1IXFRDIST.YML(5)          PowerDNS Authoritative Server         IXFRDIST.YML(5)
2
3
4

NAME

6       ixfrdist.yml - The ixfrdist configuration file
7

SYNOPSIS

9       ixfrdist.yml
10

DESCRIPTION

12       ixfrdist  reads  its  configuration from a YAML file.  By default, this
13       file is called ixfrdist.yml and is read from the  directory  configured
14       as  SYSCONFDIR  when  building the software.  This directory is usually
15       one of /etc/pdns, /etc/powerdns.  Run ixfrdist --help to  see  the  de‐
16       fault.
17

EXAMPLE

19          listen:
20            - 192.0.2.2
21            - '[2001:DB8:ABCD::2]:5300'
22            - 127.0.0.1
23
24          acl:
25            - 127.0.0.1
26            - '192.0.2.0/24'
27            - '2001:DB8:ABCD:1234::/64'
28
29          work-dir: /var/lib/ixfrdist
30
31          uid: ixfrdist
32          gid: ixfrdist
33
34          domains:
35            - domain: example.com
36              master: 192.0.2.18:5301
37              max-soa-refresh: 1800
38            - domain: example.net
39              master: 2001:DB8:ABCD::2
40

OPTIONS

42       listen The  list  of  addresses to listen on.  ixfrdist listens on both
43              TCP and UDP.  When no port is specified, 53 is used. When speci‐
44              fying  ports  for IPv6, use the "bracket" notation.  By default,
45              ixfrdist listens on 127.0.0.1:53 and [::1]:53.
46
47       acl    A list of netmasks that are allowed to query  ixfrdist  and  re‐
48              quest  AXFRs  and IXFRs Entries without a netmask will be inter‐
49              preted as a single address.  By  default,  the  ACL  is  set  is
50              127.0.0.0/8 and ::1/128.
51
52       axfr-max-records
53              Maximum  number  of  records  allowed in an AXFR transaction re‐
54              quested by ixfrdist.  This may prevent  untrusted  sources  from
55              using  all  the  process memory.  By default, this setting is 0,
56              which means "unlimited".
57
58       axfr-timeout
59              Timeout in seconds an AXFR transaction requested by ixfrdist may
60              take.   Increase  this  when  the  network  to the authoritative
61              servers is slow or the domains are very large and you experience
62              timeouts.  Defaults to 20.
63
64       failed-soa-retry
65              Time  in  seconds between retries of the SOA query for a zone we
66              have never transferred. Defaults to 30.
67
68       compress
69              Whether record compression should be enabled, leading to smaller
70              answers  at  the cost of an increased CPU and memory usage.  De‐
71              faults to false.
72
73       work-dir
74              The directory where the domain data is stored.   When  not  set,
75              the  current  working directory is used.  This working directory
76              has  the   following   structure:   work-dir/ZONE/SERIAL,   e.g.
77              work-dir/rpz.example./2018011902.   It  is highly recommended to
78              set this option, as the current working directory  might  change
79              between  invocations.   This  directory must be writable for the
80              user or group ixfrdist runs as.
81
82       keep   Amount of older copies/IXFR diffs  to  keep  for  every  domain.
83              This is set to 20 by default.
84
85       tcp-in-threads
86              Number  of  threads  to  spawn  for TCP connections (AXFRs) from
87              downstream hosts.  This limits the number of concurrent AXFRs to
88              clients.  Set to 10 by default.
89
90       gid    Group name or numeric ID to drop privileges to after binding the
91              listen sockets.  By default, ixfrdist  runs  as  the  user  that
92              started the process.
93
94       uid    User  name or numeric ID to drop privileges to after binding the
95              listen sockets.  By default, ixfrdist  runs  as  the  user  that
96              started the process.
97
98       domains
99              A list of domains to redistribute.  This option is mandatory.
100
101              domain The domain name to transfer from the master.  Mandatory.
102
103              master IP  address  of  the server to transfer this domain from.
104                     Mandatory.
105
106              max-soa-refresh
107                     Cap the refresh time to the given maximum  (in  seconds).
108                     Optional.
109
110       webserver-address
111              IP  address  to  listen on for the built-in webserver.  When not
112              set, no webserver is started.
113
114       webserver-acl
115              A list of networks that are allowed to access the ixfrdist  web‐
116              server.  Entries without a netmask will be interpreted as a sin‐
117              gle address.  By default, this list is set  to  127.0.0.0/8  and
118              ::1/128.
119
120       webserver-loglevel
121              How  much  the  webserver  should  log: 'none', 'normal' or 'de‐
122              tailed'.  When logging, each log-line contains the UUID  of  the
123              request,  this allows finding errors caused by certain requests.
124              With 'none', nothing is logged except for errors.  With 'normal'
125              (the  default),  one  line per request is logged in the style of
126              the common log format:
127
128                 [NOTICE] [webserver] 46326eef-b3ba-4455-8e76-15ec73879aa3 127.0.0.1:57566 "GET /metrics HTTP/1.1" 200 1846
129
130              with 'detailed', the  full  requests  and  responses  (including
131              headers)  are  logged along with the regular log-line from 'nor‐
132              mal'.
133

SEE ALSO

135       ixfrdist(1)
136

AUTHOR

138       PowerDNS.COM BV
139

COPYRIGHT

141       2001-2023, PowerDNS.COM BV
142
143
144
145
146                                 Oct 05, 2023                  IXFRDIST.YML(5)