144 lines
5.0 KiB
Plaintext
144 lines
5.0 KiB
Plaintext
// Sample pdnsd configuration file. Must be customized to obtain a working pdnsd setup!
|
|
// Read the pdnsd.conf(5) manpage for an explanation of the options.
|
|
// Add or remove '#' in front of options you want to disable or enable, respectively.
|
|
// Remove '/*' and '*/' to enable complete sections.
|
|
|
|
global {
|
|
perm_cache=1024;
|
|
cache_dir="@cachedir@";
|
|
# pid_file = /var/run/pdnsd.pid;
|
|
run_as="@def_id@";
|
|
server_ip = 127.0.0.1; # Use eth0 here if you want to allow other
|
|
# machines on your network to query pdnsd.
|
|
status_ctl = on;
|
|
# paranoid=on; # This option reduces the chance of cache poisoning
|
|
# but may make pdnsd less efficient, unfortunately.
|
|
query_method=udp_tcp;
|
|
min_ttl=15m; # Retain cached entries at least 15 minutes.
|
|
max_ttl=1w; # One week.
|
|
timeout=10; # Global timeout option (10 seconds).
|
|
neg_domain_pol=on;
|
|
udpbufsize=1024; # Upper limit on the size of UDP messages.
|
|
}
|
|
|
|
# The following section is most appropriate if you have a fixed connection to
|
|
# the Internet and an ISP which provides good DNS servers.
|
|
server {
|
|
label= "myisp";
|
|
ip = 192.168.0.1; # Put your ISP's DNS-server address(es) here.
|
|
# proxy_only=on; # Do not query any name servers beside your ISP's.
|
|
# This may be necessary if you are behind some
|
|
# kind of firewall and cannot receive replies
|
|
# from outside name servers.
|
|
timeout=4; # Server timeout; this may be much shorter
|
|
# that the global timeout option.
|
|
uptest=if; # Test if the network interface is active.
|
|
interface=eth0; # The name of the interface to check.
|
|
interval=10m; # Check every 10 minutes.
|
|
purge_cache=off; # Keep stale cache entries in case the ISP's
|
|
# DNS servers go offline.
|
|
edns_query=yes; # Use EDNS for outgoing queries to allow UDP messages
|
|
# larger than 512 bytes. May cause trouble with some
|
|
# legacy systems.
|
|
# exclude=.thepiratebay.org, # If your ISP censors certain names, you may
|
|
# .thepiratebay.se, # want to exclude them here, and provide an
|
|
# .piratebay.org, # alternative server section below that will
|
|
# .piratebay.se; # successfully resolve the names.
|
|
}
|
|
|
|
/*
|
|
# The following section is more appropriate for dial-up connections.
|
|
# Read about how to use pdnsd-ctl for dynamic configuration in the documentation.
|
|
server {
|
|
label= "dialup";
|
|
file = "/etc/ppp/resolv.conf"; # Preferably do not use /etc/resolv.conf
|
|
proxy_only=on;
|
|
timeout=4;
|
|
uptest=if;
|
|
interface = ppp0;
|
|
interval=10; # Check the interface every 10 seconds.
|
|
purge_cache=off;
|
|
preset=off;
|
|
}
|
|
*/
|
|
|
|
/*
|
|
# The servers provided by OpenDNS are fast, but they do not reply with
|
|
# NXDOMAIN for non-existant domains, instead they supply you with an
|
|
# address of one of their search engines. They also lie about the addresses of
|
|
# of the search engines of google, microsoft and yahoo.
|
|
# If you do not like this behaviour the "reject" option may be useful.
|
|
server {
|
|
label = "opendns";
|
|
ip = 208.67.222.222, 208.67.220.220;
|
|
reject = 208.69.32.0/24, # You may need to add additional address ranges
|
|
208.69.34.0/24, # here if the addresses of their search engines
|
|
208.67.219.0/24; # change.
|
|
reject_policy = fail; # If you do not provide any alternative server
|
|
# sections, like the following root-server
|
|
# example, "negate" may be more appropriate here.
|
|
timeout = 4;
|
|
uptest = ping; # Test availability using ICMP echo requests.
|
|
ping_timeout = 100; # ping test will time out after 10 seconds.
|
|
interval = 15m; # Test every 15 minutes.
|
|
preset = off;
|
|
}
|
|
*/
|
|
|
|
/*
|
|
# This section is meant for resolving from root servers.
|
|
server {
|
|
label = "root-servers";
|
|
root_server = discover; # Query the name servers listed below
|
|
# to obtain a full list of root servers.
|
|
randomize_servers = on; # Give every root server an equal chance
|
|
# of being queried.
|
|
ip = 198.41.0.4, # This list will be expanded to the full
|
|
192.228.79.201; # list on start up.
|
|
timeout = 5;
|
|
uptest = query; # Test availability using empty DNS queries.
|
|
# query_test_name = .; # To be used if remote servers ignore empty queries.
|
|
interval = 30m; # Test every half hour.
|
|
ping_timeout = 300; # Test should time out after 30 seconds.
|
|
purge_cache = off;
|
|
# edns_query = yes; # Use EDNS for outgoing queries to allow UDP messages
|
|
# larger than 512 bytes. May cause trouble with some
|
|
# legacy systems.
|
|
exclude = .localdomain;
|
|
policy = included;
|
|
preset = off;
|
|
}
|
|
*/
|
|
|
|
source {
|
|
owner=localhost;
|
|
# serve_aliases=on;
|
|
file="/etc/hosts";
|
|
}
|
|
|
|
/*
|
|
include {file="/etc/pdnsd.include";} # Read additional definitions from /etc/pdnsd.include.
|
|
*/
|
|
|
|
rr {
|
|
name=localhost;
|
|
reverse=on;
|
|
a=127.0.0.1;
|
|
owner=localhost;
|
|
soa=localhost,root.localhost,42,86400,900,86400,86400;
|
|
}
|
|
|
|
/*
|
|
neg {
|
|
name=doubleclick.net;
|
|
types=domain; # This will also block xxx.doubleclick.net, etc.
|
|
}
|
|
*/
|
|
|
|
/*
|
|
neg {
|
|
name=bad.server.com; # Badly behaved server you don't want to connect to.
|
|
types=A,AAAA;
|
|
}
|
|
*/
|