All PDNS settings are listed here, excluding those that originate from backends, which are documented in the relevant chapters.
Behaviour pre 2.9.10: When not allowing AXFR (disable-axfr), DO allow from these IP addresses or netmasks.
Behaviour post 2.9.10: If set, only these IP addresses or netmasks will be able to perform AXFR.
By specifying allow-recursion, recursion can be restricted to netmasks specified. The default is to allow recursion from everywhere. Example: allow-recursion=192.168.0.0/24, 10.0.0.0/8, 1.2.3.4.
By specifying allow-recursion-override, local data even about hosts that don't exist will override the internet. This allows you to generate zones that don't really exist on the internet. Does increase the number of SQL queries for hosts that truly don't exist, also not in your database.
Seconds to store packets in the PacketCache. See Section 9.3.1.
If set, chroot to this directory for more security. See Chapter 7.
Location of configuration directory (pdns.conf)
Name of this virtual configuration - will rename the binary image. See Chapter 8.
Debugging switch - don't use.
Operate as a daemon
name to insert in the SOA record if none set in the backend
Do not allow zone transfers. Before 2.9.10, this could be overridden by allow-axfr-ips.
Do not listen to TCP queries. Breaks RFC compliance.
Default number of Distributor (backend) threads to start. See Chapter 9.
Perform AAAA additional processing.
Process URL and MBOXFW records. See Chapter 14.
Run within a guardian process. See Section B.2.
Provide a helpful message
Include a directory with configuration files. This adds support for pdns.d or config.d constructions.
Which backends to launch and order to query them in. See Section B.3.
On by default as of 2.1. Checks local data first before recursing. See Chapter 11.
Load this module - supply absolute or relative path. See Section B.3.
Local IP address to which we bind. You can specify multiple addresses separated by commas or whitespace. It is highly advised to bind to specific interfaces and not use the default 'bind to any'. This causes big problems if you have multiple IP addresses. Unix does not provide a way of figuring out what IP address a packet was sent to when binding to any.
Local IPv6 address to which we bind. You can specify multiple addresses separated by commas or whitespace.
The port on which we listen. Only one port possible.
If set to 'no', failed Windows Dynamic Updates will not be logged.
If set to 'no', informative-only DNS details will not even be sent to syslog, improving performance. Available from 2.5 and onwards.
If set to a digit, logging is performed under this LOCAL facility. See Section 6.3. Available from 1.99.9 and onwards. Do not pass names like 'local0'!
Amount of logging. Higher is more. Do not set below 3
If this many packets are waiting for database attention, consider the situation hopeless and respawn.
Allow this many incoming TCP DNS connections simultaneously.
Default directory for modules. See Section B.3.
Seconds to store queries with no answer in the Query Cache. See Section 9.3.2.
Do not attempt to read the configuration file.
Do not attempt to shuffle query results.
Do out of zone additional processing. This means that if a malicious user adds a '.com' zone to your server, it is not used for other domains and will not contaminate answers. Do not enable this setting if you run a public DNS service with untrusted users. Off by default.
Seconds to store queries with an answer in the Query Cache. See Section 9.3.2.
The IP address to use as a source address for sending queries. Useful if you have multiple IPs and pdns is not bound to the IP address your operating system uses by default for outgoing packets.
Hints to a backend that it should log a textual representation of queries it performs. Can be set at runtime.
Maximum number of miliseconds to queue a query. See Chapter 9.
Seconds to store recursive packets in the PacketCache. See Section 9.3.1.
If set, recursive queries will be handed to the recursor specified here. See Chapter 11.
If set, PowerDNS will send out old-fashioned root-referrals when queried for domains for which it is not authoritative. Wastes some bandwidth but may solve incoming query floods if domains are delegated to you for which you are not authoritative, but which are queried by broken recursors. Available since 2.9.19.
Since 2.9.21, it is possible to specify 'lean' root referrals, which waste less bandwidth.
If set, change group id to this gid for more security. See Chapter 7.
If set, change user id to this uid for more security. See Chapter 7.
Do not perform CNAME indirection for each query. Has performance implications. See Chapter 7.
Schedule slave up-to-date checks of domains whose status is unknown every .. seconds. See Chapter 14.
Our smtpredir MX host. See Chapter 14.
Default SOA expire.
Default SOA minimum ttl.
Default SOA refresh.
Default SOA retry.
If your database contains single-digit SOA serials and you need to host .DE domains, this setting can help placate their 6-digit SOA serial requirements. Suggested value is to set this to 1000000 which adds 1000000 to all SOA Serials under that offset.
Where the controlsocket will live. See Section B.1.
Perform strictly RFC conformant AXFRs, which are slow, but needed to placate some old client tools.
Where we send hosts to that need to be url redirected. See Chapter 14.
When queried for its version over DNS (dig chaos txt version.bind @pdns.ip.address), PowerDNS normally resonds truthfully. With this setting you can overrule what will be returned. Set the version-string to 'full' to get the default behaviour, to 'powerdns' to just make it state 'served by PowerDNS - http://www.powerdns.com'. The 'anonymous' setting will return a ServFail, much like Microsoft nameservers do. You can set this response to a custom value as well.
Start a webserver for monitoring. See Chapter 6.
IP Address of webserver to listen on. See Chapter 6.
Password required for accessing the webserver. See Chapter 6.
Port of webserver to listen on. See Chapter 6.
Check for wildcard URL records.
Honor wildcards in the database. On by default. Turning this off has performance implications, see Chapter 9.