Add the specified nsid to the EDNS section of the answer when queried withĪn NSID EDNS enabled packet. Hide-version to set the server to not respond to such queries. Returns the specified version string when asked for CH TXT rver,Īnd version.bind queries. See hide-identity to set the server to not respond to such Returns the specified identity when asked for CH TXT ID.SERVER. This file is used for the nsd-control addzone The list is written toīy NSD to add and delete zones. Used to store the dynamically added list of zones. By default /var/nsd/db/zone.list is used. Updates are not (immediately) spooled to disk. The specified file is used to store theĬompiled zone information. do-ip6: If yes, NSD listens to IPv6 connections. do-ip4: If yes, NSD listens to IPv4 connections. If set to yes it does notįork and stays in the foreground, which can be helpful for commandlineĭebugging, but is also used by certain server supervisor processes toĪscertain that the server is running. debug-mode: Turns on debugging mode for nsd, does not fork a daemon process. Set the receive buffer size for query-servicing sockets. Set the send buffer size for query-servicing sockets. Linux, but does not work on FreeBSD, and likely does not work on other Only really useful if you also configure a server-count higher thanġ (such as, equal to the number of cpus). Use the SO_REUSEPORT socket option, and create file descriptors for every ip-freebind: Set the IP_FREEBIND option to bind to nonlocal addresses and interfaces So that it can answer immediately when the address is added. Listen to IP addresses that are not (yet) added to the network interface, ip-transparent: Allows NSD to bind to non local addresses. Same as ip-address (for ease of compatibility with nf). Later (typical for certain load-balancing). Use ip-transparent to be able to list addresses that turn on This is because if the udp socket associates a source address ofĠ.0.0.0 then the kernel picks an ip-address with which to send to the The internet, list them one by one, or the source address of replies couldīe wrong. For servers with multiple IP addresses that can be used to send traffic to If an interface name is used instead of ip4 or ip6, the list of IPĪddresses associated with that interface is picked up and used at server More servers separated by whitespace after Ranges canīe used as a shorthand to specify multiple consecutive servers. To limit which NSD server(s) listen on the given interface, specify one or None are given NSD listens to the wildcard interface. Can be given multiple times toīind multiple ip-addresses. ip-address: NSD will bind to the listed ip-address. The global options (if not overridden from the NSD commandline)Īre taken from the server: clause. If no files match the pattern, this is not an error. YouĬan use '*' to include a wildcard match of files, eg. The chroot prepended), so that the include can be parsed before and afterĪpplication of the chroot (and the knowledge of what that chroot is). ![]() If a chroot is used an absolute filename is needed (with ProcessingĬontinues as if the text from the included file was copied into the configįile at that point. It canĪppear anywhere, and takes a single filename as an argument. A tls-auth: attribute is used to define credentials forĪuthenticating an outgoing TLS connection used for XFR-over-TLS.įiles can be included using the include: directive. Pattern: attribute is followed by the zone options for zones that use Key: attribute is used to define keys for authentication. ![]() The verify: attribute is used to control zone verification. Server: attribute is followed by global options for the NSD The zone: attribute is followed by zone options. These are followed by their attributes or a new top-level Pattern:, zone:, tls-auth:, and remote-control:Īre allowed. An attribute is followed by its containing attributes, orĪt the top level only server:, verify:, key:, There must be whitespace between keywords. Then, use kill -HUP to reload changes from master zone files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |