1IXFRDIST.YML(5) PowerDNS Authoritative Server IXFRDIST.YML(5)
2
3
4
6 ixfrdist.yml - The ixfrdist configuration file
7
9 ixfrdist.yml
10
12 ixfrdist reads its configuration from a YAML file. By default, this
13 file is called ixfrdist.yml and is read from the directory configured
14 as SYSCONFDIR when building the software. This directory is usually
15 one of /etc/pdns, /etc/powerdns. Run ixfrdist --help to see the de‐
16 fault.
17
19 listen:
20 - 192.0.2.2
21 - '[2001:DB8:ABCD::2]:5300'
22 - 127.0.0.1
23
24 acl:
25 - 127.0.0.1
26 - '192.0.2.0/24'
27 - '2001:DB8:ABCD:1234::/64'
28
29 work-dir: /var/lib/ixfrdist
30
31 uid: ixfrdist
32 gid: ixfrdist
33
34 domains:
35 - domain: example.com
36 master: 192.0.2.18:5301
37 max-soa-refresh: 1800
38 - domain: example.net
39 master: 2001:DB8:ABCD::2
40
42 listen The list of addresses to listen on. ixfrdist listens on both
43 TCP and UDP. When no port is specified, 53 is used. When speci‐
44 fying ports for IPv6, use the "bracket" notation. By default,
45 ixfrdist listens on 127.0.0.1:53 and [::1]:53.
46
47 acl A list of netmasks that are allowed to query ixfrdist and re‐
48 quest AXFRs and IXFRs Entries without a netmask will be inter‐
49 preted as a single address. By default, the ACL is set is
50 127.0.0.0/8 and ::1/128.
51
52 axfr-max-records
53 Maximum number of records allowed in an AXFR transaction re‐
54 quested by ixfrdist. This may prevent untrusted sources from
55 using all the process memory. By default, this setting is 0,
56 which means "unlimited".
57
58 axfr-timeout
59 Timeout in seconds an AXFR transaction requested by ixfrdist may
60 take. Increase this when the network to the authoritative
61 servers is slow or the domains are very large and you experience
62 timeouts. Defaults to 20.
63
64 failed-soa-retry
65 Time in seconds between retries of the SOA query for a zone we
66 have never transferred. Defaults to 30.
67
68 compress
69 Whether record compression should be enabled, leading to smaller
70 answers at the cost of an increased CPU and memory usage. De‐
71 faults to false.
72
73 work-dir
74 The directory where the domain data is stored. When not set,
75 the current working directory is used. This working directory
76 has the following structure: work-dir/ZONE/SERIAL, e.g.
77 work-dir/rpz.example./2018011902. It is highly recommended to
78 set this option, as the current working directory might change
79 between invocations. This directory must be writable for the
80 user or group ixfrdist runs as.
81
82 keep Amount of older copies/IXFR diffs to keep for every domain.
83 This is set to 20 by default.
84
85 tcp-in-threads
86 Number of threads to spawn for TCP connections (AXFRs) from
87 downstream hosts. This limits the number of concurrent AXFRs to
88 clients. Set to 10 by default.
89
90 gid Group name or numeric ID to drop privileges to after binding the
91 listen sockets. By default, ixfrdist runs as the user that
92 started the process.
93
94 uid User name or numeric ID to drop privileges to after binding the
95 listen sockets. By default, ixfrdist runs as the user that
96 started the process.
97
98 domains
99 A list of domains to redistribute. This option is mandatory.
100
101 domain The domain name to transfer from the master. Mandatory.
102
103 master IP address of the server to transfer this domain from.
104 Mandatory.
105
106 max-soa-refresh
107 Cap the refresh time to the given maximum (in seconds).
108 Optional.
109
110 webserver-address
111 IP address to listen on for the built-in webserver. When not
112 set, no webserver is started.
113
114 webserver-acl
115 A list of networks that are allowed to access the ixfrdist web‐
116 server. Entries without a netmask will be interpreted as a sin‐
117 gle address. By default, this list is set to 127.0.0.0/8 and
118 ::1/128.
119
120 webserver-loglevel
121 How much the webserver should log: 'none', 'normal' or 'de‐
122 tailed'. When logging, each log-line contains the UUID of the
123 request, this allows finding errors caused by certain requests.
124 With 'none', nothing is logged except for errors. With 'normal'
125 (the default), one line per request is logged in the style of
126 the common log format:
127
128 [NOTICE] [webserver] 46326eef-b3ba-4455-8e76-15ec73879aa3 127.0.0.1:57566 "GET /metrics HTTP/1.1" 200 1846
129
130 with 'detailed', the full requests and responses (including
131 headers) are logged along with the regular log-line from 'nor‐
132 mal'.
133
135 ixfrdist(1)
136
138 PowerDNS.COM BV
139
141 2001-2023, PowerDNS.COM BV
142
143
144
145
146 Oct 05, 2023 IXFRDIST.YML(5)