Domain Name System related services DNS forwarding 918 DNS forwarding cache size (default: 10000) u32:0-10000 DNS forwarding cache size 10000 Interfaces whose DHCP client nameservers to forward requests to DNSSEC mode (default: process-no-validate) off process-no-validate process log-fail validate off No DNSSEC processing whatsoever! process-no-validate Respond with DNSSEC records to clients that ask for it. No validation done at all! process Respond with DNSSEC records to clients that ask for it. Validation for clients that request it. log-fail Similar behaviour to process, but validate RRSIGs on responses and log bogus responses. validate Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses. ^(off|process-no-validate|process|log-fail|validate)$ process-no-validate Domain to forward to a custom DNS server Domain Name Server (DNS) to forward queries to ipv4 Domain Name Server (DNS) IPv4 address ipv6 Domain Name Server (DNS) IPv6 address Add NTA (negative trust anchor) for this domain (must be set if the domain does not support DNSSEC) Set the "recursion desired" bit in requests to the upstream nameserver Do not use local /etc/hosts file in name resolution Makes the server authoritatively not aware of RFC1918 addresses Networks allowed to query this server ipv4net IP address and prefix length ipv6net IPv6 address and prefix length #include Maximum amount of time negative entries are cached (default: 3600) u32:0-7200 Seconds to cache NXDOMAIN entries 3600 #include Local addresses from which to send DNS queries ipv4 IPv4 address from which to send traffic ipv6 IPv6 address from which to send traffic 0.0.0.0 :: Use system name servers