1IXFRDIST.YML(5)          PowerDNS Authoritative Server         IXFRDIST.YML(5)
2
3
4

NAME

6       ixfrdist.yml - The ixfrdist configuration file
7

SYNOPSIS

9       ixfrdist.yml
10

DESCRIPTION

12       ixfrdist  reads  its  configuration from a YAML file.  By default, this
13       file is called ixfrdist.yml and is read from the  directory  configured
14       as  SYSCONFDIR  when  building the software.  This directory is usually
15       one of /etc/pdns, /etc/powerdns.  Run ixfrdist --help to  see  the  de‐
16       fault.
17

EXAMPLE

19          listen:
20            - 192.0.2.2
21            - '[2001:DB8:ABCD::2]:5300'
22            - 127.0.0.1
23
24          acl:
25            - 127.0.0.1
26            - '192.0.2.0/24'
27            - '2001:DB8:ABCD:1234::/64'
28
29          work-dir: /var/lib/ixfrdist
30
31          uid: ixfrdist
32          gid: ixfrdist
33
34          domains:
35            - domain: example.com
36              master: 192.0.2.18:5301
37            - domain: example.net
38              master: 2001:DB8:ABCD::2
39

OPTIONS

41       listen The  list  of  addresses to listen on.  ixfrdist listens on both
42              TCP and UDP.  When no port is specified, 53 is used. When speci‐
43              fying  ports  for IPv6, use the "bracket" notation.  By default,
44              ixfrdist listens on 127.0.0.1:53 and [::1]:53.
45
46       acl    A list of netmasks that are allowed to query  ixfrdist  and  re‐
47              quest  AXFRs  and IXFRs Entries without a netmask will be inter‐
48              preted as a single address.  By  default,  the  ACL  is  set  is
49              127.0.0.0/8 and ::1/128.
50
51       axfr-max-records
52              Maximum  number  of  records  allowed in an AXFR transaction re‐
53              quested by ixfrdist.  This may prevent  untrusted  sources  from
54              using  all  the  process memory.  By default, this setting is 0,
55              which means "unlimited".
56
57       axfr-timeout
58              Timeout in seconds an AXFR transaction requested by ixfrdist may
59              take.   Increase  this  when  the  network  to the authoritative
60              servers is slow or the domains are very large and you experience
61              timeouts.  Defaults to 20.
62
63       failed-soa-retry
64              Time  in  seconds between retries of the SOA query for a zone we
65              have never transferred. Defaults to 30.
66
67       compress
68              Whether record compression should be enabled, leading to smaller
69              answers  at  the cost of an increased CPU and memory usage.  De‐
70              faults to false.
71
72       work-dir
73              The directory where the domain data is stored.   When  not  set,
74              the  current  working directory is used.  This working directory
75              has  the   following   structure:   work-dir/ZONE/SERIAL,   e.g.
76              work-dir/rpz.example./2018011902.   It  is highly recommended to
77              set this option, as the current working directory  might  change
78              between  invocations.   This  directory must be writable for the
79              user or group ixfrdist runs as.
80
81       keep   Amount of older copies/IXFR diffs  to  keep  for  every  domain.
82              This is set to 20 by default.
83
84       tcp-in-threads
85              Number  of  threads  to  spawn  for TCP connections (AXFRs) from
86              downstream hosts.  This limits the number of concurrent AXFRs to
87              clients.  Set to 10 by default.
88
89       gid    Group name or numeric ID to drop privileges to after binding the
90              listen sockets.  By default, ixfrdist  runs  as  the  user  that
91              started the process.
92
93       uid    User  name or numeric ID to drop privileges to after binding the
94              listen sockets.  By default, ixfrdist  runs  as  the  user  that
95              started the process.
96
97       domains
98              A list of domains to redistribute.  This option is mandatory.
99
100              domain The domain name to transfer from the master.  Mandatory.
101
102              master IP  address  of  the server to transfer this domain from.
103                     Mandatory.
104
105       webserver-address
106              IP address to listen on for the built-in  webserver.   When  not
107              set, no webserver is started.
108
109       webserver-acl
110              A  list of networks that are allowed to access the ixfrdist web‐
111              server.  Entries without a netmask will be interpreted as a sin‐
112              gle  address.   By  default, this list is set to 127.0.0.0/8 and
113              ::1/128.
114
115       webserver-loglevel
116              How much the webserver should  log:  'none',  'normal'  or  'de‐
117              tailed'.   When  logging, each log-line contains the UUID of the
118              request, this allows finding errors caused by certain  requests.
119              With 'none', nothing is logged except for errors.  With 'normal'
120              (the default), one line per request is logged in  the  style  of
121              the common log format:
122
123                 [NOTICE] [webserver] 46326eef-b3ba-4455-8e76-15ec73879aa3 127.0.0.1:57566 "GET /metrics HTTP/1.1" 200 1846
124
125              with  'detailed',  the  full  requests  and responses (including
126              headers) are logged along with the regular log-line  from  'nor‐
127              mal'.
128

SEE ALSO

130       ixfrdist(1)
131

AUTHOR

133       PowerDNS.COM BV
134

COPYRIGHT

136       2001-2022, PowerDNS.COM BV
137
138
139
140
141                                 Apr 12, 2022                  IXFRDIST.YML(5)