-processing If we should act on EDNS Subnet options
@ -235,7 +256,7 @@
# expand-alias=no
# expand-alias=no
#################################
#################################
# forward-dnsupdate A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.
# forward-dnsupdate A global setting to allow DNS update packages that are for a Slave zone, to be forwarded to the master.
#
#
# forward-dnsupdate=yes
# forward-dnsupdate=yes
@ -267,23 +288,13 @@
#################################
#################################
# local-address Local IP addresses to which we bind
# local-address Local IP addresses to which we bind
#
#
# local-address=0.0.0.0
# local-address=0.0.0.0, ::
#################################
#################################
# local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server
# local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server
#
#
# local-address-nonexist-fail=yes
# local-address-nonexist-fail=yes
#################################
# local-ipv6 Local IP address to which we bind
#
# local-ipv6=::
#################################
# local-ipv6-nonexist-fail Fail to start if one or more of the local-ipv6 addresses do not exist on this server
#
# local-ipv6-nonexist-fail=yes
#################################
#################################
# local-port The port on which we listen
# local-port The port on which we listen
#
#
@ -324,6 +335,16 @@
#
#
# lua-dnsupdate-policy-script=
# lua-dnsupdate-policy-script=
#################################
# lua-health-checks-expire-delay Stops doing health checks after the record hasn't been used for that delay (in seconds)
#
# lua-health-checks-expire-delay=3600
#################################
# lua-health-checks-interval LUA records health checks monitoring interval in seconds
#
# lua-health-checks-interval=5
#################################
#################################
# lua-prequery-script Lua script with prequery handler (DO NOT USE)
# lua-prequery-script Lua script with prequery handler (DO NOT USE)
#
#
@ -335,7 +356,7 @@
# lua-records-exec-limit=1000
# lua-records-exec-limit=1000
#################################
#################################
# master Act as a master
# master Act as a primary
#
#
# master=no
# master=no
@ -349,10 +370,15 @@
#
#
# max-ent-entries=100000
# max-ent-entries=100000
#################################
# max-generate-steps Maximum number of $GENERATE steps when loading a zone from a file
#
# max-generate-steps=0
#################################
#################################
# max-nsec3-iterations Limit the number of NSEC3 hash iterations
# max-nsec3-iterations Limit the number of NSEC3 hash iterations
#
#
# max-nsec3-iterations=500
# max-nsec3-iterations=100
#################################
#################################
# max-packet-cache-entries Maximum number of entries in the packet cache
# max-packet-cache-entries Maximum number of entries in the packet cache
@ -430,19 +456,19 @@
# prevent-self-notification=yes
# prevent-self-notification=yes
#################################
#################################
# query-cache-ttl Seconds to store query results in the QueryCache
# primary Act as a primary
#
#
# query-cache-ttl=20
# primary=no
#################################
#################################
# query-local-address Source IP address for sending queries
# query-cache-ttl Seconds to store query results in the QueryCache
#
#
# query-local-address=0.0.0.0
# query-cache-ttl=20
#################################
#################################
# query-local-address6 Source IPv6 address for sending queries
# query-local-address Source IP addresses for sending queries
#
#
# query-local-address6=::
# query-local-address=0.0.0.0 ::
#################################
#################################
# query-logging Hint backends that queries should be logged
# query-logging Hint backends that queries should be logged
@ -480,12 +506,22 @@
# rng=auto
# rng=auto
#################################
#################################
# security-poll-suffix Domain name from which to query security update notifications
# secondary Act as a secondary
#
# secondary=no
#################################
# secondary-do-renotify If this secondary should send out notifications after receiving zone transfers from a primary
#
# secondary-do-renotify=no
#################################
# security-poll-suffix Zone name from which to query security update notifications
#
#
# security-poll-suffix=secpoll.powerdns.com.
# security-poll-suffix=secpoll.powerdns.com.
#################################
#################################
# send-signed-notify Send TSIG secured NOTIFY if TSIG key is configured for a domain
# send-signed-notify Send TSIG secured NOTIFY if TSIG key is configured for a zone
#
#
# send-signed-notify=yes
# send-signed-notify=yes
@ -510,7 +546,7 @@
# signing-threads=3
# signing-threads=3
#################################
#################################
# slave Act as a slave
# slave Act as a secondary
#
#
# slave=no
# slave=no
@ -520,39 +556,24 @@
# slave-cycle-interval=60
# slave-cycle-interval=60
#################################
#################################
# slave-renotify If we should send out notifications for slaved updates
# slave-renotify If we should send out notifications for secondaried updates
#
#
# slave-renotify=no
# slave-renotify=no
#################################
#################################
# soa-expire-default Default SOA expire
#
# soa-expire-default=604800
#################################
# soa-minimum-ttl Default SOA minimum ttl
#
# soa-minimum-ttl=3600
#################################
# soa-refresh-default Default SOA refresh
# socket-dir Where the controlsocket will live, /var/run/pdns when unset and not chrooted. Set to the RUNTIME_DIRECTORY environment variable when that variable has a value (e.g. under systemd).
#
#
# soa-refresh-default=10800
#################################
# soa-retry-default Default SOA retry
#
# soa-retry-default=3600
# socket-dir=
#################################
#################################
# socket-dir Where the controlsocket will live, /var/run when unset and not chrooted
# superslave Act as a autosecondary
#
#
# socket-dir=
# superslave=no
#################################
#################################
# superslave Act as a superslave
# svc-autohints Transparently fill ipv6hint=auto ipv4hint=auto SVC params with AAAA/A records for the target name of the record (if within the same zone)
#
#
# superslave=no
# svc-autohints=no
#################################
#################################
# tcp-control-address If set, PowerDNS can be controlled over TCP on this address
# tcp-control-address If set, PowerDNS can be controlled over TCP on this address
@ -599,6 +620,11 @@
#
#
# udp-truncation-threshold=1232
# udp-truncation-threshold=1232
#################################
# upgrade-unknown-types Transparently upgrade known TYPExxx records. Recommended to keep off, except for PowerDNS upgrades until data sources are cleaned up
#
# upgrade-unknown-types=no
#################################
#################################
# version-string PowerDNS version in packets - full, anonymous, powerdns or custom
# version-string PowerDNS version in packets - full, anonymous, powerdns or custom
#
#
@ -649,9 +675,23 @@
#
#
# write-pid=yes
# write-pid=yes
#################################
# xfr-cycle-interval Schedule primary/secondary SOA freshness checks once every .. seconds
#
# xfr-cycle-interval=60
#################################
#################################
# xfr-max-received-mbytes Maximum number of megabytes received from an incoming XFR
# xfr-max-received-mbytes Maximum number of megabytes received from an incoming XFR
#
#
# xfr-max-received-mbytes=100
# xfr-max-received-mbytes=100
#################################
# zone-cache-refresh-interval Seconds to cache list of known zones
#
# zone-cache-refresh-interval=300
#################################
# zone-metadata-cache-ttl Seconds to cache zone metadata from the database