unbound
0.1
|
The configuration options. More...
#include <config_file.h>
Data Fields | |
int | verbosity |
verbosity level as specified in the config file | |
int | stat_interval |
statistics interval (in seconds) | |
int | stat_cumulative |
if false, statistics values are reset after printing them | |
int | stat_extended |
if true, the statistics are kept in greater detail | |
int | num_threads |
number of threads to create | |
int | port |
port on which queries are answered. More... | |
int | do_ip4 |
do ip4 query support. More... | |
int | do_ip6 |
do ip6 query support. More... | |
int | prefer_ip6 |
prefer ip6 upstream queries. More... | |
int | do_udp |
do udp query support. More... | |
int | do_tcp |
do tcp query support. More... | |
int | tcp_upstream |
tcp upstream queries (no UDP upstream queries) | |
int | udp_upstream_without_downstream |
udp upstream enabled when no UDP downstream is enabled (do_udp no) | |
int | tcp_mss |
maximum segment size of tcp socket which queries are answered | |
int | outgoing_tcp_mss |
maximum segment size of tcp socket for outgoing queries | |
char * | ssl_service_key |
private key file for dnstcp-ssl service (enabled if not NULL) | |
char * | ssl_service_pem |
public key file for dnstcp-ssl service | |
int | ssl_port |
port on which to provide ssl service | |
int | ssl_upstream |
if outgoing tcp connections use SSL | |
int | outgoing_num_ports |
outgoing port range number of ports (per thread) | |
size_t | outgoing_num_tcp |
number of outgoing tcp buffers per (per thread) | |
size_t | incoming_num_tcp |
number of incoming tcp buffers per (per thread) | |
int * | outgoing_avail_ports |
allowed udp port numbers, array with 0 if not allowed | |
size_t | edns_buffer_size |
EDNS buffer size to use. | |
size_t | msg_buffer_size |
number of bytes buffer size for DNS messages | |
size_t | msg_cache_size |
size of the message cache | |
size_t | msg_cache_slabs |
slabs in the message cache. More... | |
size_t | num_queries_per_thread |
number of queries every thread can service | |
size_t | jostle_time |
number of msec to wait before items can be jostled out | |
size_t | rrset_cache_size |
size of the rrset cache | |
size_t | rrset_cache_slabs |
slabs in the rrset cache | |
int | host_ttl |
host cache ttl in seconds | |
size_t | infra_cache_slabs |
number of slabs in the infra host cache | |
size_t | infra_cache_numhosts |
max number of hosts in the infra cache | |
int | infra_cache_min_rtt |
min value for infra cache rtt | |
int | delay_close |
delay close of udp-timeouted ports, if 0 no delayclose. More... | |
char * | target_fetch_policy |
the target fetch policy for the iterator | |
int | if_automatic |
automatic interface for incoming messages. More... | |
size_t | so_rcvbuf |
SO_RCVBUF size to set on port 53 UDP socket. | |
size_t | so_sndbuf |
SO_SNDBUF size to set on port 53 UDP socket. | |
int | so_reuseport |
SO_REUSEPORT requested on port 53 sockets. | |
int | ip_transparent |
IP_TRANSPARENT socket option requested on port 53 sockets. | |
int | ip_freebind |
IP_FREEBIND socket option request on port 53 sockets. | |
int | num_ifs |
number of interfaces to open. More... | |
char ** | ifs |
interface description strings (IP addresses) | |
int | num_out_ifs |
number of outgoing interfaces to open. More... | |
char ** | out_ifs |
outgoing interface description strings (IP addresses) | |
struct config_strlist * | root_hints |
the root hints | |
struct config_stub * | stubs |
the stub definitions, linked list | |
struct config_stub * | forwards |
the forward zone definitions, linked list | |
struct config_view * | views |
the views definitions, linked list | |
struct config_strlist * | donotqueryaddrs |
list of donotquery addresses, linked list | |
struct config_str2list * | acls |
list of access control entries, linked list | |
int | donotquery_localhost |
use default localhost donotqueryaddr entries | |
int | harden_short_bufsize |
harden against very small edns buffer sizes | |
int | harden_large_queries |
harden against very large query sizes | |
int | harden_glue |
harden against spoofed glue (out of zone data) | |
int | harden_dnssec_stripped |
harden against receiving no DNSSEC data for trust anchor | |
int | harden_below_nxdomain |
harden against queries that fall under known nxdomain names | |
int | harden_referral_path |
harden the referral path, query for NS,A,AAAA and validate | |
int | harden_algo_downgrade |
harden against algorithm downgrade | |
