Data Fields
config_file Struct Reference

The configuration options. More...

#include <config_file.h>

Data Fields

int verbosity
 verbosity level as specified in the config file
 
int stat_interval
 statistics interval (in seconds)
 
int stat_cumulative
 if false, statistics values are reset after printing them
 
int stat_extended
 if true, the statistics are kept in greater detail
 
int num_threads
 number of threads to create
 
int port
 port on which queries are answered. More...
 
int do_ip4
 do ip4 query support. More...
 
int do_ip6
 do ip6 query support. More...
 
int prefer_ip6
 prefer ip6 upstream queries. More...
 
int do_udp
 do udp query support. More...
 
int do_tcp
 do tcp query support. More...
 
int tcp_upstream
 tcp upstream queries (no UDP upstream queries)
 
int udp_upstream_without_downstream
 udp upstream enabled when no UDP downstream is enabled (do_udp no)
 
int tcp_mss
 maximum segment size of tcp socket which queries are answered
 
int outgoing_tcp_mss
 maximum segment size of tcp socket for outgoing queries
 
char * ssl_service_key
 private key file for dnstcp-ssl service (enabled if not NULL)
 
char * ssl_service_pem
 public key file for dnstcp-ssl service
 
int ssl_port
 port on which to provide ssl service
 
int ssl_upstream
 if outgoing tcp connections use SSL
 
char * tls_cert_bundle
 cert bundle for outgoing connections
 
struct config_strlistadditional_tls_port
 additional tls ports
 
int outgoing_num_ports
 outgoing port range number of ports (per thread)
 
size_t outgoing_num_tcp
 number of outgoing tcp buffers per (per thread)
 
size_t incoming_num_tcp
 number of incoming tcp buffers per (per thread)
 
int * outgoing_avail_ports
 allowed udp port numbers, array with 0 if not allowed
 
size_t edns_buffer_size
 EDNS buffer size to use.
 
size_t msg_buffer_size
 number of bytes buffer size for DNS messages
 
size_t msg_cache_size
 size of the message cache
 
size_t msg_cache_slabs
 slabs in the message cache. More...
 
size_t num_queries_per_thread
 number of queries every thread can service
 
size_t jostle_time
 number of msec to wait before items can be jostled out
 
size_t rrset_cache_size
 size of the rrset cache
 
size_t rrset_cache_slabs
 slabs in the rrset cache
 
int host_ttl
 host cache ttl in seconds
 
size_t infra_cache_slabs
 number of slabs in the infra host cache
 
size_t infra_cache_numhosts
 max number of hosts in the infra cache
 
int infra_cache_min_rtt
 min value for infra cache rtt
 
int delay_close
 delay close of udp-timeouted ports, if 0 no delayclose. More...
 
char * target_fetch_policy
 the target fetch policy for the iterator
 
int low_rtt_pct
 percent*10, how many times in 1000 to pick low rtt destinations
 
int low_rtt
 what time in msec is a low rtt destination
 
int if_automatic
 automatic interface for incoming messages. More...
 
size_t so_rcvbuf
 SO_RCVBUF size to set on port 53 UDP socket.
 
size_t so_sndbuf
 SO_SNDBUF size to set on port 53 UDP socket.
 
int so_reuseport
 SO_REUSEPORT requested on port 53 sockets.
 
int ip_transparent
 IP_TRANSPARENT socket option requested on port 53 sockets.
 
int ip_freebind
 IP_FREEBIND socket option request on port 53 sockets.
 
int num_ifs
 number of interfaces to open. More...
 
char ** ifs
 interface description strings (IP addresses)
 
int num_out_ifs
 number of outgoing interfaces to open. More...
 
char ** out_ifs
 outgoing interface description strings (IP addresses)
 
struct config_strlistroot_hints
 the root hints
 
struct config_stubstubs
 the stub definitions, linked list
 
struct config_stubforwards
 the forward zone definitions, linked list
 
struct config_authauths
 the auth zone definitions, linked list
 
struct config_viewviews
 the views definitions, linked list
 
struct config_strlistdonotqueryaddrs
 list of donotquery addresses, linked list
 
struct config_str2listacls
 list of access control entries, linked list
 
int donotquery_localhost
 use default localhost donotqueryaddr entries
 
int harden_short_bufsize
 harden against very small edns buffer sizes
 
int harden_large_queries
 harden against very large query sizes
 
int harden_glue
 harden against spoofed glue (out of zone data)
 
int harden_dnssec_stripped
 harden against receiving no DNSSEC data for trust anchor
 
int harden_below_nxdomain
 harden against queries that fall under known nxdomain names
 
int harden_referral_path
 harden the referral path, query for NS,A,AAAA and validate
 
int harden_algo_downgrade
 harden against algorithm downgrade
 
int use_caps_bits_for_id
 use 0x20 bits in query as random ID bits
 
struct config_strlistcaps_whitelist
 0x20 whitelist, domains that do not use capsforid
 
struct config_strlistprivate_address
 strip away these private addrs from answers, no DNS Rebinding
 
struct config_strlistprivate_domain
 allow domain (and subdomains) to use private address space
 
size_t unwanted_threshold
 what threshold for unwanted action. More...
 
