1PDNS_RECURSOR(1) PowerDNS Recursor PDNS_RECURSOR(1)
2
6 pdns_recursor - The PowerDNS Recursor binary
7
9 pdns_recursor [OPTION]...
10
12 pdns_recursor is a high performance, simple and secure recursing name‐
13 server. It currently powers hundreds of millions internet connections.
14 The recursor is configured via a configuration file, but each item in
16 that file can be overridden on the command line.
17 This manpage lists the core set of features needed to get the PowerDNS
19 Recursor working, for full and up to date details head to
20 https://doc.powerdns.com/.
21
23 To listen on 192.0.2.53 and allow the 192.0.2.0/24 subnet to recurse,
24 and run as in the background, execute:
25 # pdns_recursor --local-address=192.0.2.53 --allow-from=192.0.2.0/24 --daemon
27 To stop the recursor by hand, run:
29 # rec_control quit
31 However, the recommended way of starting and stopping the recursor is
33 to use systemctl(1) or the init.d script.
34
36 For authoritative listing of options, consult the online documentation
37 at <https://doc.powerdns.com/>
38 --allow-from=<networks>
40 If set, only allow these comma separated networks, with network
41 mask to recurse. For example: 192.0.2.0/24,203.0.113.128/25.
42 --auth-zones=<authzones>
44 Where authzone is <zonename>=<filename>. Serve zonename from
45 filename authoritatively. For example:
46 ds9a.nl=/var/zones/ds9a.nl,powerdns.com=/var/zones/powerdns.com.
47 --chroot=<directory>
49 chroot the process to directory.
50 --client-tcp-timeout=<num>
52 Timeout in seconds when talking to TCP clients.
53 --config
55 Show the current configuration. Since 4.8.0 there are three op‐
56 tional values: --config=default to show the default configura‐
57 tion. --config=diff show modified options in the current
58 configuration. --config=check to check the current configura‐
59 tion for errors.
60 --config-dir=<directory>
62 Location of configuration directory (recursor.conf), the default
63 depends on the SYSCONFDIR option at build-time, which is usually
64 /etc/powerdns. The default can be found with pdns_recursor
65 --config | grep ' config-dir='.
66 --daemon
68 Operate as a daemon.
69 --entropy-source=<file>
71 Read new entropy from file, defaults to /dev/urandom.
72 --export-etc-hosts
74 If set, this flag will export the hostnames and IP addresses
75 mentioned in /etc/hosts.
76 --forward-zones=<forwardzones>
78 Where forwardzone is <zonename>=<address>. Queries for zonename
79 will be forwarded to address. address should be an IP address,
80 not a hostname (to prevent chicken and egg problems). Example:
81 forward-zones= ds9a.nl=213.244.168.210, powerdns.com=127.0.0.1.
82 --forward-zones-file=<filename>
84 Similar to --forward-zones, but read the options from filename.
85 filename should contain one zone per line, like:
86 ds9a.nl=213.244.168.210.
87 --help Show a summary of options.
89 --hint-file=<filename>
91 Load root hints from this filename
92 --local-address=<address>
94 Listen on address, separated by spaces or commas. Addresses
95 specified can include port numbers; any which do not include
96 port numbers will listen on --local-port.
97 --local-port=<port>
99 Listen on port.
100 --log-common-errors
102 If we should log rather common errors.
103 --max-cache-entries=<num>
105 Maximum number of entries in the main cache.
106 --max-negative-ttl=<num>
108 maximum number of seconds to keep a negative cached entry in
109 memory.
110 --max-tcp-clients=<num>
112 Maximum number of simultaneous TCP clients.
113 --max-tcp-per-client=<num>
115 If set, maximum number of TCP sessions per client (IP address).
116 --query-local-address=<address[,address...]>
118 Use address as Source IP address when sending queries.
119 --quiet
121 Suppress logging of questions and answers.
122 --server-id=<text>
124 Return text WHen queried for 'id.server' TXT, defaults to host‐
125 name.
126 --serve-rfc1918
128 On by default, this makes the server authoritatively aware of:
129 10.in-addr.arpa, 168.192.in-addr.arpa and
130 16-31.172.in-addr.arpa, which saves load on the AS112 servers.
131 Individual parts of these zones can still be loaded or for‐
132 warded.
133 --setgid=<gid>
135 If set, change group id to gid for more security.
136 --setuid=<uid>
138 If set, change user id to uid for more security.
139 --single-socket
141 If set, only use a single socket for outgoing queries.
142 --socket-dir=<directory>
144 The controlsocket will live in directory.
145 --spoof-nearmiss-max=<num>
147 If non-zero, assume spoofing after this many near misses.
148 --trace
150 if we should output heaps of logging.
151 --version-string=<text>
153 text WILL be reported on version.pdns or version.bind queries.
154
156 rec_control(1) systemctl(1) https://docs.powerdns.com/recursor
157
159 PowerDNS.COM BV
160
162 2001-2023, PowerDNS.COM BV
163 Nov 07, 2023 PDNS_RECURSOR(1)