int | use_caps_bits_for_id |
use 0x20 bits in query as random ID bits | |
struct config_strlist * | caps_whitelist |
0x20 whitelist, domains that do not use capsforid | |
struct config_strlist * | private_address |
strip away these private addrs from answers, no DNS Rebinding | |
struct config_strlist * | private_domain |
allow domain (and subdomains) to use private address space | |
size_t | unwanted_threshold |
what threshold for unwanted action. More... | |
int | max_ttl |
the number of seconds maximal TTL used for RRsets and messages | |
int | min_ttl |
the number of seconds minimum TTL used for RRsets and messages | |
int | max_negative_ttl |
the number of seconds maximal negative TTL for SOA in auth | |
int | prefetch |
if prefetching of messages should be performed. More... | |
int | prefetch_key |
if prefetching of DNSKEYs should be performed. More... | |
char * | chrootdir |
chrootdir, if not "" or chroot will be done | |
char * | username |
username to change to, if not "". More... | |
char * | directory |
working directory | |
char * | logfile |
filename to log to. More... | |
char * | pidfile |
pidfile to write pid to. More... | |
int | use_syslog |
should log messages be sent to syslogd | |
int | log_time_ascii |
log timestamp in ascii UTC | |
int | log_queries |
log queries with one line per query | |
int | log_replies |
log replies with one line per reply | |
char * | log_identity |
log identity to report | |
int | hide_identity |
do not report identity (id.server, hostname.bind) | |
int | hide_version |
do not report version (version.server, version.bind) | |
int | hide_trustanchor |
do not report trustanchor (trustanchor.unbound) | |
char * | identity |
identity, hostname is returned if "". More... | |
char * | version |
version, package version returned if "". More... | |
char * | module_conf |
the module configuration string | |
struct config_strlist * | trust_anchor_file_list |
files with trusted DS and DNSKEYs in zonefile format, list | |
struct config_strlist * | trust_anchor_list |
list of trustanchor keys, linked list | |
struct config_strlist * | auto_trust_anchor_file_list |
files with 5011 autotrust tracked keys | |
struct config_strlist * | trusted_keys_file_list |
files with trusted DNSKEYs in named.conf format, list | |
char * | dlv_anchor_file |
DLV anchor file. | |
struct config_strlist * | dlv_anchor_list |
DLV anchor inline. | |
struct config_strlist * | domain_insecure |
insecure domain list | |
int | trust_anchor_signaling |
send key tag query | |
int32_t | val_date_override |
if not 0, this value is the validation date for RRSIGs | |
int32_t | val_sig_skew_min |
the minimum for signature clock skew | |
int32_t | val_sig_skew_max |
the maximum for signature clock skew | |
int | bogus_ttl |
this value sets the number of seconds before revalidating bogus | |
int | val_clean_additional |
should validator clean additional section for secure msgs | |
int | val_log_level |
log bogus messages by the validator | |
int | val_log_squelch |
squelch val_log_level to log - this is library goes to callback | |
int | val_permissive_mode |
should validator allow bogus messages to go through | |
int | ignore_cd |
ignore the CD flag in incoming queries and refuse them bogus data | |
int | serve_expired |
serve expired entries and prefetch them | |
char * | val_nsec3_key_iterations |
nsec3 maximum iterations per key size, string | |
unsigned int | add_holddown |
autotrust add holddown time, in seconds | |
unsigned int | del_holddown |
autotrust del holddown time, in seconds | |
unsigned int | keep_missing |
autotrust keep_missing time, in seconds. More... | |
int | permit_small_holddown |
permit small holddown values, allowing 5011 rollover very fast | |
size_t | key_cache_size |
size of the key cache | |
size_t | key_cache_slabs |
slabs in the key cache. More... | |
size_t | neg_cache_size |
size of the neg cache | |
struct config_str2list * | local_zones |
local zones config | |
struct config_strlist * | local_zones_nodefault |
local zones nodefault list | |
int | local_zones_disable_default |
do not add any default local zone | |
struct config_strlist * | local_data |
local data RRs configured | |
struct config_str3list * | local_zone_overrides |
local zone override types per netblock | |
int | unblock_lan_zones |
unblock lan zones (reverse lookups for AS112 zones) | |
int | insecure_lan_zones |
insecure lan zones (don't validate AS112 zones) | |
struct config_strbytelist * | local_zone_tags |
list of zonename, tagbitlist | |
struct config_strbytelist * | acl_tags |
list of aclname, tagbitlist | |
struct config_str3list * | acl_tag_actions |
list of aclname, tagname, localzonetype | |
struct config_str3list * | acl_tag_datas |
list of aclname, tagname, redirectdata | |
struct config_str2list * | acl_view |
list of aclname, view | |
struct config_strbytelist * | respip_tags |
list of IP-netblock, tagbitlist | |
struct config_str2list * | respip_actions |
list of response-driven access control entries, linked list | |
struct config_str2list * | respip_data |
RRs configured for response-driven access controls. | |
char ** | tagname |
tag list, array with tagname[i] is malloced string | |
int | num_tags |
number of items in the taglist | |
int | remote_control_enable |
remote control section. More... | |
struct config_strlist * | control_ifs |
the interfaces the remote control should listen on | |
int | control_port |
port number for the control port | |
int | remote_control_use_cert |
use certificates for remote control | |
char * | server_key_file |
private key file for server | |
char * | server_cert_file |
certificate file for server | |
char * | control_key_file |
private key file for unbound-control | |
char * | control_cert_file |
certificate file for unbound-control | |
char * | python_script |
Python script file. | |
int | use_systemd |
Use systemd socket activation. More... | |
int | do_daemonize |
daemonize, i.e. More... | |
int | minimal_responses |
int | rrset_roundrobin |
size_t | max_udp_size |
char * | dns64_prefix |
int | dns64_synthall |
int | dnstap |
true to enable dnstap support | |
char * | dnstap_socket_path |
dnstap socket path | |
int | dnstap_send_identity |
true to send "identity" via dnstap | |
int | dnstap_send_version |
true to send "version" via dnstap | |
char * | dnstap_identity |
dnstap "identity", hostname is used if "". More... | |
char * | dnstap_version |
dnstap "version", package version is used if "". More... | |
int | dnstap_log_resolver_query_messages |
true to log dnstap RESOLVER_QUERY message events | |
int | dnstap_log_resolver_response_messages |
true to log dnstap RESOLVER_RESPONSE message events | |
int | dnstap_log_client_query_messages |
true to log dnstap CLIENT_QUERY message events | |
int | dnstap_log_client_response_messages |
true to log dnstap CLIENT_RESPONSE message events | |
int | dnstap_log_forwarder_query_messages |
true to log dnstap FORWARDER_QUERY message events | |
int | dnstap_log_forwarder_response_messages |
true to log dnstap FORWARDER_RESPONSE message events | |
int | disable_dnssec_lame_check |
true to disable DNSSEC lameness check in iterator | |
int | ip_ratelimit |
ratelimit for ip addresses. More... | |
size_t | ip_ratelimit_slabs |
number of slabs for ip_ratelimit cache | |
size_t | ip_ratelimit_size |
memory size in bytes for ip_ratelimit cache | |
int | ip_ratelimit_factor |
ip_ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic | |
int | ratelimit |
ratelimit for domains. More... | |
size_t | ratelimit_slabs |
number of slabs for ratelimit cache | |
size_t | ratelimit_size |
memory size in bytes for ratelimit cache | |
struct config_str2list * | ratelimit_for_domain |
ratelimits for domain (exact match) | |
struct config_str2list * | ratelimit_below_domain |
ratelimits below domain | |
int | ratelimit_factor |
ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic | |
int | qname_minimisation |
minimise outgoing QNAME and hide original QTYPE if possible | |
int | qname_minimisation_strict |
minimise QNAME in strict mode, minimise according to RFC. More... | |
int | shm_enable |
SHM data - true if shm is enabled. | |
int | shm_key |
SHM data - key for the shm. | |
int | dnscrypt |
DNSCrypt. More... | |
int | dnscrypt_port |
port on which to provide dnscrypt service | |
char * | dnscrypt_provider |
provider name 2.dnscrypt-cert.example.com | |
struct config_strlist * | dnscrypt_secret_key |
dnscrypt secret keys 1.key | |
struct config_strlist * | dnscrypt_provider_cert |
dnscrypt provider certs 1.cert | |
size_t | dnscrypt_shared_secret_cache_size |
memory size in bytes for dnscrypt shared secrets cache | |
size_t | dnscrypt_shared_secret_cache_slabs |
number of slabs for dnscrypt shared secrets cache | |
size_t | dnscrypt_nonce_cache_size |
memory size in bytes for dnscrypt nonces cache | |
size_t | dnscrypt_nonce_cache_slabs |
number of slabs for dnscrypt nonces cache | |
The configuration options.
