<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 20. Index of all Authoritative Server settings</title><link rel="stylesheet" href="docbook.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /><link rel="home" href="index.html" title="PowerDNS manual" /><link rel="up" href="index.html" title="PowerDNS manual" /><link rel="prev" href="fancy-records.html" title="Chapter 19. Fancy records for seamless email and URL integration" /><link rel="next" href="metrics.html" title="Chapter 21. Index of all Authoritative Server metrics" /></head><body><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 20. Index of all Authoritative Server settings</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="fancy-records.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="metrics.html">Next</a></td></tr></table><hr /></div><div class="chapter" title="Chapter 20. Index of all Authoritative Server settings"><div class="titlepage"><div><div><h2 class="title"><a id="all-settings"></a>Chapter 20. Index of all Authoritative Server settings</h2></div></div></div><p>
All PDNS Authoritative Server settings are listed here, excluding those that originate from backends, which are documented in the relevant chapters.
</p><div class="variablelist"><dl><dt><span class="term"><a id="allow-axfr-ips"></a>allow-axfr-ips=...</span></dt><dd><p>Behaviour pre 2.9.10: When not allowing AXFR (disable-axfr), DO allow from these IP addresses or netmasks.
</p><p>Behaviour post 2.9.10: If set, only these IP addresses or netmasks will be able to perform AXFR.
</p></dd><dt><span class="term">allow-recursion=...</span></dt><dd><p>
By specifying <span class="command"><strong>allow-recursion</strong></span>, recursion can be restricted to netmasks specified. The default is to allow
recursion from everywhere. Example: <span class="command"><strong>allow-recursion=192.168.0.0/24, 10.0.0.0/8, 1.2.3.4</strong></span>.
</p></dd><dt><span class="term">cache-ttl=...</span></dt><dd><p>
Seconds to store packets in the PacketCache. See <a class="xref" href="performance-settings.html#packetcache" title="3.1. Packet Cache">Section 3.1, “Packet Cache”</a>.
</p></dd><dt><span class="term">chroot=...</span></dt><dd><p>
If set, chroot to this directory for more security. See <a class="xref" href="security.html" title="Chapter 7. Security settings & considerations">Chapter 7, <i>Security settings & considerations</i></a>.
</p></dd><dt><span class="term">config-dir=...</span></dt><dd><p>
Location of configuration directory (pdns.conf)
</p></dd><dt><span class="term">config-name=...</span></dt><dd><p>
Name of this virtual configuration - will rename the binary image. See <a class="xref" href="virtual.html" title="Chapter 8. Virtual hosting">Chapter 8, <i>Virtual hosting</i></a>.
</p></dd><dt><span class="term">control-console=...</span></dt><dd><p>
Debugging switch - don't use.
</p></dd><dt><span class="term">daemon=...</span></dt><dd><p>
Operate as a daemon
</p></dd><dt><span class="term">default-soa-name=...</span></dt><dd><p>
name to insert in the SOA record if none set in the backend
</p></dd><dt><span class="term">default-ttl=...</span></dt><dd><p>
TTL to use when none is provided.
</p></dd><dt><span class="term">disable-axfr=...</span></dt><dd><p>
Do not allow zone transfers. Before 2.9.10, this could be overridden by allow-axfr-ips.
</p></dd><dt><span class="term">disable-tcp=...</span></dt><dd><p>
Do not listen to TCP queries. Breaks RFC compliance.
</p></dd><dt><span class="term">distributor-threads=...</span></dt><dd><p>
Default number of Distributor (backend) threads to start. See <a class="xref" href="performance.html" title="Chapter 9. Authoritative Server Performance">Chapter 9, <i>Authoritative Server Performance</i></a>.
</p></dd><dt><span class="term">do-ipv6-additional-processing=...</span></dt><dd><p>
Perform AAAA additional processing.
</p></dd><dt><span class="term">edns-subnet-option-number=...</span></dt><dd><p>
If edns-subnet-processing is enabled, this option allows the user to override the option number.
</p></dd><dt><span class="term">edns-subnet-processing=...</span></dt><dd><p>
Enables EDNS subnet processing, for backends that support it.
</p></dd><dt><span class="term">entropy-source=...</span></dt><dd><p>
Entropy source (like /dev/urandom).
</p></dd><dt><span class="term">fancy-records=...</span></dt><dd><p>
Process URL and MBOXFW records. See <a class="xref" href="fancy-records.html" title="Chapter 19. Fancy records for seamless email and URL integration">Chapter 19, <i>Fancy records for seamless email and URL integration</i></a>.
</p></dd><dt><span class="term">guardian | --guardian=yes | --guardian=no</span></dt><dd><p>
Run within a guardian process. See <a class="xref" href="guardian.html" title="2. Guardian">Section 2, “Guardian”</a>.
