table of contents
PDNSD.CONF(5) | File Formats Manual | PDNSD.CONF(5) |
NAME¶
pdnsd.conf - The configuration file for pdnsdDESCRIPTION¶
This manual page describes the layout of the pdnsd(8) configuration file and the available configuration options. The default location of the file is /etc/pdnsd.conf. This may be changed with the -c command line option. An example pdnsd.conf comes with the pdnsd distribution in the documentation directory or in /etc/pdnsd.conf.sample.FILE FORMAT¶
The configuration file is divided into sections. Each section is prefixed with the section name and opening curlies ({) and closed with closing curlies (}). In each section, configuration options can be given in the formglobal Section¶
The global section specifies parameters that affect the overall behaviour of the server. If you specify multiple global sections, the settings of those later in the file will overwrite the earlier given values.- perm_cache=(number|off);
- Switch the disk cache off or supply a maximum cache size in kB. If the disk cache is switched off, 8 bytes will still be written to disk. The memory cache is always 10kB larger than the file cache. This value is 2048 (2 MB) by default.
- cache_dir=string;
- Set the directory you want to keep the cache in. The default is "/var/cache/pdnsd" (unless pdnsd was compiled with a different default).
- server_port=number;
- Set the server port. This is especially useful when you
want to start the server and are not root. Note that you may also not
specify uptest=ping in the server section as non-root.
- server_ip=string;
- or
- interface=string;
- Set the IP address pdnsd listens on for requests. This can
be useful when the host has several interfaces and you want pdnsd not to
listen on all interfaces. For example, it is possible to bind pdnsd to
listen on 127.0.0.2 to allow pdnsd to be a forwarder for BIND. The default
setting for this option is server_ip=any, which means that pdnsd will
listen on all of your local interfaces. Presently you can only specify one
address here; if you want pdnsd to listen on multiple interfaces but not
all you will have to specify server_ip=any and use firewall rules to
restrict access.
- linkdown_kluge=(on|off);
- This option enables a kluge that some people might need: when all servers are marked down, with this option set the cache is not even used when a query is received, and a DNS error is returned in any case. The only exception from this is that local records (as specified in rr and source sections are still served normally. In general, you probably want to get cached entries even when the network is down, so this defaults to off.
- max_ttl=timespec;
- This option sets the maximum time a record is held in cache. All dns resource records have a time to live field that says for what period of time the record may be cached before it needs to be requeried. If this is more than the value given with max_ttl, this time to live value is set to max_ttl. This is done to prevent records from being cached an inappropriate long period of time, because that is almost never a good thing to do. Default is 604800s (one week).
- min_ttl=timespec;
- This option sets the minimum time a record is held in cache. All dns resource records have a time to live field that says for what period of time the record may be cached before it needs to be requeried. If this is less than the value given with min_ttl, this time to live value is set to min_ttl. Default is 120 seconds.
- neg_ttl=timespec;
- This option sets the time that negatively cached records will remain valid in the cache if no time to live can be determined. This is always the case when whole domains are being cached negatively, and additionally when record types are cached negatively for a domain for which no SOA record is known to pdnsd. If a SOA is present, the ttl of the SOA is taken.
- neg_rrs_pol=(on|off|auth|default);
- This sets the RR set policy for negative caching; this
tells pdnsd under which circumstances it should cache a record type
negatively for a certain domain. off will turn the negative caching of
record types off, on will always add a negative cache entry when a name
server did not return a record type we asked it for, and auth will only
add such entries if the answer came from an authoritative name server for
that domain.
- neg_domain_pol=(on|off|auth);
- This is analogue to neg_rrs_pol for whole domain negative
caching. It should be safe to set this on, because I have not seen a
caching server that will falsely claim that a domain does not exist.
- run_as=string;
- This option allows you to let pdnsd change its user and
group id after operations that needed privileges have been done. This
helps minimize security risks and is therefore recommended. The supplied
string gives a user name whose user id and primary group id are taken.
- strict_setuid=(on|off);
- When used together with the run_as option, this option lets
you specify that all threads of the program will run with the privileges
of the run_as user. This provides higher security than the normal run_as
option, but is not always possible. See the run_as option for further
discussion.
- paranoid=(on|off);
- Normally, pdnsd queries all servers in recursive mode (i.e.
instructs servers to query other servers themselves if possible, and to
give back answers for domains that may not be in its authority), and
accepts additional records with information for servers that are not in
the authority of the queried server. This opens the possibility of
so-called cache poisoning: a malicious attacker might set up a dns server
that, when queried, returns forged additional records. This way, he might
replace trusted servers with his own ones by making your dns server return
bad IP addresses. This option protects you from cache poisoning by
rejecting additional records that do not describe domains in the queried
servers authority space and not doing recursive queries any more. An
exception to this rule are the servers you specify in your config file,
which are trusted.
- ignore_cd=(on|off);
- New in version 1.2.8: This option lets you specify
that the CD bit of a DNS query will be ignored. Otherwise pdnsd will reply
FORMERR to clients that set this bit in a query. It is safe to enable this
option, as the CD bit refers to 'Checking Disabled' which means that the
client will accept non-authenticated data.
- scheme_file=string;
- In addition to normal uptests, you may specify that some servers shall only be queried when a certain pcmcia-cs scheme is active (only under linux). For that, pdnsd needs to know where the file resides that holds the pcmcia scheme information. Normally, this is either /var/lib/pcmcia/scheme or /var/state/pcmcia/scheme.
- status_ctl=(on|off);
- This has the same effect as the -s command line option: the
status control is enabled when on is specified.
- daemon=(on|off);
- This has the same effect as the -d command line option: the
daemon mode is enabled when on is specified.
- tcp_server=(on|off);
- tcp_server=on has the same effect as the -t or --tcp
command-line option: it enables TCP serving. Similarly, tcp_server=off is
like the --notcp command-line option.
- pid_file=string;
- This has the same effect as the -p command line option: you can specify a file that pdnsd will write its pid into when it starts in daemon mode.
- verbosity=number;
- This has the same effect as the -v command line option: you can set the verbosity of pdnsd's messages with it. The argument is a number between 0 (few messages) to 3 (most messages).
- query_method=(tcp_only|udp_only|tcp_udp|udp_tcp);
- This has the same effect as the -m command line option.
Read the documentation for the command line option on this. tcp_only
corresponds to the to, udp_only to the uo, tcp_udp to the tu and udp_tcp
to the ut argument of the command line option.
- run_ipv4=(on|off);
- This has the same effect as the -4 or -6 command line option: if on is specified, IPv4 support is enabled, and IPv6 support is disabled (if available). If off is specified, IPv4 will be disabled and IPv6 will be enabled. For this option to be meaningful, pdnsd needs to be compiled with support for the protocol you choose. If pdnsd was compiled with both IPv4 and IPv6 support, and you want to include IPv6 addresses in the configuration file, you will probably need to specify run_ipv4=off first to ensure that the IPv6 addresses are parsed correctly.
- debug=(on|off);
- This has the same effect as the -g command line option: the debugging messages are enabled when on is specified.
- ctl_perms=number;
- This option allows you to set the file permissions that the
pdnsd status control socket will have. These are the same as file
permissions. The owner of the file will be the run_as user, or, if none is
specified, the user who started pdnsd. If you want to specify the
permissions in octal (as usual), don't forget the leading zero (0600
instead of 600!). To use the status control, write access is needed. The
default is 0600 (only the owner may read or write).
- proc_limit=number;
- With this option, you can set a limit on the pdnsd threads
that will be active simultaneously. If this number is exceeded, queries
are queued and may be delayed some time. See also the procq_limit option.
- procq_limit=number;
- When the query thread limit proc_limit is exceeded,
connection attempts to pdnsd will be queued. With this option, you can set
the maximum queue length. If this length is also exceeded, the incoming
queries will be dropped. That means that tcp connections will be closed
and udp queries will just be dropped, which will probably cause the
querying resolver to wait for an answer until it times out.
- tcp_qtimeout=timespec;
- This option sets a timeout for tcp queries. If no full query has been received on a tcp connection after that time has passed, the connection will be closed. The default is set using the --with-tcp-qtimeout option to configure.
- par_queries=number;
- This option used to set the maximum number of remote
servers that would be queried simultaneously, for every query that pdnsd
receives.
- timeout=timespec;
- This is the global timeout parameter for dns queries. This
specifies the minimum period of time pdnsd will wait after sending the
first query to a remote server before giving up without having received a
reply. The timeout options in the configuration file are now only minimum
timeout intervals. Setting the global timeout option makes it possible to
specify quite short timeout intervals in the server sections (see below).
This will have the effect that pdnsd will start querying additional
servers fairly quickly if the first servers are slow to respond (but will
still continue to listen for responses from the first ones). This may
allow pdnsd to get an answer more quickly in certain situations.
- randomize_recs=(on|off);
- If this option is turned on, pdnsd will randomly reorder
the cached records of one type when creating an answer. This supports
round-robin DNS schemes and increases fail safety for hosts with multiple
IP addresses, so this is usually a good idea.
- query_port_start=(number|none);
- If a number is given, this defines the start of the port
range used for queries of pdnsd. The value given must be >= 1024. The
purpose of this option is to aid certain firewall configurations that are
based on the source port. Please keep in mind that another application may
bind a port in that range, so a stateful firewall using target port and/or
process uid may be more effective. In case a query start port is given
pdnsd uses this port as the first port of a specified port range (see
query_port_end) used for queries. pdnsd will try to randomly select a free
port from this range as local port for the query.
- query_port_end=number;
- Used if query_port_start is not none. Defines the last port of the range started by query_port_start used for querys by pdnsd. The default is 65535, which is also the maximum legal value for this option. For details see the description of query_port_start.
- delegation_only=string;
- Added by Paul Rombouts: This option specifies a
"delegation-only" zone. This means that if pdnsd receives a
query for a name that is in a subdomain of a "delegation-only"
zone but the remote name server returns an answer with an authority
section lacking any NS RRs for subdomains of that zone, pdnsd will answer
NXDOMAIN (unknown domain). This feature can be used for undoing the
undesired effects of DNS "wildcards". Several
"delegation-only" zones may be specified together. If you
specify root servers in a server section it is important that you set
root_server=on in such a section.
- ipv4_6_prefix=string;
- This option has the same effect as the -i command-line
option. When pdnsd runs in IPv6 mode, this option specifies the prefix
pdnsd uses to convert IPv4 addresses in the configuration file (or
addresses specified with pdnsd-ctl) to IPv6-mapped addresses. The string
must be a valid IPv6 address. Only the first 96 bits are used. Note that
this only effects the parsing of IPv4 addresses listed after this option.
- use_nss=(on|off);
- If this option is turned on, pdnsd will call initgroups()
to set up the group access list, whenever pdnsd changes its user and group
id (see run_as option). There is a possible snag, though, if initgroups()
uses NSS (Name Service Switch) and NSS in turn uses DNS. In such a case
you may experience lengthy timeouts and stalls. By setting use_nss=off,
you can disable the initgroups() call (only possible in versions 1.2.5 and
later).
server Section¶
Each server section specifies a set of name servers that pdnsd should try to get resource records or authoritative name server information from. The servers are queried in the order of their appearance (or parallel to a limited extend). If one fails, the next one is taken and so on.- label=string;
- Specify a label for the server section. This can be used to
refer to this section when using pdnsd-ctl, the pdnsd control utility.
- ip=string;
- Give the IP (the address, not the host name) of the
server.
- file=string;
- New in version 1.2: This option allows you to give
the name of a resolv.conf-style file. Of the lines beginning with the
nameserver keyword, the second field will be parsed as an IP address, as
if it were specified with the ip= option. The remaining lines will be
ignored. If the contents of the file changes while pdnsd is running, you
can make pdnsd aware of the changes through the use of pdnsd-ctl, the
pdnsd control utility. This is usually most conveniently done by placing
the command "pdnsd-ctl config" in a script that is
automatically run whenever the DNS configuration changes.
- port=number;
- Give the port the remote name server listens on. Default is 53 (the official dns port)
- uptest=(ping|none|if|dev|diald|exec|query);
- Determine the method to check whether the server is available. Currently defined methods are:
- • ping: Send an ICMP_ECHO request to the server. If it doesn't respond within the timeout, it is regarded to be unavailable until the next probe.
- • none: The availability status is not changed, only the time stamp is updated.
- • if: Check whether the interface (specified in the interface= option) is existent, up and running. This currently works for all "ordinary" network interfaces, interfaces that disappear when down (e.g. ppp?), and additionally for Linux isdn interfaces (as of kernel 2.2). Note that you need a /dev/isdninfo device file (major#45, minor#255), or the isdn uptest will always fail.
- • dev and diald: Perform an if uptest,
and, if that was successful, additionally check whether a program is
running that has locked a given (modem-) device. The needed parameters are
an interface (specified as for the if uptest, e.g. "ppp0") and a
device relative to /dev (e.g. "modem" for /dev/modem specified
using the device= option. pdnsd will then look for a pid file for the
given interface in /var/lock (e.g. /var/run/ppp0.pid) and for a lockfile
for the given device (e.g. /var/lock/LCK..modem), and then test whether
the locking process is the process that created the pid file and this
process is still alive. If this is the case, the normal if uptest is
executed for the given interface.
- • exec: Executes a given command in the /bin/sh shell (as /bin/sh -c <command>) and evaluates the result (the return code of the last command) in the shell's way of handling return codes, i.e. 0 indicates success, all other indicate failure. The shell's process name will be uptest_sh. The command is given with the uptest_cmd option (see below). For secuity issues, also see that entry.
- • query: New in version 1.2: This works
like the ping test, except it sends an empty DNS query to the remote
server. If the server sends a well-formed response back within the timeout
period (except SERVFAIL), it will be regarded as available. This test is
useful if a remote server does not respond to ICMP_ECHO requests at all,
which unfortunately is quite common these days. In many cases this test
will be a more reliable indicator of availability than the ones mentioned
before.
- ping_timeout=number;
- Sets the timeout for the ping test in tenths of seconds
(this unit is used for legacy reasons; actually the current implementation
is only accurate to a second).
- ping_ip=string;
- The IP address for the ping test. The default is the IP of the name server.
- uptest_cmd=string,string;
- or
- uptest_cmd=string;
- Sets the command for the uptest=exec function to the first
string. If the second string is given, it specifies a user with whose user
id and primary group id the command is executed.
- interval=(timespec|onquery|ontimeout);
- Sets the interval for the server up-test. The default is
900 seconds; however, a test is forced when a query times out and the
timestamp is reset then.
- interface=string;
- The network interface (or network device, e.g. "eth0") for the uptest=if option. Must be specified if uptest=if is given.
- device=string;
- The (modem-) device that is used for the dev uptest. If you
use this for a dial-on-demand ppp uptest (together with uptest=dev), you
need to enter the device you are using for your pppd here, e.g. modem for
/dev/modem.
- timeout=timespec;
- Set the timeout for the dns query. The default is 120
seconds. You probably want to set this lower.
- purge_cache=(on|off);
- In every fetched dns record, there is a cache timeout
given, which specifies how long the fetched data may be cached until it
needs to be reloaded. If purge_cache is set to off, the stale records are
not purged (unless the cache size would be exceeded, in this case the
oldest records are purged). Instead, they are still served if they cannot
successfully be updated (e.g. because all servers are down).
- caching=(on|off);
- Specifies if caching shall be performed for this server at all. Default is on.
- lean_query=(on|off);
- Specifies whether to use the "lean" query mode.
In this mode, only the information actually queried from pdnsd is resolved
and cached. This has the advantage that usually less cache space is used
and the query is usually faster. In 90% of the cases, only address (A)
records are needed anyway. If switched off, pdnsd will always cache all
data about a host it can find and will specifically ask for all available
records (well, at least it is a good approximation for what it really does
;-) This will of course increase the answer packet sizes.
- scheme=string;
- You can specify a pcmcia-cs scheme that is used in addition to the uptests. If you specify a scheme here, the server this section is for will only be queries if the given scheme is active. Shell wildcards (* and ?) are allowed in the string under their special meanings. You need to use the scheme_file option on the global section to make this option work.
- preset=(on|off);
- This allows you to specify the initial state of a server before any uptest is performed. on specifies that the server is regarded available. The default is on. This is especially useful when you set uptest=none; and want to control a server only via pdnsd-ctl.
- proxy_only=(on|off);
- When this option is set to on, answers given by the servers
are always accepted, and no other servers (as, for example, specified in
the NS records of the query domain) are queried. If you do not turn this
option on, pdnsd will do such queries in some cases (in particular when
processing ANY queries).
- root_server=(on|off|discover);
- Set this option to on if the servers specified in a section
are root servers. A root server will typically only give the name servers
for the top-level domain in its reply. Setting root_server=on will cause
pdnsd to try to use cached information about top-level domains to reduce
to number of queries to root servers, making the resolving of new names
more efficient. You can get a list of available root servers by running
the command "dig . ns".
- randomize_servers=(on|off);
- New in version 1.2.6: Set this option to on to give
each name server in this section an equal chance of being queried. If this
option is off, the name servers are always queried starting with the first
one specified. Even with this option on, the query order is not truly
random. Only the first server is selected randomly; the following ones are
queried in consecutive order, wrapping around to the beginning of the list
when the end is reached. Note that this option only effects the order
within a section. The servers in the first (active) section are always
queried before those in the second one, etc.
The default is off, but if you are resolving from root servers setting this option on is highly recommended. If root_server=on this option also effects the query order of the name servers for the top-level domains.
- reject=string;
- New in version 1.2.6: This option can be used to
make pdnsd reject replies that contain certain IP addresses. You can
specify a single IP address, which will be matched exactly, or a range of
addresses using an address/mask pair. The mask can be specified as a
simple integer, indicating the number of initial 1 bits in the mask, or in
the usual IP address notation. IP addresses may be either IPv4 or IPv6
(provided there is sufficient support in the C libraries and
--disable-new-rrs was not used). When addresses in the reject list are
compared with those in a reply, only the bits corresponding to those set
in the netmask are significant, the rest are ignored.
- reject_policy=(fail|negate);
- New in version 1.2.6: This option determines what
pdnsd does when an address in the reply from a name server matches the
reject list (see above). If this option is set to fail, pdnsd will try
another server, or, if there no more servers to try, return the answer
SERVFAIL. If this option is set to negate, pdnsd will immediately return
the answer NXDOMAIN (unknown domain) without querying additional servers.
The fail setting is useful if you don't always trust the servers in this
section, but do trust the servers in the following section. The negate
setting can be used to completely censor certain IP addresses. In this
case you should put the same reject list in every server section, and also
set the reject_recursively option (see below) to true.
- reject_recursively=(on|off);
- New in version 1.2.6: Normally pdnsd checks for
addresses in the reject list (see above) only when the reply comes
directly from a name server listed in the configuration file. With this
option set to on, pdnsd will also do this check for name servers that
where obtained from NS records in the authority section of a previous
reply (which was incomplete and non-authoritative).
- policy=(included|excluded|simple_only|fqdn_only);
- pdnsd supports inclusion/exclusion lists for server
sections: with include= and exclude= (see below) you can specify domain
names for which this server will be used or will not be used. The first
match counts (i.e., the first include or exclude rule in a server section
that matches a domain name is applied, and the search for other rules is
terminated). If no rule matched a given domain name, the policy= option
determines whether this server is used for the lookup for that domain
name; when included is given, the server will be asked, and when excluded
is given, it will not. If simple_only is given the server will be used if
the name to lookup is a simple (single-label) domain name, on the other
hand if fqdn_only is given the server will be used only for names
consisting of two or more labels (i.e. the name has at least one dot
in-between).
- include=string;
- This option adds an entry to the exclusion/inclusion list.
If a domain matches the name given as string, the server is queried if
this was the first matching rule (see also the entry for policy).
- exclude=string;
- This option adds an entry to the exclusion/inclusion list.
If a domain matches the name given as string, the server is not queried if
this was the first matching rule (see also the entry for policy).
rr Section¶
Every rr section specifies a dns resource record that is stored locally. It allows you to specify own dns records that are served by pdnsd in a limited way. Only A, PTR, CNAME, MX, NS and SOA records are implemented.- name=string;
- Specifies the name of the resource records, i.e. the domain
name of the resource the record describes. This option must be specified
before any a, ptr, cname, mx, ns or soa records. Names are interpreted as
absolute domain names (i.e. pdnsd assumes they end in the root domain).
For this and all following arguments that take domain names, you need to
specify domain names in dotted notation (example venera.isi.edu.).
rr {
name = mydomain;
ns = localhost;
soa = localhost, root.localhost, 42, 86400, 900, 86400, 86400;
}
rr {
name = *.mydomain;
a = 192.168.1.10;
}
- ttl=timespec;
- Specifies the ttl (time to live) for all resource records in this section after this entry. This may be redefined. The default is 86400 seconds (=1 day).
- authrec=(on|off);
- If this is turned on, pdnsd will create authoritative local
records for this rr section. This means that pdnsd flags the domain record
so that records of this domain that are not present in the cache are
treated as non-existent, i.e. no other servers are queried for that record
type, and an response containing none of those records is returned. This
is most time what people want: if you add an A record for a host, and it
has no AAAA record (thus no IPv6 address), you normally don't want other
name servers to be queried for it.
- reverse=(on|off);
- New in version 1.2: If you want a locally defined
name to resolve to a numeric address and vice versa, you can achieve this
by setting reverse=on before defining the A record (see below). The
alternative is to define a separate PTR record, but you will probably find
this option much more convenient.
- a=string;
- Defines an A (host address) record. The argument is an IPv4
address in dotted notation. pdnsd will serve this address for the host
name given in the name option.
- ptr=string;
- Defines a PTR (domain name pointer) record. The argument is
a host name in dotted notation (see name). The ptr record is for resolving
addresses into names. For example, if you want the address 127.0.0.1 to
resolve into localhost, and localhost into 127.0.0.1, you need something
like the following sections:
rr {
name = localhost;
a = 127.0.0.1;
owner = localhost;
soa = localhost, root.localhost, 42, 86400, 900, 86400, 86400;
}
rr {
name = 1.0.0.127.in-addr.arpa;
ptr = localhost;
owner = localhost;
soa = localhost, root.localhost, 42, 86400, 900, 86400, 86400;
}
- cname=string;
- Defines a CNAME (canonical name) record. The argument
should be a fully-qualified host name in dotted notation (see name). A
CNAME is the DNS equivalent of an alias or symbolic link.
rr {
name = news;
cname = nntp2.myisp.com;
owner = localhost;
}
- mx=string,number;
- Defines an MX (mail exchange) record. The string is the
host name of the mail server in dotted notation (see name). The number
specifies the preference level.
- owner=string;
- or
- ns=string;
- Defines an NS (name server) record. Specifies the name of
the host which should be authoritative for the records you defined in the
rr section. This is typically the host pdnsd runs on.
- soa=string,string,number,timespec,timespec,timespec,timespec;
- This defines a soa (start of authority) record. The first
string is the domain name of the server and should be equal to the name
you specified as owner.
neg Section¶
Every neg section specifies a dns resource record or a dns domain that should be cached negatively locally. Queries for negatively cached records are always answered immediatley with an error or an empty answer without querying other hosts as long as the record is valid. The records defined with neg sections remain valid until they are explicitly invalidated or deleted by the user using pdnsd-ctl.neg {
name = news;
types = domain;
}
neg {
name = mail;
types = domain;
}
- name=string;
- Specifies the name of the domain for which negative cache
entries are created. This option must be specified before the types
option. Names are interpreted as absolute domain names (i.e. pdnsd assumes
they end in the root domain). You need to specify domain names in dotted
notation (example venera.isi.edu.).
- ttl=timespec;
- Specifies the ttl (time to live) for all resource records in this section after this entry. This may be redefined. The default is 86400 seconds (=1 day).
- types=(domain|rr_type[,rr_type[,rr_type[,...]]]);
- Specifies what is to be cached negatively: domain will
cache the whole domain negatively; alternatively, you can specify a
comma-separated list of RR types which are to be cached negatively. You
may specify multiple types options, but domain and the RR types are
mutually exclusive.
source Section¶
Every source section allows you to let pdnsd read the records from a file in an /etc/hosts-like format. pdnsd will generate records to resolve the entries address from its host name and vice versa for every entry in the file. This is normally easier than defining an rr for every of your addresses, since localhost and your other FQDNs are normally given in /etc/hosts.- owner=string;
- Specifies the name of the host pdnsd runs on and that are
specified in dns answers (specifically, nameserver records). Must be
specified before any file entries.
- ttl=timespec;
- Specifies the ttl (time to live) for all resource records in this section after this entry. This may be redefined. The default is 86400 seconds (=1 day).
- file=string;
- The string specifies a file name. For every file entry in a source section, pdnsd will try to load the given file as described above. Failure is indicated only when the file cannot be opened, malformed entries will be ignored.
- serve_aliases=(on|off);
- If this is turned on pdnsd will serve the aliases given in
a hosts-style file. These are the third entry in a line of a hosts-style
file, which usually give a "short name" for the host. This may
be used to support broken clients without a proper domain-search option.
If no aliases are given in a line of the file, pdnsd behaves as without
this option for this line.
- authrec=(on|off);
- If this is turned on, pdnsd will create authoritative local
records with the data from the hosts file. Please see the description of
the option of the same name in the rr section for a closer description of
what this means. Please note that this only has an effect for files
sourced with file options subsequent to this option.
include Section¶
A configuration file may include other configuration files. However, only the top-level configuration file may contain global and server sections, thus include files are effectively limited to sections that add local definitions to the cache.- file=string;
- The string specifies a file name. For every file option in
an include section, pdnsd will parse the given file as described above.
The file may contain include sections itself, but as a precaution pdnsd
checks that a certain maximum depth is not exceeded to guard against the
possibility of infinite recursion.
VERSION¶
This man page is correct for version 1.2.8-par of pdnsd.SEE ALSO¶
pdnsd(8), pdnsd-ctl(8) More documentation is available in the doc/ subdirectory of the source, or in /usr/share/doc/pdnsd/ if you are using a binary package.AUTHORS¶
pdnsd was originally written by Thomas Moestl <tmoestl@gmx.net> and was extensively revised by Paul Rombouts <p.a.rombouts@home.nl> (for versions 1.1.8b1-par and later). Several others have contributed to pdnsd; see files in the source or /usr/share/doc/pdnsd/ directory. This man page was automatically generated from the html documentation for pdnsd, using a customized Perl script written by Paul Rombouts. Last revised: 24 December 2009 by Paul RomboutsFeb 2010 | pdnsd 1.2.8-par |