1PDNS_RECURSOR(1) PowerDNS Recursor PDNS_RECURSOR(1)
2
3
4
6 pdns_recursor - The PowerDNS Recursor binary
7
9 pdns_recursor [OPTION]...
10
12 pdns_recursor is a high performance, simple and secure recursing name‐
13 server. It currently powers hundreds of millions internet connections.
14
15 The recursor is configured via a configuration file, but each item in
16 that file can be overridden on the command line.
17
18 This manpage lists the core set of features needed to get the PowerDNS
19 Recursor working, for full and up to date details head to
20 https://doc.powerdns.com/.
21
23 To listen on 192.0.2.53 and allow the 192.0.2.0/24 subnet to recurse,
24 and run as in the background, execute:
25
26 # pdns_recursor --local-address=192.0.2.53 --allow-from=192.0.2.0/24 --daemon
27
28 To stop the recursor by hand, run:
29
30 # rec_control quit
31
32 However, the recommended way of starting and stopping the recursor is
33 to use the init.d script or systemctl(1).
34
36 For authoritative listing of options, consult the online documentation
37 at <https://doc.powerdns.com/>
38
39 --allow-from=<networks>
40 If set, only allow these comma separated networks, with network
41 mask to recurse. For example: 192.0.2.0/24,203.0.113.128/25.
42
43 --auth-zones=<authzones>
44 Where authzone is <zonename>=<filename>. Serve zonename from
45 filename authoritatively. For example:
46 ds9a.nl=/var/zones/ds9a.nl,powerdns.com=/var/zones/powerdns.com.
47
48 --chroot=<directory>
49 chroot the process to directory.
50
51 --client-tcp-timeout=<num>
52 Timeout in seconds when talking to TCP clients.
53
54 --config-dir=<directory>
55 Location of configuration directory (recursor.conf), the default
56 depends on the SYSCONFDIR option at build-time, which is usually
57 /etc/powerdns. The default can be found with pdns_recursor
58 --config | grep ' config-dir='.
59
60 --daemon
61 Operate as a daemon.
62
63 --delegation-only
64 Which domains we only accept delegations from (a Verisign spe‐
65 cial).
66
67 --entropy-source=<file>
68 Read new entropy from file, defaults to /dev/urandom.
69
70 --export-etc-hosts
71 If set, this flag will export the hostnames and IP addresses
72 mentioned in /etc/hosts.
73
74 --forward-zones=<forwardzones>
75 Where forwardzone is <zonename>=<address>. Queries for zonename
76 will be forwarded to address. address should be an IP address,
77 not a hostname (to prevent chicken and egg problems). Example:
78 forward-zones= ds9a.nl=213.244.168.210, powerdns.com=127.0.0.1.
79
80 --forward-zones-file=<filename>
81 Similar to --forward-zones, but read the options from filename.
82 filename should contain one zone per line, like:
83 ds9a.nl=213.244.168.210.
84
85 --help Show a summary of options.
86
87 --hint-file=<filename>
88 Load root hints from this filename
89
90 --local-address=<address>
91 Listen on address, separated by spaces or commas.
92
93 --local-port=<port>
94 Listen on port.
95
96 --log-common-errors
97 If we should log rather common errors.
98
99 --max-cache-entries=<num>
100 Maximum number of entries in the main cache.
101
102 --max-negative-ttl=<num>
103 maximum number of seconds to keep a negative cached entry in
104 memory.
105
106 --max-tcp-clients=<num>
107 Maximum number of simultaneous TCP clients.
108
109 --max-tcp-per-client=<num>
110 If set, maximum number of TCP sessions per client (IP address).
111
112 --query-local-address=<address>
113 Use address as Source IP address when sending queries.
114
115 --query-local-address6=<address>
116 Send out local IPv6 queries from address. Disabled by default,
117 which also disables outgoing IPv6 support. A useful setting is
118 '::0'.
119
120 --quiet
121 Suppress logging of questions and answers.
122
123 --server-id=<text>
124 Return text WHen queried for 'id.server' TXT, defaults to host‐
125 name.
126
127 --serve-rfc1918
128 On by default, this makes the server authoritatively aware of:
129 10.in-addr.arpa, 168.192.in-addr.arpa and
130 16-31.172.in-addr.arpa, which saves load on the AS112 servers.
131 Individual parts of these zones can still be loaded or for‐
132 warded.
133
134 --setgid=<gid>
135 If set, change group id to gid for more security.
136
137 --setuid=<uid>
138 If set, change user id to uid for more security.
139
140 --single-socket
141 If set, only use a single socket for outgoing queries.
142
143 --socket-dir=<directory>
144 The controlsocket will live in directory.
145
146 --spoof-nearmiss-max=<num>
147 If non-zero, assume spoofing after this many near misses.
148
149 --trace
150 if we should output heaps of logging.
151
152 --version-string=<text>
153 text WILL be reported on version.pdns or version.bind queries.
154
156 rec_control(1) systemctl(1)
157
159 PowerDNS.COM BV
160
162 2001-2019, PowerDNS.COM BV
163
164
165
166
1674.1 Jul 15, 2019 PDNS_RECURSOR(1)