1
0
forked from infra/ansible
infra/roles/dns-intern/templates/recursor.conf.j2

62 lines
1.7 KiB
Plaintext
Raw Normal View History

# {{ ansible_managed }}
2017-01-07 15:41:21 +01:00
#################################
# allow-from If set, only allow these comma separated netmasks to recurse
#
#allow-from=127.0.0.0/8
2017-01-07 15:41:21 +01:00
#################################
# config-dir Location of configuration directory (recursor.conf)
2017-01-07 15:41:21 +01:00
#
config-dir=/etc/powerdns
2017-01-07 15:41:21 +01:00
2017-01-23 20:09:43 +01:00
#################################
# dnssec DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate
#
# dnssec=process-no-validate
dnssec=off
#################################
# forward-zones Zones for which we forward queries, comma separated domain=ip pairs
#
# forward-zones=
forward-zones=binary.kitchen=127.0.0.1:5300,23.172.in-addr.arpa=127.0.0.1:5300
2017-01-07 15:41:21 +01:00
#################################
# local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports.
#
local-address=127.0.0.1,{{ ansible_default_ipv4.address }}
2017-01-07 15:41:21 +01:00
#################################
# local-port port to listen on
#
local-port=53
#################################
# query-local-address6 Send out local IPv6 queries from this address or addresses. Disabled by default, which also disables outgoing
#
{% if global_ipv6 is defined %}
query-local-address6={{ global_ipv6 | ipaddr('address') }}
{% endif %}
2017-01-07 15:41:21 +01:00
#################################
# quiet Suppress logging of questions and answers
#
2018-01-23 18:29:16 +01:00
quiet=yes
#################################
# security-poll-suffix Domain name from which to query security update notifications
#
# security-poll-suffix=secpoll.powerdns.com.
security-poll-suffix=
2017-01-07 15:41:21 +01:00
#################################
# setgid If set, change group id to this gid for more security
#
setgid=pdns
#################################
# setuid If set, change user id to this uid for more security
#
setuid=pdns