Domain Name System (DNS) related services DNS forwarding 918 DNS forwarding cache size u32:0-2147483647 DNS forwarding cache size 10000 Interfaces whose DHCP client nameservers to forward requests to Help to communicate between IPv6-only client and IPv4-only server ipv6net IPv6 address and /96 only prefix length DNSSEC mode off process-no-validate process log-fail validate off No DNSSEC processing whatsoever! process-no-validate Respond with DNSSEC records to clients that ask for it. No validation done at all! process Respond with DNSSEC records to clients that ask for it. Validation for clients that request it. log-fail Similar behaviour to process, but validate RRSIGs on responses and log bogus responses. validate Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses. (off|process-no-validate|process|log-fail|validate) process-no-validate Domain to forward to a custom DNS server txt An absolute DNS domain name #include Add NTA (negative trust anchor) for this domain (must be set if the domain does not support DNSSEC) Set the "recursion desired" bit in requests to the upstream nameserver Domain to host authoritative records for txt An absolute DNS domain name DNS zone records A record txt A DNS name relative to the root record @ Root record any Wildcard record (any subdomain) ([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.) IPv4 address ipv4 IPv4 address #include 300 #include AAAA record txt A DNS name relative to the root record @ Root record any Wildcard record (any subdomain) ([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.) IPv6 address ipv6 IPv6 address #include 300 #include CNAME record txt A DNS name relative to the root record @ Root record ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) Target DNS name name.example.com Absolute DNS name [-_a-zA-Z0-9.]{1,63}(?<!\.) #include 300 #include MX record txt A DNS name relative to the root record @ Root record ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) Mail server name.example.com Absolute DNS name [-_a-zA-Z0-9.]{1,63}(?<!\.) Server priority u32:1-999 Server priority (lower numbers are higher priority) 10 #include 300 #include NS record txt A DNS name relative to the root record ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) Target DNS server authoritative for subdomain nsXX.example.com Absolute DNS name [-_a-zA-Z0-9.]{1,63}(?<!\.) #include 300 #include PTR record txt A DNS name relative to the root record @ Root record ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) Target DNS name name.example.com Absolute DNS name [-_a-zA-Z0-9.]{1,63}(?<!\.) #include 300 #include TXT record txt A DNS name relative to the root record @ Root record ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) Record contents txt Record contents #include 300 #include SPF record txt A DNS name relative to the root record @ Root record ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) Record contents txt Record contents #include 300 #include SRV record txt A DNS name relative to the root record @ Root record ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) Service entry u32:0-65535 Entry number Server hostname name.example.com Absolute DNS name [-_a-zA-Z0-9.]{1,63}(?<!\.) Port number u32:0-65535 TCP/UDP port number Entry priority u32:0-65535 Entry priority (lower numbers are higher priority) 10 Entry weight u32:0-65535 Entry weight 0 #include 300 #include NAPTR record txt A DNS name relative to the root record @ Root record ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) NAPTR rule u32:0-65535 Rule number Rule order u32:0-65535 Rule order (lower order is evaluated first) Rule preference u32:0-65535 Rule preference 0 S flag A flag U flag P flag Service type [a-zA-Z][a-zA-Z0-9]{0,31}(\+[a-zA-Z][a-zA-Z0-9]{0,31})? Regular expression Replacement DNS name name.example.com Absolute DNS name [-_a-zA-Z0-9.]{1,63}(?<!\.) #include 300 #include #include Do not use local /etc/hosts file in name resolution Makes the server authoritatively not aware of RFC1918 addresses Networks allowed to query this server ipv4net IP address and prefix length ipv6net IPv6 address and prefix length #include #include 53 Maximum amount of time negative entries are cached u32:0-7200 Seconds to cache NXDOMAIN entries 3600 Number of times the expired TTL of a record is extended by 30 seconds when serving stale u32:0-65535 Number of times to extend the TTL 0 Number of milliseconds to wait for a remote authoritative server to respond u32:10-60000 Network timeout in milliseconds 1500 #include #include 0.0.0.0 :: Use system name servers IP address or subnet ipv4 IPv4 address to match ipv4net IPv4 prefix to match ipv6 IPv6 address ipv6net IPv6 address DNS server options List of client netmasks for which EDNS Client Subnet will be added ipv4net IP addresses or subnets, negation supported ipv6net IPv6 addresses or subnets, negation supported Number of bits of IPv4 address to pass for EDNS Client Subnet u32:0-32 Number of bits of IPv4 address List of netmasks and domains that we should enable EDNS subnet for txt Netmask or domain