The configuration options. More...

#include <config_file.h>

Data Fields
int	verbosity
	verbosity level as specified in the config file

int	stat_interval
	statistics interval (in seconds)

int	stat_cumulative
	if false, statistics values are reset after printing them

int	stat_extended
	if true, the statistics are kept in greater detail

int	num_threads
	number of threads to create

int	port
	port on which queries are answered. More...

int	do_ip4
	do ip4 query support. More...

int	do_ip6
	do ip6 query support. More...

int	prefer_ip6
	prefer ip6 upstream queries. More...

int	do_udp
	do udp query support. More...

int	do_tcp
	do tcp query support. More...

int	tcp_upstream
	tcp upstream queries (no UDP upstream queries)

int	udp_upstream_without_downstream
	udp upstream enabled when no UDP downstream is enabled (do_udp no)

int	tcp_mss
	maximum segment size of tcp socket which queries are answered

int	outgoing_tcp_mss
	maximum segment size of tcp socket for outgoing queries

char *	ssl_service_key
	private key file for dnstcp-ssl service (enabled if not NULL)

char *	ssl_service_pem
	public key file for dnstcp-ssl service

int	ssl_port
	port on which to provide ssl service

int	ssl_upstream
	if outgoing tcp connections use SSL

int	outgoing_num_ports
	outgoing port range number of ports (per thread)

size_t	outgoing_num_tcp
	number of outgoing tcp buffers per (per thread)

size_t	incoming_num_tcp
	number of incoming tcp buffers per (per thread)

int *	outgoing_avail_ports
	allowed udp port numbers, array with 0 if not allowed

size_t	edns_buffer_size
	EDNS buffer size to use.

size_t	msg_buffer_size
	number of bytes buffer size for DNS messages

size_t	msg_cache_size
	size of the message cache

size_t	msg_cache_slabs
	slabs in the message cache. More...

size_t	num_queries_per_thread
	number of queries every thread can service

size_t	jostle_time
	number of msec to wait before items can be jostled out

size_t	rrset_cache_size
	size of the rrset cache

size_t	rrset_cache_slabs
	slabs in the rrset cache

int	host_ttl
	host cache ttl in seconds

size_t	infra_cache_slabs
	number of slabs in the infra host cache

size_t	infra_cache_numhosts
	max number of hosts in the infra cache

int	infra_cache_min_rtt
	min value for infra cache rtt

int	delay_close
	delay close of udp-timeouted ports, if 0 no delayclose. More...

char *	target_fetch_policy
	the target fetch policy for the iterator

int	if_automatic
	automatic interface for incoming messages. More...

size_t	so_rcvbuf
	SO_RCVBUF size to set on port 53 UDP socket.

size_t	so_sndbuf
	SO_SNDBUF size to set on port 53 UDP socket.

int	so_reuseport
	SO_REUSEPORT requested on port 53 sockets.

int	ip_transparent
	IP_TRANSPARENT socket option requested on port 53 sockets.

int	ip_freebind
	IP_FREEBIND socket option request on port 53 sockets.

int	num_ifs
	number of interfaces to open. More...

char **	ifs
	interface description strings (IP addresses)

int	num_out_ifs
	number of outgoing interfaces to open. More...

char **	out_ifs
	outgoing interface description strings (IP addresses)

struct config_strlist *	root_hints
	the root hints

struct config_stub *	stubs
	the stub definitions, linked list

struct config_stub *	forwards
	the forward zone definitions, linked list

struct config_view *	views
	the views definitions, linked list

struct config_strlist *	donotqueryaddrs
	list of donotquery addresses, linked list

struct config_str2list *	acls
	list of access control entries, linked list

int	donotquery_localhost
	use default localhost donotqueryaddr entries

int	harden_short_bufsize
	harden against very small edns buffer sizes

int	harden_large_queries
	harden against very large query sizes

int	harden_glue
	harden against spoofed glue (out of zone data)

int	harden_dnssec_stripped
	harden against receiving no DNSSEC data for trust anchor

int	harden_below_nxdomain
	harden against queries that fall under known nxdomain names

int	harden_referral_path
	harden the referral path, query for NS,A,AAAA and validate

int	harden_algo_downgrade
	harden against algorithm downgrade

int	use_caps_bits_for_id
	use 0x20 bits in query as random ID bits

struct config_strlist *	caps_whitelist
	0x20 whitelist, domains that do not use capsforid

struct config_strlist *	private_address
	strip away these private addrs from answers, no DNS Rebinding

struct config_strlist *	private_domain
	allow domain (and subdomains) to use private address space

size_t	unwanted_threshold
	what threshold for unwanted action. More...