</p></dd><dt><span class="term">help</span></dt><dd><p>
Provide a helpful message
</p></dd><dt><span class="term">launch=...</span></dt><dd><p>
Which backends to launch and order to query them in. See <a class="xref" href="modules.html" title="3. Modules & Backends">Section 3, “Modules & Backends”</a>.
</p></dd><dt><span class="term">lazy-recursion=...</span></dt><dd><p>
On by default as of 2.1. Checks local data first before recursing. See <a class="xref" href="recursion.html" title="Chapter 16. Recursion">Chapter 16, <i>Recursion</i></a>.
</p></dd><dt><span class="term">load-modules=...</span></dt><dd><p>
Load this module - supply absolute or relative path. See <a class="xref" href="modules.html" title="3. Modules & Backends">Section 3, “Modules & Backends”</a>.
</p></dd><dt><span class="term">local-address=...</span></dt><dd><p>
Local IP address to which we bind. You can specify multiple addresses separated by commas or whitespace. It is highly
advised to bind to specific interfaces and not use the default 'bind to any'. This causes big problems if you have multiple
IP addresses. Unix does not provide a way of figuring out what IP address a packet was sent to when binding to any.
</p></dd><dt><span class="term">local-ipv6=...</span></dt><dd><p>
Local IPv6 address to which we bind. You can specify multiple addresses separated by commas or whitespace.
</p></dd><dt><span class="term">local-port=...</span></dt><dd><p>
The port on which we listen. Only one port possible.
</p></dd><dt><span class="term"><a id="log-failed-updates"></a>log-failed-updates=...</span></dt><dd><p>
If set to 'no', failed Windows Dynamic Updates will not be logged.
</p></dd><dt><span class="term"><a id="log-dns-details"></a>log-dns-details=...</span></dt><dd><p>
If set to 'no', informative-only DNS details will not even be sent to syslog, improving performance. Available from 2.5
and onwards.
</p></dd><dt><span class="term">logging-facility=...</span></dt><dd><p>
If set to a digit, logging is performed under this LOCAL facility. See <a class="xref" href="syslog.html" title="3. Operational logging using syslog">Section 3, “Operational logging using syslog”</a>. Available from 1.99.9 and onwards. Do not pass names like 'local0'!
</p></dd><dt><span class="term">loglevel=...</span></dt><dd><p>
Amount of logging. Higher is more. Do not set below 3
</p></dd><dt><span class="term">log-dns-queries [,=no]</span></dt><dd><p>
Tell PowerDNS to log all incoming DNS queries. This will lead to a lot of logging! Only enable for debugging!
</p></dd><dt><span class="term">lua-prequery-script=...</span></dt><dd><p>
Lua script to run before answering a query. Not for production use!
</p></dd><dt><span class="term">master [,=on].</span></dt><dd><p>
Turn on master support. Boolean.
</p></dd><dt><span class="term">max-cache-entries=...</span></dt><dd><p>
Maximum number of cache entries. 1 million will generally suffice for most installations. Available since version 2.9.22.
</p></dd><dt><span class="term">max-ent-entries=...</span></dt><dd><p>
Maximum number of empty non-terminals to add to a zone. This is a protection measure to avoid database explosion due to long names.
</p></dd><dt><span class="term">max-queue-length=...</span></dt><dd><p>
If this many packets are waiting for database attention, consider the situation hopeless and respawn.
</p></dd><dt><span class="term">max-tcp-connections=...</span></dt><dd><p>
Allow this many incoming TCP DNS connections simultaneously.
</p></dd><dt><span class="term">module-dir=...</span></dt><dd><p>
Default directory for modules. See <a class="xref" href="modules.html" title="3. Modules & Backends">Section 3, “Modules & Backends”</a>.
</p></dd><dt><span class="term">negquery-cache-ttl=...</span></dt><dd><p>
Seconds to store queries with no answer in the Query Cache. See <a class="xref" href="performance-settings.html#querycache" title="3.2. Query Cache">Section 3.2, “Query Cache”</a>.
</p></dd><dt><span class="term">no-config</span></dt><dd><p>
Do not attempt to read the configuration file.
</p></dd><dt><span class="term">no-shuffle</span></dt><dd><p>
Do not attempt to shuffle query results.
</p></dd><dt><span class="term">overload-queue-length=...</span></dt><dd><p>
If this many packets are waiting for database attention, answer any new questions strictly from the packet cache.
</p></dd><dt><span class="term">server-id</span></dt><dd><p>
This is the server ID that will be returned on an EDNS NSID query. Defaults to the host name.
</p></dd><dt><span class="term">out-of-zone-additional-processing | --out-of-zone-additional-processing=yes | --out-of-zone-additional-processing=no</span></dt><dd><p>
Do out of zone additional processing. This means that if a malicious user adds a '.com' zone to your server, it is not used for
other domains and will not contaminate answers. Do not enable this setting if you run a public DNS service with untrusted users. Off by default.
</p></dd><dt><span class="term">pipebackend-abi-version=...</span></dt><dd><p>
ABI version to use for the pipe backend. See <a class="xref" href="backends-detail.html#pipebackend-protocol" title="1.1. PipeBackend protocol">Section 1.1, “PipeBackend protocol”</a>.
</p></dd><dt><span class="term">query-cache-ttl=...</span></dt><dd><p>
Seconds to store queries with an answer in the Query Cache. See <a class="xref" href="performance-settings.html#querycache" title="3.2. Query Cache">Section 3.2, “Query Cache”</a>.
</p></dd><dt><span class="term">query-local-address=...</span></dt><dd><p>
The IP address to use as a source address for sending queries. Useful if you have multiple IPs and pdns is not bound to the IP address your operating system uses by default for outgoing packets.
</p></dd><dt><span class="term">query-local-address6=...</span></dt><dd><p>
Source IP address for sending IPv6 queries.
</p></dd><dt><span class="term">query-logging | query-logging=yes | query-logging=no</span></dt><dd><p>
Hints to a backend that it should log a textual representation of queries it performs. Can be set at runtime.
</p></dd><dt><span class="term">queue-limit=...</span></dt><dd><p>
Maximum number of milliseconds to queue a query. See <a class="xref" href="performance.html" title="Chapter 9. Authoritative Server Performance">Chapter 9, <i>Authoritative Server Performance</i></a>.
</p></dd><dt><span class="term">receiver-threads=...</span></dt><dd><p>
Number of receiver threads to start. See <a class="xref" href="performance.html" title="Chapter 9. Authoritative Server Performance">Chapter 9, <i>Authoritative Server Performance</i></a>.
</p></dd><dt><span class="term">recursive-cache-ttl=...</span></dt><dd><p>
Seconds to store recursive packets in the PacketCache. See <a class="xref" href="performance-settings.html#packetcache" title="3.1. Packet Cache">Section 3.1, “Packet Cache”</a>.
</p></dd><dt><span class="term">recursor=...</span></dt><dd><p>
If set, recursive queries will be handed to the recursor specified here. See <a class="xref" href="recursion.html" title="Chapter 16. Recursion">Chapter 16, <i>Recursion</i></a>.
</p></dd><dt><span class="term">retrieval-threads=...</span></dt><dd><p>
Number of AXFR slave threads to start.
</p></dd><dt><span class="term">send-root-referral | --send-root-referral=yes | --send-root-referral=no | --send-root-referral=lean</span></dt><dd><p>
If set, PowerDNS will send out old-fashioned root-referrals when queried for domains for which it is not authoritative. Wastes some bandwidth
but may solve incoming query floods if domains are delegated to you for which you are not authoritative, but which are queried by broken
recursors. Available since version 2.9.19.
</p><p>
Since version 2.9.21, it is possible to specify 'lean' root referrals, which waste less bandwidth.
</p></dd><dt><span class="term">setgid=...</span></dt><dd><p>
If set, change group id to this gid for more security. See <a class="xref" href="security.html" title="Chapter 7. Security settings & considerations">Chapter 7, <i>Security settings & considerations</i></a>.
</p></dd><dt><span class="term">setuid=...</span></dt><dd><p>
If set, change user id to this uid for more security. See <a class="xref" href="security.html" title="Chapter 7. Security settings & considerations">Chapter 7, <i>Security settings & considerations</i></a>.
</p></dd><dt><span class="term">slave [,=on].</span></dt><dd><p>
Turn on slave support. Boolean.
</p></dd><dt><span class="term">slave-cycle-interval=60</span></dt><dd><p>
Schedule slave up-to-date checks of domains whose status is unknown every .. seconds.
</p></dd><dt><span class="term">slave-renotify [,=no]</span></dt><dd><p>
This setting will make PowerDNS renotify the after a AXFR is *received* from a master. This is useful when using when running a signing-slave.
</p></dd><dt><span class="term">signing-threads=3</span></dt><dd><p>
Tell PowerDNS how many threads to use for signing. It might help improve signing speed by changing this number.
</p></dd><dt><span class="term">smtpredirector=...</span></dt><dd><p>
Our smtpredir MX host. See <a class="xref" href="fancy-records.html" title="Chapter 19. Fancy records for seamless email and URL integration">Chapter 19, <i>Fancy records for seamless email and URL integration</i></a>.
</p></dd><dt><span class="term">soa-expire-default=604800</span></dt><dd><p>
Default <a class="link" href="types.html#soa-type">SOA</a> expire.
</p></dd><dt><span class="term">soa-minimum-ttl=3600</span></dt><dd><p>
Default <a class="link" href="types.html#soa-type">SOA</a> minimum ttl.
</p></dd><dt><span class="term">soa-refresh-default=10800</span></dt><dd><p>
Default <a class="link" href="types.html#soa-type">SOA</a> refresh.
</p></dd><dt><span class="term">soa-retry-default=3600</span></dt><dd><p>
Default <a class="link" href="types.html#soa-type">SOA</a> retry.
</p></dd><dt><span class="term">soa-serial-offset=...</span></dt><dd><p>
If your database contains single-digit SOA serials and you need to host .DE domains, this setting can help
placate their 6-digit SOA serial requirements. Suggested value is to set this to 1000000 which adds 1000000 to all SOA Serials
under that offset.
</p></dd><dt><span class="term">socket-dir=...</span></dt><dd><p>
Where the controlsocket will live. See <a class="xref" href="pdns-internals.html#controlsocket" title="1. Controlsocket">Section 1, “Controlsocket”</a>.
</p></dd><dt><span class="term">strict-rfc-axfrs | --strict-rfc-axfrs=yes | --strict-rfc-axfrs=no</span></dt><dd><p>
Perform strictly RFC-conforming AXFRs, which are slow, but may be necessary to placate some old client tools.
</p></dd><dt><span class="term">tcp-control-address=...</span></dt><dd><p>
Address to bind to for TCP control.
</p></dd><dt><span class="term">tcp-control-port=...</span></dt><dd><p>
Port to bind to for TCP control.
</p></dd><dt><span class="term">tcp-control-range=...</span></dt><dd><p>
Limit TCP control to a specific client range.
</p></dd><dt><span class="term">tcp-control-secret=...</span></dt><dd><p>
Password for TCP control.
</p></dd><dt><span class="term">traceback-handler=...</span></dt><dd><p>
Enable the Linux-only traceback handler (default on).
</p></dd><dt><span class="term">trusted-notification-proxy=...</span></dt><dd><p>
IP address of incoming notification proxy
</p></dd><dt><span class="term">urlredirector=...</span></dt><dd><p>
Where we send hosts to that need to be url redirected. See <a class="xref" href="fancy-records.html" title="Chapter 19. Fancy records for seamless email and URL integration">Chapter 19, <i>Fancy records for seamless email and URL integration</i></a>.
</p></dd><dt><span class="term">version-string=anonymous|powerdns|full|custom</span></dt><dd><p>
When queried for its version over DNS (<span class="command"><strong>dig chaos txt version.bind @pdns.ip.address</strong></span>), PowerDNS normally
responds truthfully. With this setting you can overrule what will be returned. Set the <span class="command"><strong>version-string</strong></span>
to 'full' to get the default behaviour, to 'powerdns' to just make it state 'served by PowerDNS - http://www.powerdns.com'.
The 'anonymous' setting will return a ServFail, much like Microsoft nameservers do. You can set this response
to a custom value as well.
</p></dd><dt><span class="term">webserver | --webserver=yes | --webserver=no</span></dt><dd><p>
Start a webserver for monitoring. See <a class="xref" href="monitoring.html" title="Chapter 6. Logging & Monitoring Authoritative Server performance">Chapter 6, <i>Logging & Monitoring Authoritative Server performance</i></a>.
</p></dd><dt><span class="term">webserver-address=...</span></dt><dd><p>
IP Address of webserver to listen on. See <a class="xref" href="monitoring.html" title="Chapter 6. Logging & Monitoring Authoritative Server performance">Chapter 6, <i>Logging & Monitoring Authoritative Server performance</i></a>.
</p></dd><dt><span class="term">webserver-password=...</span></dt><dd><p>
Password required for accessing the webserver. See <a class="xref" href="monitoring.html" title="Chapter 6. Logging & Monitoring Authoritative Server performance">Chapter 6, <i>Logging & Monitoring Authoritative Server performance</i></a>.
</p></dd><dt><span class="term">webserver-port=...</span></dt><dd><p>
Port of webserver to listen on. See <a class="xref" href="monitoring.html" title="Chapter 6. Logging & Monitoring Authoritative Server performance">Chapter 6, <i>Logging & Monitoring Authoritative Server performance</i></a>.
</p></dd><dt><span class="term">webserver-print-arguments=...</span></dt><dd><p>
If the webserver should print arguments. See <a class="xref" href="monitoring.html" title="Chapter 6. Logging & Monitoring Authoritative Server performance">Chapter 6, <i>Logging & Monitoring Authoritative Server performance</i></a>.
</p></dd><dt><span class="term">wildcard-url=...</span></dt><dd><p>
Check for wildcard URL records.
</p></dd></dl></div><p>
</p></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="fancy-records.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="metrics.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 19. Fancy records for seamless email and URL integration </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 21. Index of all Authoritative Server metrics</td></tr></table></div></body></html>
