1PDNS_RECURSOR(1) PowerDNS Recursor PDNS_RECURSOR(1)
2
3
4
6 pdns_recursor - The PowerDNS Recursor binary
7
9 pdns_recursor [OPTION]...
10
12 pdns_recursor is a high performance, simple and secure recursing name‐
13 server. It currently powers hundreds of millions internet connections.
14
15 The recursor is configured via a configuration file, but each item in
16 that file can be overridden on the command line.
17
18 This manpage lists the core set of features needed to get the PowerDNS
19 Recursor working, for full and up to date details head to
20 https://doc.powerdns.com/.
21
23 To listen on 192.0.2.53 and allow the 192.0.2.0/24 subnet to recurse,
24 and run as in the background, execute:
25
26 # pdns_recursor --local-address=192.0.2.53 --allow-from=192.0.2.0/24 --daemon
27
28 To stop the recursor by hand, run:
29
30 # rec_control quit
31
32 However, the recommended way of starting and stopping the recursor is
33 to use the init.d script or systemctl(1).
34
36 For authoritative listing of options, consult the online documentation
37 at <https://doc.powerdns.com/>
38
39 --allow-from=<networks>
40 If set, only allow these comma separated networks, with network
41 mask to recurse. For example: 192.0.2.0/24,203.0.113.128/25.
42
43 --auth-zones=<authzones>
44 Where authzone is <zonename>=<filename>. Serve zonename from
45 filename authoritatively. For example:
46 ds9a.nl=/var/zones/ds9a.nl,powerdns.com=/var/zones/powerdns.com.
47
48 --chroot=<directory>
49 chroot the process to directory.
50
51 --client-tcp-timeout=<num>
52 Timeout in seconds when talking to TCP clients.
53
54 --config-dir=<directory>
55 Location of configuration directory (recursor.conf), the default
56 depends on the SYSCONFDIR option at build-time, which is usually
57 /etc/powerdns. The default can be found with pdns_recursor
58 --config | grep ' config-dir='.
59
60 --daemon
61 Operate as a daemon.
62
63 --entropy-source=<file>
64 Read new entropy from file, defaults to /dev/urandom.
65
66 --export-etc-hosts
67 If set, this flag will export the hostnames and IP addresses
68 mentioned in /etc/hosts.
69
70 --forward-zones=<forwardzones>
71 Where forwardzone is <zonename>=<address>. Queries for zonename
72 will be forwarded to address. address should be an IP address,
73 not a hostname (to prevent chicken and egg problems). Example:
74 forward-zones= ds9a.nl=213.244.168.210, powerdns.com=127.0.0.1.
75
76 --forward-zones-file=<filename>
77 Similar to --forward-zones, but read the options from filename.
78 filename should contain one zone per line, like:
79 ds9a.nl=213.244.168.210.
80
81 --help Show a summary of options.
82
83 --hint-file=<filename>
84 Load root hints from this filename
85
86 --local-address=<address>
87 Listen on address, separated by spaces or commas. Addresses
88 specified can include port numbers; any which do not include
89 port numbers will listen on --local-port.
90
91 --local-port=<port>
92 Listen on port.
93
94 --log-common-errors
95 If we should log rather common errors.
96
97 --max-cache-entries=<num>
98 Maximum number of entries in the main cache.
99
100 --max-negative-ttl=<num>
101 maximum number of seconds to keep a negative cached entry in
102 memory.
103
104 --max-tcp-clients=<num>
105 Maximum number of simultaneous TCP clients.
106
107 --max-tcp-per-client=<num>
108 If set, maximum number of TCP sessions per client (IP address).
109
110 --query-local-address=<address[,address...]>
111 Use address as Source IP address when sending queries.
112
113 --quiet
114 Suppress logging of questions and answers.
115
116 --server-id=<text>
117 Return text WHen queried for 'id.server' TXT, defaults to host‐
118 name.
119
120 --serve-rfc1918
121 On by default, this makes the server authoritatively aware of:
122 10.in-addr.arpa, 168.192.in-addr.arpa and
123 16-31.172.in-addr.arpa, which saves load on the AS112 servers.
124 Individual parts of these zones can still be loaded or for‐
125 warded.
126
127 --setgid=<gid>
128 If set, change group id to gid for more security.
129
130 --setuid=<uid>
131 If set, change user id to uid for more security.
132
133 --single-socket
134 If set, only use a single socket for outgoing queries.
135
136 --socket-dir=<directory>
137 The controlsocket will live in directory.
138
139 --spoof-nearmiss-max=<num>
140 If non-zero, assume spoofing after this many near misses.
141
142 --trace
143 if we should output heaps of logging.
144
145 --version-string=<text>
146 text WILL be reported on version.pdns or version.bind queries.
147
149 rec_control(1) systemctl(1)
150
152 PowerDNS.COM BV
153
155 2001-2022, PowerDNS.COM BV
156
157
158
159
160 Jul 07, 2022 PDNS_RECURSOR(1)