int max_ttl
 the number of seconds maximal TTL used for RRsets and messages
 
int min_ttl
 the number of seconds minimum TTL used for RRsets and messages
 
int max_negative_ttl
 the number of seconds maximal negative TTL for SOA in auth
 
int prefetch
 if prefetching of messages should be performed. More...
 
int prefetch_key
 if prefetching of DNSKEYs should be performed. More...
 
char * chrootdir
 chrootdir, if not "" or chroot will be done
 
char * username
 username to change to, if not "". More...
 
char * directory
 working directory
 
char * logfile
 filename to log to. More...
 
char * pidfile
 pidfile to write pid to. More...
 
int use_syslog
 should log messages be sent to syslogd
 
int log_time_ascii
 log timestamp in ascii UTC
 
int log_queries
 log queries with one line per query
 
int log_replies
 log replies with one line per reply
 
char * log_identity
 log identity to report
 
int hide_identity
 do not report identity (id.server, hostname.bind)
 
int hide_version
 do not report version (version.server, version.bind)
 
int hide_trustanchor
 do not report trustanchor (trustanchor.unbound)
 
char * identity
 identity, hostname is returned if "". More...
 
char * version
 version, package version returned if "". More...
 
char * module_conf
 the module configuration string
 
struct config_strlisttrust_anchor_file_list
 files with trusted DS and DNSKEYs in zonefile format, list
 
struct config_strlisttrust_anchor_list
 list of trustanchor keys, linked list
 
struct config_strlistauto_trust_anchor_file_list
 files with 5011 autotrust tracked keys
 
struct config_strlisttrusted_keys_file_list
 files with trusted DNSKEYs in named.conf format, list
 
char * dlv_anchor_file
 DLV anchor file.
 
struct config_strlistdlv_anchor_list
 DLV anchor inline.
 
struct config_strlistdomain_insecure
 insecure domain list
 
int trust_anchor_signaling
 send key tag query
 
int root_key_sentinel
 enable root key sentinel
 
int32_t val_date_override
 if not 0, this value is the validation date for RRSIGs
 
int32_t val_sig_skew_min
 the minimum for signature clock skew
 
int32_t val_sig_skew_max
 the maximum for signature clock skew
 
int bogus_ttl
 this value sets the number of seconds before revalidating bogus
 
int val_clean_additional
 should validator clean additional section for secure msgs
 
int val_log_level
 log bogus messages by the validator
 
int val_log_squelch
 squelch val_log_level to log - this is library goes to callback
 
int val_permissive_mode
 should validator allow bogus messages to go through
 
int aggressive_nsec
 use cached NSEC records to synthesise (negative) answers
 
int ignore_cd
 ignore the CD flag in incoming queries and refuse them bogus data
 
int serve_expired
 serve expired entries and prefetch them
 
char * val_nsec3_key_iterations
 nsec3 maximum iterations per key size, string
 
unsigned int add_holddown
 autotrust add holddown time, in seconds
 
unsigned int del_holddown
 autotrust del holddown time, in seconds
 
unsigned int keep_missing
 autotrust keep_missing time, in seconds. More...
 
int permit_small_holddown
 permit small holddown values, allowing 5011 rollover very fast
 
size_t key_cache_size
 size of the key cache
 
size_t key_cache_slabs
 slabs in the key cache. More...
 
size_t neg_cache_size
 size of the neg cache
 
struct config_str2listlocal_zones
 local zones config
 
struct config_strlistlocal_zones_nodefault
 local zones nodefault list
 
int local_zones_disable_default
 do not add any default local zone
 
struct config_strlistlocal_data
 local data RRs configured
 
struct config_str3listlocal_zone_overrides
 local zone override types per netblock
 
int unblock_lan_zones
 unblock lan zones (reverse lookups for AS112 zones)
 
int insecure_lan_zones
 insecure lan zones (don't validate AS112 zones)
 
struct config_strbytelistlocal_zone_tags
 list of zonename, tagbitlist
 
struct config_strbytelistacl_tags
 list of aclname, tagbitlist
 
struct config_str3listacl_tag_actions
 list of aclname, tagname, localzonetype
 
struct config_str3listacl_tag_datas
 list of aclname, tagname, redirectdata
 
struct config_str2listacl_view
 list of aclname, view
 
struct config_strbytelistrespip_tags
 list of IP-netblock, tagbitlist
 
struct config_str2listrespip_actions
 list of response-driven access control entries, linked list
 
struct config_str2listrespip_data
 RRs configured for response-driven access controls.
 
