NAME

ixfrdist.yml - The ixfrdist configuration file

SYNOPSIS

ixfrdist.yml

DESCRIPTION

ixfrdist reads its configuration from a YAML file. By default, this file is called ixfrdist.yml and is read from the directory configured as SYSCONFDIR when building the software. This directory is usually one of /etc/pdns, /etc/powerdns. Run ixfrdist --help to see the default.

EXAMPLE

listen:


  - 192.0.2.2


  - '[2001:DB8:ABCD::2]:5300'


  - 127.0.0.1
acl:


  - 127.0.0.1


  - '192.0.2.0/24'


  - '2001:DB8:ABCD:1234::/64'
work-dir: /var/lib/ixfrdist
uid: ixfrdist
gid: ixfrdist
domains:


  - domain: example.com


    master: 192.0.2.18:5301


  - domain: example.net


    master: 2001:DB8:ABCD::2

OPTIONS

listen: The list of addresses to listen on. ixfrdist listens on both TCP and UDP. When no port is specified, 53 is used. When specifying ports for IPv6, use the "bracket" notation. By default, ixfrdist listens on 127.0.0.1:53 and [::1]:53.
acl: A list of netmasks that are allowed to query ixfrdist and request AXFRs and IXFRs Entries without a netmask will be interpreted as a single address. By default, the ACL is set is 127.0.0.0/8 and ::1/128.
axfr-max-records: Maximum number of records allowed in an AXFR transaction requested by ixfrdist. This may prevent untrusted sources from using all the process memory. By default, this setting is 0, which means "unlimited".
axfr-timeout: Timeout in seconds an AXFR transaction requested by ixfrdist may take. Increase this when the network to the authoritative servers is slow or the domains are very large and you experience timeouts. Defaults to 20.
failed-soa-retry: Time in seconds between retries of the SOA query for a zone we have never transferred. Defaults to 30.
compress: Whether record compression should be enabled, leading to smaller answers at the cost of an increased CPU and memory usage. Defaults to false.
work-dir: The directory where the domain data is stored. When not set, the current working directory is used. This working directory has the following structure: work-dir/ZONE/SERIAL, e.g. work-dir/rpz.example./2018011902. It is highly recommended to set this option, as the current working directory might change between invocations. This directory must be writable for the user or group ixfrdist runs as.
keep: Amount of older copies/IXFR diffs to keep for every domain. This is set to 20 by default.
tcp-in-threads: Number of threads to spawn for TCP connections (AXFRs) from downstream hosts. This limits the number of concurrent AXFRs to clients. Set to 10 by default.
gid: Group name or numeric ID to drop privileges to after binding the listen sockets. By default, ixfrdist runs as the user that started the process.
uid: User name or numeric ID to drop privileges to after binding the listen sockets. By default, ixfrdist runs as the user that started the process.
domains: A list of domains to redistribute. This option is mandatory.

domain: The domain name to transfer from the master. Mandatory.
master: IP address of the server to transfer this domain from. Mandatory.

webserver-address: IP address to listen on for the built-in webserver. When not set, no webserver is started.
webserver-acl: A list of networks that are allowed to access the ixfrdist webserver. Entries without a netmask will be interpreted as a single address. By default, this list is set to 127.0.0.0/8 and ::1/128.
webserver-loglevel: How much the webserver should log: 'none', 'normal' or 'detailed'. When logging, each log-line contains the UUID of the request, this allows finding errors caused by certain requests. With 'none', nothing is logged except for errors. With 'normal' (the default), one line per request is logged in the style of the common log format:

[NOTICE] [webserver] 46326eef-b3ba-4455-8e76-15ec73879aa3 127.0.0.1:57566 "GET /metrics HTTP/1.1" 200 1846

with 'detailed', the full requests and responses (including headers) are logged along with the regular log-line from 'normal'.

AUTHOR

PowerDNS.COM BV

COPYRIGHT

2001-2022, PowerDNS.COM BV

December 8, 2022