Strings are malloced.
int config_file::port |
port on which queries are answered.
Referenced by config_create(), config_set_option(), daemon_open_shared_ports(), and listening_ports_open().
int config_file::do_ip4 |
do ip4 query support.
Referenced by checkrlimits(), config_create(), config_set_option(), contact_server(), daemon_remote_open_ports(), iter_apply_cfg(), and listening_ports_open().
int config_file::do_ip6 |
do ip6 query support.
Referenced by acl_list_apply_cfg(), checkrlimits(), config_create(), config_set_option(), daemon_remote_open_ports(), donotq_apply_cfg(), iter_apply_cfg(), and listening_ports_open().
int config_file::prefer_ip6 |
prefer ip6 upstream queries.
Referenced by iter_filter_order().
int config_file::do_udp |
do udp query support.
Referenced by checkrlimits(), config_create(), config_set_option(), and listening_ports_open().
int config_file::do_tcp |
do tcp query support.
Referenced by checkrlimits(), config_create(), config_set_option(), and listening_ports_open().
size_t config_file::msg_cache_slabs |
slabs in the message cache.
Referenced by config_create(), config_create_forlib(), config_set_option(), context_finalize(), and daemon_apply_cfg().
int config_file::delay_close |
delay close of udp-timeouted ports, if 0 no delayclose.
in msec
Referenced by config_create(), and config_set_option().
int config_file::if_automatic |
automatic interface for incoming messages.
Uses ipv6 remapping, and recvmsg/sendmsg ancillary data to detect interfaces, boolean
Referenced by checkrlimits(), config_create(), config_set_option(), and listening_ports_open().
int config_file::num_ifs |
number of interfaces to open.
If 0 default all interfaces.
Referenced by checkrlimits(), config_create(), config_delete(), interfacechecks(), and listening_ports_open().
int config_file::num_out_ifs |
number of outgoing interfaces to open.
If 0 default all interfaces.
Referenced by config_create(), config_delete(), and config_set_option().
size_t config_file::unwanted_threshold |
what threshold for unwanted action.
Referenced by config_set_option().
int config_file::prefetch |
if prefetching of messages should be performed.
Referenced by config_create(), and config_set_option().
int config_file::prefetch_key |
if prefetching of DNSKEYs should be performed.
Referenced by config_create(), config_set_option(), and processInitRequest3().
char* config_file::username |
username to change to, if not "".
Referenced by add_open(), config_create(), config_delete(), config_lookup_uid(), config_set_option(), and perform_setup().
char* config_file::logfile |
filename to log to.
Referenced by apply_settings(), config_create(), config_delete(), config_set_option(), context_finalize(), and do_log_reopen().
char* config_file::pidfile |
pidfile to write pid to.
Referenced by config_create(), config_delete(), config_set_option(), and print_option().
char* config_file::identity |
identity, hostname is returned if "".
Referenced by answer_chaos(), config_delete(), and config_set_option().
char* config_file::version |
version, package version returned if "".
Referenced by answer_chaos(), config_delete(), and config_set_option().
unsigned int config_file::keep_missing |
size_t config_file::key_cache_slabs |
slabs in the key cache.
Referenced by config_create_forlib(), config_set_option(), and key_cache_create().
int config_file::remote_control_enable |
remote control section.
enable toggle.
Referenced by config_set_option(), daemon_open_shared_ports(), daemon_remote_create(), and daemon_remote_open_ports().
int config_file::use_systemd |
Use systemd socket activation.
Referenced by add_open(), apply_settings(), config_create(), config_set_option(), and listening_ports_open().
int config_file::do_daemonize |
daemonize, i.e.
fork into the background.
Referenced by apply_settings(), config_create(), and config_set_option().
char* config_file::dnstap_identity |
dnstap "identity", hostname is used if "".
Referenced by config_delete(), and config_set_option().
char* config_file::dnstap_version |
dnstap "version", package version is used if "".
Referenced by config_delete(), and config_set_option().
int config_file::ip_ratelimit |
ratelimit for ip addresses.
0 is off, otherwise qps (unless overridden)
Referenced by config_set_option(), and infra_create().
int config_file::ratelimit |
ratelimit for domains.
0 is off, otherwise qps (unless overridden)
Referenced by config_set_option(), and infra_create().
int config_file::qname_minimisation_strict |
minimise QNAME in strict mode, minimise according to RFC.
Do not apply fallback
Referenced by config_set_option().
int config_file::dnscrypt |