char ** tagname
 tag list, array with tagname[i] is malloced string
 
int num_tags
 number of items in the taglist
 
int remote_control_enable
 remote control section. More...
 
struct config_strlistcontrol_ifs
 the interfaces the remote control should listen on
 
int control_port
 port number for the control port
 
int remote_control_use_cert
 use certificates for remote control
 
char * server_key_file
 private key file for server
 
char * server_cert_file
 certificate file for server
 
char * control_key_file
 private key file for unbound-control
 
char * control_cert_file
 certificate file for unbound-control
 
char * python_script
 Python script file.
 
int use_systemd
 Use systemd socket activation. More...
 
int do_daemonize
 daemonize, i.e. More...
 
int minimal_responses
 
int rrset_roundrobin
 
size_t max_udp_size
 
char * dns64_prefix
 
int dns64_synthall
 
int dnstap
 true to enable dnstap support
 
char * dnstap_socket_path
 dnstap socket path
 
int dnstap_send_identity
 true to send "identity" via dnstap
 
int dnstap_send_version
 true to send "version" via dnstap
 
char * dnstap_identity
 dnstap "identity", hostname is used if "". More...
 
char * dnstap_version
 dnstap "version", package version is used if "". More...
 
int dnstap_log_resolver_query_messages
 true to log dnstap RESOLVER_QUERY message events
 
int dnstap_log_resolver_response_messages
 true to log dnstap RESOLVER_RESPONSE message events
 
int dnstap_log_client_query_messages
 true to log dnstap CLIENT_QUERY message events
 
int dnstap_log_client_response_messages
 true to log dnstap CLIENT_RESPONSE message events
 
int dnstap_log_forwarder_query_messages
 true to log dnstap FORWARDER_QUERY message events
 
int dnstap_log_forwarder_response_messages
 true to log dnstap FORWARDER_RESPONSE message events
 
int disable_dnssec_lame_check
 true to disable DNSSEC lameness check in iterator
 
int ip_ratelimit
 ratelimit for ip addresses. More...
 
size_t ip_ratelimit_slabs
 number of slabs for ip_ratelimit cache
 
size_t ip_ratelimit_size
 memory size in bytes for ip_ratelimit cache
 
int ip_ratelimit_factor
 ip_ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic
 
int ratelimit
 ratelimit for domains. More...
 
size_t ratelimit_slabs
 number of slabs for ratelimit cache
 
size_t ratelimit_size
 memory size in bytes for ratelimit cache
 
struct config_str2listratelimit_for_domain
 ratelimits for domain (exact match)
 
struct config_str2listratelimit_below_domain
 ratelimits below domain
 
int ratelimit_factor
 ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic
 
int qname_minimisation
 minimise outgoing QNAME and hide original QTYPE if possible
 
int qname_minimisation_strict
 minimise QNAME in strict mode, minimise according to RFC. More...
 
int shm_enable
 SHM data - true if shm is enabled.
 
int shm_key
 SHM data - key for the shm.
 
int dnscrypt
 DNSCrypt. More...
 
int dnscrypt_port
 port on which to provide dnscrypt service
 
char * dnscrypt_provider
 provider name 2.dnscrypt-cert.example.com
 
struct config_strlistdnscrypt_secret_key
 dnscrypt secret keys 1.key
 
struct config_strlistdnscrypt_provider_cert
 dnscrypt provider certs 1.cert
 
struct config_strlistdnscrypt_provider_cert_rotated
 dnscrypt provider certs 1.cert which have been rotated and should not be advertised through DNS's providername TXT record but are required to be able to handle existing traffic using the old cert. More...
 
size_t dnscrypt_shared_secret_cache_size
 memory size in bytes for dnscrypt shared secrets cache
 
size_t dnscrypt_shared_secret_cache_slabs
 number of slabs for dnscrypt shared secrets cache
 
size_t dnscrypt_nonce_cache_size
 memory size in bytes for dnscrypt nonces cache
 
size_t dnscrypt_nonce_cache_slabs
 number of slabs for dnscrypt nonces cache
 

Detailed Description

The configuration options.

Strings are malloced.

Field Documentation

◆ port

int config_file::port

port on which queries are answered.

Referenced by config_create(), config_set_option(), daemon_open_shared_ports(), and listening_ports_open().

