1PDNS_RECURSOR(1) PowerDNS Recursor PDNS_RECURSOR(1)
2
3
4
6 pdns_recursor - The PowerDNS Recursor binary
7
9 pdns_recursor [OPTION]...
10
12 pdns_recursor is a high performance, simple and secure recursing name‐
13 server. It currently powers hundreds of millions internet connections.
14
15 The recursor is configured via a configuration file, but each item in
16 that file can be overridden on the command line.
17
18 This manpage lists the core set of features needed to get the PowerDNS
19 Recursor working, for full and up to date details head to
20 https://doc.powerdns.com/.
21
23 To listen on 192.0.2.53 and allow the 192.0.2.0/24 subnet to recurse,
24 and run as in the background, execute:
25
26 # pdns_recursor --local-address=192.0.2.53 --allow-from=192.0.2.0/24 --daemon
27
28 To stop the recursor by hand, run:
29
30 # rec_control quit
31
32 However, the recommended way of starting and stopping the recursor is
33 to use the init.d script or systemctl(1).
34
36 For authoritative listing of options, consult the online documentation
37 at <https://doc.powerdns.com/>
38
39 --allow-from=<networks>
40 If set, only allow these comma separated networks, with network
41 mask to recurse. For example: 192.0.2.0/24,203.0.113.128/25.
42
43 --auth-zones=<authzones>
44 Where authzone is <zonename>=<filename>. Serve zonename from
45 filename authoritatively. For example:
46 ds9a.nl=/var/zones/ds9a.nl,powerdns.com=/var/zones/powerdns.com.
47
48 --chroot=<directory>
49 chroot the process to directory.
50
51 --client-tcp-timeout=<num>
52 Timeout in seconds when talking to TCP clients.
53
54 --config-dir=<directory>
55 Location of configuration directory (recursor.conf), the default
56 depends on the SYSCONFDIR option at build-time, which is usually
57 /etc/powerdns. The default can be found with pdns_recursor
58 --config | grep ' config-dir='.
59
60 --daemon
61 Operate as a daemon.
62
63 --delegation-only
64 Which domains we only accept delegations from (a Verisign spe‐
65 cial).
66
67 --entropy-source=<file>
68 Read new entropy from file, defaults to /dev/urandom.
69
70 --export-etc-hosts
71 If set, this flag will export the hostnames and IP addresses
72 mentioned in /etc/hosts.
73
74 --forward-zones=<forwardzones>
75 Where forwardzone is <zonename>=<address>. Queries for zonename
76 will be forwarded to address. address should be an IP address,
77 not a hostname (to prevent chicken and egg problems). Example:
78 forward-zones= ds9a.nl=213.244.168.210, powerdns.com=127.0.0.1.
79
80 --forward-zones-file=<filename>
81 Similar to --forward-zones, but read the options from filename.
82 filename should contain one zone per line, like:
83 ds9a.nl=213.244.168.210.
84
85 --help Show a summary of options.
86
87 --hint-file=<filename>
88 Load root hints from this filename
89
90 --local-address=<address>
91 Listen on address, separated by spaces or commas. Addresses
92 specified can include port numbers; any which do not include
93 port numbers will listen on --local-port.
94
95 --local-port=<port>
96 Listen on port.
97
98 --log-common-errors
99 If we should log rather common errors.
100
101 --max-cache-entries=<num>
102 Maximum number of entries in the main cache.
103
104 --max-negative-ttl=<num>
105 maximum number of seconds to keep a negative cached entry in
106 memory.
107
108 --max-tcp-clients=<num>
109 Maximum number of simultaneous TCP clients.
110
111 --max-tcp-per-client=<num>
112 If set, maximum number of TCP sessions per client (IP address).
113
114 --query-local-address=<address[,address...]>
115 Use address as Source IP address when sending queries.
116
117 --quiet
118 Suppress logging of questions and answers.
119
120 --server-id=<text>
121 Return text WHen queried for 'id.server' TXT, defaults to host‐
122 name.
123
124 --serve-rfc1918
125 On by default, this makes the server authoritatively aware of:
126 10.in-addr.arpa, 168.192.in-addr.arpa and
127 16-31.172.in-addr.arpa, which saves load on the AS112 servers.
128 Individual parts of these zones can still be loaded or for‐
129 warded.
130
131 --setgid=<gid>
132 If set, change group id to gid for more security.
133
134 --setuid=<uid>
135 If set, change user id to uid for more security.
136
137 --single-socket
138 If set, only use a single socket for outgoing queries.
139
140 --socket-dir=<directory>
141 The controlsocket will live in directory.
142
143 --spoof-nearmiss-max=<num>
144 If non-zero, assume spoofing after this many near misses.
145
146 --trace
147 if we should output heaps of logging.
148
149 --version-string=<text>
150 text WILL be reported on version.pdns or version.bind queries.
151
153 rec_control(1) systemctl(1)
154
156 PowerDNS.COM BV
157
159 2001-2019, PowerDNS.COM BV
160
161
162
163
164 Dec 11, 2020 PDNS_RECURSOR(1)