int	max_ttl
	the number of seconds maximal TTL used for RRsets and messages

int	min_ttl
	the number of seconds minimum TTL used for RRsets and messages

int	max_negative_ttl
	the number of seconds maximal negative TTL for SOA in auth

int	prefetch
	if prefetching of messages should be performed. More...

int	prefetch_key
	if prefetching of DNSKEYs should be performed. More...

char *	chrootdir
	chrootdir, if not "" or chroot will be done

char *	username
	username to change to, if not "". More...

char *	directory
	working directory

char *	logfile
	filename to log to. More...

char *	pidfile
	pidfile to write pid to. More...

int	use_syslog
	should log messages be sent to syslogd

int	log_time_ascii
	log timestamp in ascii UTC

int	log_queries
	log queries with one line per query

int	log_replies
	log replies with one line per reply

char *	log_identity
	log identity to report

int	hide_identity
	do not report identity (id.server, hostname.bind)

int	hide_version
	do not report version (version.server, version.bind)

int	hide_trustanchor
	do not report trustanchor (trustanchor.unbound)

char *	identity
	identity, hostname is returned if "". More...

char *	version
	version, package version returned if "". More...

char *	module_conf
	the module configuration string

struct config_strlist *	trust_anchor_file_list
	files with trusted DS and DNSKEYs in zonefile format, list

struct config_strlist *	trust_anchor_list
	list of trustanchor keys, linked list

struct config_strlist *	auto_trust_anchor_file_list
	files with 5011 autotrust tracked keys

struct config_strlist *	trusted_keys_file_list
	files with trusted DNSKEYs in named.conf format, list

char *	dlv_anchor_file
	DLV anchor file.

struct config_strlist *	dlv_anchor_list
	DLV anchor inline.

struct config_strlist *	domain_insecure
	insecure domain list

int	trust_anchor_signaling
	send key tag query

int32_t	val_date_override
	if not 0, this value is the validation date for RRSIGs

int32_t	val_sig_skew_min
	the minimum for signature clock skew

int32_t	val_sig_skew_max
	the maximum for signature clock skew

int	bogus_ttl
	this value sets the number of seconds before revalidating bogus

int	val_clean_additional
	should validator clean additional section for secure msgs

int	val_log_level
	log bogus messages by the validator

int	val_log_squelch
	squelch val_log_level to log - this is library goes to callback

int	val_permissive_mode
	should validator allow bogus messages to go through

int	ignore_cd
	ignore the CD flag in incoming queries and refuse them bogus data

int	serve_expired
	serve expired entries and prefetch them

char *	val_nsec3_key_iterations
	nsec3 maximum iterations per key size, string

unsigned int	add_holddown
	autotrust add holddown time, in seconds

unsigned int	del_holddown
	autotrust del holddown time, in seconds

unsigned int	keep_missing
	autotrust keep_missing time, in seconds. More...

int	permit_small_holddown
	permit small holddown values, allowing 5011 rollover very fast

size_t	key_cache_size
	size of the key cache

size_t	key_cache_slabs
	slabs in the key cache. More...

size_t	neg_cache_size
	size of the neg cache

struct config_str2list *	local_zones
	local zones config

struct config_strlist *	local_zones_nodefault
	local zones nodefault list

int	local_zones_disable_default
	do not add any default local zone

struct config_strlist *	local_data
	local data RRs configured

struct config_str3list *	local_zone_overrides
	local zone override types per netblock

int	unblock_lan_zones
	unblock lan zones (reverse lookups for AS112 zones)

int	insecure_lan_zones
	insecure lan zones (don't validate AS112 zones)

struct config_strbytelist *	local_zone_tags
	list of zonename, tagbitlist

struct config_strbytelist *	acl_tags
	list of aclname, tagbitlist

struct config_str3list *	acl_tag_actions
	list of aclname, tagname, localzonetype

struct config_str3list *	acl_tag_datas
	list of aclname, tagname, redirectdata

struct config_str2list *	acl_view
	list of aclname, view

struct config_strbytelist *	respip_tags
	list of IP-netblock, tagbitlist

struct config_str2list *	respip_actions
	list of response-driven access control entries, linked list

struct config_str2list *	respip_data
	RRs configured for response-driven access controls.

char **	tagname
	tag list, array with tagname[i] is malloced string

int	num_tags
	number of items in the taglist

int	remote_control_enable
	remote control section. More...

struct config_strlist *	control_ifs
	the interfaces the remote control should listen on

int	control_port
	port number for the control port

int	remote_control_use_cert
	use certificates for remote control

char *	server_key_file
	private key file for server

char *	server_cert_file
	certificate file for server

char *	control_key_file
	private key file for unbound-control

char *	control_cert_file
	certificate file for unbound-control

char *	python_script
	Python script file.

int	use_systemd
	Use systemd socket activation. More...

int	do_daemonize
	daemonize, i.e. More...

int	minimal_responses

int	rrset_roundrobin

size_t	max_udp_size

char *	dns64_prefix

int	dns64_synthall

int	dnstap
	true to enable dnstap support

char *	dnstap_socket_path
	dnstap socket path

int	dnstap_send_identity
	true to send "identity" via dnstap

int	dnstap_send_version
	true to send "version" via dnstap

char *	dnstap_identity
	dnstap "identity", hostname is used if "". More...

char *	dnstap_version
	dnstap "version", package version is used if "". More...

int	dnstap_log_resolver_query_messages
	true to log dnstap RESOLVER_QUERY message events

int	dnstap_log_resolver_response_messages
	true to log dnstap RESOLVER_RESPONSE message events

int	dnstap_log_client_query_messages
	true to log dnstap CLIENT_QUERY message events

int	dnstap_log_client_response_messages
	true to log dnstap CLIENT_RESPONSE message events

int	dnstap_log_forwarder_query_messages
	true to log dnstap FORWARDER_QUERY message events

int	dnstap_log_forwarder_response_messages
	true to log dnstap FORWARDER_RESPONSE message events

int	disable_dnssec_lame_check
	true to disable DNSSEC lameness check in iterator

int	ip_ratelimit
	ratelimit for ip addresses. More...

size_t	ip_ratelimit_slabs
	number of slabs for ip_ratelimit cache

size_t	ip_ratelimit_size
	memory size in bytes for ip_ratelimit cache

int	ip_ratelimit_factor
	ip_ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic

int	ratelimit
	ratelimit for domains. More...

size_t	ratelimit_slabs
	number of slabs for ratelimit cache

size_t	ratelimit_size
	memory size in bytes for ratelimit cache

struct config_str2list *	ratelimit_for_domain
	ratelimits for domain (exact match)

struct config_str2list *	ratelimit_below_domain
	ratelimits below domain

int	ratelimit_factor
	ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic

int	qname_minimisation
	minimise outgoing QNAME and hide original QTYPE if possible

int	qname_minimisation_strict
	minimise QNAME in strict mode, minimise according to RFC. More...

int	shm_enable
	SHM data - true if shm is enabled.

int	shm_key
	SHM data - key for the shm.

int	dnscrypt
	DNSCrypt. More...

int	dnscrypt_port
	port on which to provide dnscrypt service

char *	dnscrypt_provider
	provider name 2.dnscrypt-cert.example.com

struct config_strlist *	dnscrypt_secret_key
	dnscrypt secret keys 1.key

struct config_strlist *	dnscrypt_provider_cert
	dnscrypt provider certs 1.cert

size_t	dnscrypt_shared_secret_cache_size
	memory size in bytes for dnscrypt shared secrets cache

size_t	dnscrypt_shared_secret_cache_slabs
	number of slabs for dnscrypt shared secrets cache

size_t	dnscrypt_nonce_cache_size
	memory size in bytes for dnscrypt nonces cache

size_t	dnscrypt_nonce_cache_slabs
	number of slabs for dnscrypt nonces cache

Detailed Description

The configuration options.

Strings are malloced.

Field Documentation

◆ port

int config_file::port

port on which queries are answered.

Referenced by config_create(), config_set_option(), daemon_open_shared_ports(), and listening_ports_open().

◆ do_ip4

int config_file::do_ip4

do ip4 query support.

Referenced by checkrlimits(), config_create(), config_set_option(), contact_server(), daemon_remote_open_ports(), iter_apply_cfg(), and listening_ports_open().

◆ do_ip6

int config_file::do_ip6

do ip6 query support.

Referenced by acl_list_apply_cfg(), checkrlimits(), config_create(), config_set_option(), daemon_remote_open_ports(), donotq_apply_cfg(), iter_apply_cfg(), and listening_ports_open().

◆ prefer_ip6

int config_file::prefer_ip6

prefer ip6 upstream queries.

Referenced by iter_filter_order().

◆ do_udp

int config_file::do_udp

do udp query support.

Referenced by checkrlimits(), config_create(), config_set_option(), and listening_ports_open().

◆ do_tcp

int config_file::do_tcp

do tcp query support.

Referenced by checkrlimits(), config_create(), config_set_option(), and listening_ports_open().

◆ msg_cache_slabs

size_t config_file::msg_cache_slabs

slabs in the message cache.

Referenced by config_create(), config_create_forlib(), config_set_option(), context_finalize(), and daemon_apply_cfg().

◆ delay_close

int config_file::delay_close

delay close of udp-timeouted ports, if 0 no delayclose.

in msec

Referenced by config_create(), and config_set_option().

◆ if_automatic

int config_file::if_automatic

automatic interface for incoming messages.

Uses ipv6 remapping, and recvmsg/sendmsg ancillary data to detect interfaces, boolean

Referenced by checkrlimits(), config_create(), config_set_option(), and listening_ports_open().

◆ num_ifs

int config_file::num_ifs

number of interfaces to open.

If 0 default all interfaces.

Referenced by checkrlimits(), config_create(), config_delete(), interfacechecks(), and listening_ports_open().

◆ num_out_ifs

int config_file::num_out_ifs

number of outgoing interfaces to open.

If 0 default all interfaces.

Referenced by config_create(), config_delete(), and config_set_option().

◆ unwanted_threshold

size_t config_file::unwanted_threshold

what threshold for unwanted action.

Referenced by config_set_option().

◆ prefetch

int config_file::prefetch

if prefetching of messages should be performed.

Referenced by config_create(), and config_set_option().

◆ prefetch_key

int config_file::prefetch_key

if prefetching of DNSKEYs should be performed.

Referenced by config_create(), config_set_option(), and processInitRequest3().

◆ username

char* config_file::username

username to change to, if not "".

Referenced by add_open(), config_create(), config_delete(), config_lookup_uid(), config_set_option(), and perform_setup().

◆ logfile

char* config_file::logfile

filename to log to.

Referenced by apply_settings(), config_create(), config_delete(), config_set_option(), context_finalize(), and do_log_reopen().

◆ pidfile

char* config_file::pidfile

pidfile to write pid to.

Referenced by config_create(), config_delete(), config_set_option(), and print_option().

◆ identity

char* config_file::identity

identity, hostname is returned if "".

Referenced by answer_chaos(), config_delete(), and config_set_option().

◆ version

char* config_file::version

version, package version returned if "".

Referenced by answer_chaos(), config_delete(), and config_set_option().

◆ keep_missing

unsigned int config_file::keep_missing

autotrust keep_missing time, in seconds.

0 is forever.

Referenced by config_set_option().

◆ key_cache_slabs

size_t config_file::key_cache_slabs

slabs in the key cache.

Referenced by config_create_forlib(), config_set_option(), and key_cache_create().

◆ remote_control_enable

int config_file::remote_control_enable

remote control section.

enable toggle.

Referenced by config_set_option(), daemon_open_shared_ports(), daemon_remote_create(), and daemon_remote_open_ports().

◆ use_systemd

int config_file::use_systemd

Use systemd socket activation.

Referenced by add_open(), apply_settings(), config_create(), config_set_option(), and listening_ports_open().

◆ do_daemonize

int config_file::do_daemonize

daemonize, i.e.

fork into the background.

Referenced by apply_settings(), config_create(), and config_set_option().

◆ dnstap_identity

char* config_file::dnstap_identity

dnstap "identity", hostname is used if "".

Referenced by config_delete(), and config_set_option().

◆ dnstap_version

char* config_file::dnstap_version

dnstap "version", package version is used if "".

Referenced by config_delete(), and config_set_option().

◆ ip_ratelimit

int config_file::ip_ratelimit

ratelimit for ip addresses.

0 is off, otherwise qps (unless overridden)

Referenced by config_set_option(), and infra_create().

◆ ratelimit

int config_file::ratelimit

ratelimit for domains.

0 is off, otherwise qps (unless overridden)

Referenced by config_set_option(), and infra_create().

◆ qname_minimisation_strict

int config_file::qname_minimisation_strict

minimise QNAME in strict mode, minimise according to RFC.

Do not apply fallback

Referenced by config_set_option().

◆ dnscrypt

int config_file::dnscrypt

DNSCrypt.

true to enable dnscrypt

Referenced by config_read(), and config_set_option().

The documentation for this struct was generated from the following file:

util/config_file.h

Data Fields

Detailed Description

Field Documentation

◆ port

◆ do_ip4

◆ do_ip6

◆ prefer_ip6

◆ do_udp

◆ do_tcp

◆ msg_cache_slabs

◆ delay_close

◆ if_automatic

◆ num_ifs

◆ num_out_ifs

◆ unwanted_threshold

◆ prefetch

◆ prefetch_key

◆ username

◆ logfile

◆ pidfile

◆ identity

◆ version

◆ keep_missing

◆ key_cache_slabs

◆ remote_control_enable

◆ use_systemd

◆ do_daemonize

◆ dnstap_identity

◆ dnstap_version

◆ ip_ratelimit

◆ ratelimit

◆ qname_minimisation_strict

◆ dnscrypt