◆ do_ip4

int config_file::do_ip4

◆ do_ip6

int config_file::do_ip6

◆ prefer_ip6

int config_file::prefer_ip6

prefer ip6 upstream queries.

Referenced by iter_filter_order().

◆ do_udp

int config_file::do_udp

do udp query support.

Referenced by checkrlimits(), config_create(), config_set_option(), and listening_ports_open().

◆ do_tcp

int config_file::do_tcp

do tcp query support.

Referenced by checkrlimits(), config_create(), config_set_option(), and listening_ports_open().

◆ msg_cache_slabs

size_t config_file::msg_cache_slabs

◆ delay_close

int config_file::delay_close

delay close of udp-timeouted ports, if 0 no delayclose.

in msec

Referenced by config_create(), and config_set_option().

◆ if_automatic

int config_file::if_automatic

automatic interface for incoming messages.

Uses ipv6 remapping, and recvmsg/sendmsg ancillary data to detect interfaces, boolean

Referenced by checkrlimits(), config_create(), config_set_option(), and listening_ports_open().

◆ num_ifs

int config_file::num_ifs

number of interfaces to open.

If 0 default all interfaces.

Referenced by checkrlimits(), config_create(), config_delete(), interfacechecks(), and listening_ports_open().

◆ num_out_ifs

int config_file::num_out_ifs

number of outgoing interfaces to open.

If 0 default all interfaces.

Referenced by config_create(), config_delete(), and config_set_option().

◆ unwanted_threshold

size_t config_file::unwanted_threshold

what threshold for unwanted action.

Referenced by config_set_option().

◆ prefetch

int config_file::prefetch

if prefetching of messages should be performed.

Referenced by config_create(), and config_set_option().

◆ prefetch_key

int config_file::prefetch_key

if prefetching of DNSKEYs should be performed.

Referenced by config_create(), config_set_option(), and processInitRequest3().

◆ username

char* config_file::username

username to change to, if not "".

Referenced by add_open(), config_create(), config_delete(), config_lookup_uid(), config_set_option(), and perform_setup().

◆ logfile

char* config_file::logfile

◆ pidfile

char* config_file::pidfile

pidfile to write pid to.

Referenced by config_create(), config_delete(), config_set_option(), and print_option().

◆ identity

char* config_file::identity

identity, hostname is returned if "".

Referenced by answer_chaos(), config_delete(), and config_set_option().

◆ version

char* config_file::version

version, package version returned if "".

Referenced by answer_chaos(), config_delete(), and config_set_option().

◆ keep_missing

unsigned int config_file::keep_missing

autotrust keep_missing time, in seconds.

0 is forever.

Referenced by config_set_option().

◆ key_cache_slabs

size_t config_file::key_cache_slabs

slabs in the key cache.

Referenced by config_create_forlib(), config_set_option(), and key_cache_create().

◆ remote_control_enable

int config_file::remote_control_enable

remote control section.

enable toggle.

Referenced by config_set_option(), daemon_open_shared_ports(), daemon_remote_create(), and daemon_remote_open_ports().

◆ use_systemd

int config_file::use_systemd

Use systemd socket activation.

Referenced by add_open(), apply_settings(), config_create(), config_set_option(), and listening_ports_open().

◆ do_daemonize

int config_file::do_daemonize

daemonize, i.e.

fork into the background.

Referenced by apply_settings(), config_create(), and config_set_option().

◆ dnstap_identity

char* config_file::dnstap_identity

dnstap "identity", hostname is used if "".

Referenced by config_delete(), and config_set_option().

◆ dnstap_version

char* config_file::dnstap_version

dnstap "version", package version is used if "".

Referenced by config_delete(), and config_set_option().

◆ ip_ratelimit

int config_file::ip_ratelimit

ratelimit for ip addresses.

0 is off, otherwise qps (unless overridden)

Referenced by config_set_option(), and infra_create().

◆ ratelimit

int config_file::ratelimit

ratelimit for domains.

0 is off, otherwise qps (unless overridden)

Referenced by config_set_option(), and infra_create().

◆ qname_minimisation_strict

int config_file::qname_minimisation_strict

minimise QNAME in strict mode, minimise according to RFC.

Do not apply fallback

Referenced by config_set_option().

◆ dnscrypt

int config_file::dnscrypt

DNSCrypt.

true to enable dnscrypt

Referenced by config_read(), and config_set_option().

◆ dnscrypt_provider_cert_rotated

struct config_strlist* config_file::dnscrypt_provider_cert_rotated

dnscrypt provider certs 1.cert which have been rotated and should not be advertised through DNS's providername TXT record but are required to be able to handle existing traffic using the old cert.

Referenced by config_set_option(), and dnsc_parse_certs().


The documentation for this struct was generated from the following file: