-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnsd.conf.slave
187 lines (140 loc) · 4.61 KB
/
nsd.conf.slave
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
#
# nsd.conf -- the NSD(8) configuration file, nsd.conf(5).
#
# Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
#
# See LICENSE for the license.
#
# options for the nsd server
server:
# Number of NSD servers to fork. Put the number of CPUs to use here.
# server-count: 1
# uncomment to specify specific interfaces to bind (default are the
# wildcard interfaces 0.0.0.0 and ::0).
# ip-address: 1.2.3.4
# ip-address: 1.2.3.4@5678
# ip-address: 12fe::8ef0
# ip-address: 127.0.0.1
# Allow binding to non local addresses. Default no.
# ip-transparent: no
# enable debug mode, does not fork daemon process into the background.
#debug-mode: no
# listen on IPv4 connections
# do-ip4: yes
# listen on IPv6 connections
# do-ip6: yes
# port to answer queries on. default is 53.
port: 53
# Verbosity level.
verbosity: 2
# After binding socket, drop user privileges.
# can be a username, id or id.gid.
username: nsd
# The directory for zonefile: files. The daemon chdirs here.
zonesdir: "/etc/nsd/zones"
# the database to use
# if set to "" then no disk-database is used, less memory usage.
#database: "/var/lib/nsd/nsd.db"
database: ""
# Maximum number of concurrent TCP connections per server.
# tcp-count: 100
# Maximum number of queries served on a single TCP connection.
# By default 0, which means no maximum.
# tcp-query-count: 0
# Override the default (120 seconds) TCP timeout.
# tcp-timeout: 120
# Preferred EDNS buffer size for IPv4.
# ipv4-edns-size: 4096
# Preferred EDNS buffer size for IPv6.
# ipv6-edns-size: 4096
# statistics are produced every number of seconds. Prints to log.
# Default is 0, meaning no statistics are produced.
statistics: 60
# Number of seconds between reloads triggered by xfrd.
# xfrd-reload-timeout: 1
# round robin rotation of records in the answer.
round-robin: yes
# check mtime of all zone files on start and sighup
# zonefiles-check: yes
# write changed zonefiles to disk, every N seconds.
# default is 0(disabled) or 3600(if database is "").
zonefiles-write: 300
# RRLconfig
# Response Rate Limiting, size of the hashtable. Default 1000000.
# rrl-size: 1000000
# Response Rate Limiting, maximum QPS allowed (from one query source).
# Default 200. If set to 0, ratelimiting is disabled. Also set
# rrl-whitelist-ratelimit to 0 to disable ratelimit processing.
# rrl-ratelimit: 200
# Response Rate Limiting, number of packets to discard before
# sending a SLIP response (a truncated one, allowing an honest
# resolver to retry with TCP). Default is 2 (one half of the
# queries will receive a SLIP response, 0 disables SLIP (all
# packets are discarded), 1 means every request will get a
# SLIP response.
# rrl-slip: 2
# Response Rate Limiting, IPv4 prefix length. Addresses are
# grouped by netblock.
# rrl-ipv4-prefix-length: 24
# Response Rate Limiting, IPv6 prefix length. Addresses are
# grouped by netblock.
# rrl-ipv6-prefix-length: 64
# Response Rate Limiting, maximum QPS allowed (from one query source)
# for whitelisted types. Default 2000.
# rrl-whitelist-ratelimit: 2000
# RRLend
# Remote control config section.
remote-control:
# Enable remote control with nsd-control(8) here.
# set up the keys and certificates with nsd-control-setup.
control-enable: yes
# what interfaces are listened to for control, default is on localhost.
# control-interface: 127.0.0.1
# control-interface: ::1
# port number for remote control operations (uses TLS over TCP).
# control-port: 8952
# nsd server key file for remote control.
# server-key-file: "/etc/nsd/nsd_server.key"
# nsd server certificate file for remote control.
# server-cert-file: "/etc/nsd/nsd_server.pem"
# nsd-control key file.
# control-key-file: "/etc/nsd/nsd_control.key"
# nsd-control certificate file.
# control-cert-file: "/etc/nsd/nsd_control.pem"
include: /etc/nsd/secret.keys
pattern:
name: "qcbase"
zonefile: "db.%s"
notify-retry: 5
allow-notify: 172.16.1.100 qcon
request-xfr: 172.16.1.100 qcon
zone:
name: "at.quakecon.org."
include-pattern: "qcbase"
zone:
name: "quakeconcdn.org."
include-pattern: "qcbase"
zone:
name: "16.172.in-addr.arpa."
include-pattern: "qcbase"
zone:
name: "17.172.in-addr.arpa."
include-pattern: "qcbase"
zone:
name: "18.172.in-addr.arpa."
include-pattern: "qcbase"
zone:
name: "19.172.in-addr.arpa."
include-pattern: "qcbase"
zone:
name: "20.172.in-addr.arpa."
include-pattern: "qcbase"
zone:
name: "21.172.in-addr.arpa."
include-pattern: "qcbase"
zone:
name: "22.172.in-addr.arpa."
include-pattern: "qcbase"
zone:
name: "23.172.in-addr.arpa."
include-pattern: "qcbase"