// Sample pdnsd configuration file. Must be customized to obtain a working pdnsd setup! // Read the pdnsd.conf(5) manpage for an explanation of the options. // Add or remove '#' in front of options you want to disable or enable, respectively. // Remove '/*' and '*/' to enable complete sections. global { perm_cache=1024; cache_dir="/var/cache/pdnsd"; # pid_file = /var/run/pdnsd.pid; run_as="pdnsd"; server_ip = 127.0.0.1; # Use eth0 here if you want to allow other # machines on your network to query pdnsd. status_ctl = on; # paranoid=on; # This option reduces the chance of cache poisoning # but may make pdnsd less efficient, unfortunately. query_method=udp_tcp; min_ttl=15m; # Retain cached entries at least 15 minutes. max_ttl=1w; # One week. timeout=10; # Global timeout option (10 seconds). } # The following section is most appropriate if you have a fixed connection to # the Internet and an ISP which provides good DNS servers. server { label= "myisp"; ip = 10.254.0.1; # Put your ISP's DNS-server address(es) here. # proxy_only=on; # Do not query any name servers beside your ISP's. # This may be necessary if you are behind some # kind of firewall and cannot receive replies # from outside name servers. timeout=4; # Server timeout; this may be much shorter # that the global timeout option. uptest=if; # Test if the network interface is active. interface=eth0; # The name of the interface to check. interval=10m; # Check every 10 minutes. purge_cache=off; # Keep stale cache entries in case the ISP's # DNS servers go offline. } /* # The following section is more appropriate for dial-up connections. # Read about how to use pdnsd-ctl for dynamic configuration in the documentation. server { label= "dialup"; file = "/etc/ppp/resolv.conf"; # Preferably do not use /etc/resolv.conf proxy_only=on; timeout=4; uptest=if; interface = ppp0; interval=10; # Check if the interface every 10 seconds. purge_cache=off; preset=off; } */ /* # The servers provided by OpenDNS are fast, but they do not reply with # NXDOMAIN for non-existant domains, instead they supply you with an # address of one of their search engines. They also lie about the addresses of # of the search engines of google, microsoft and yahoo. # If you do not like this behaviour the "reject" option may be useful. server { label = "opendns"; ip = 208.67.222.222, 208.67.220.220; reject = 208.69.32.0/24, # You may need to add additional address ranges 208.69.34.0/24, # here if the addresses of their search engines 208.67.219.0/24; # change. reject_policy = fail; # If you do not provide any alternative server # sections, like the following root-server # example, "negate" may be more appropriate here. timeout = 4; uptest = ping; # Test availability using ICMP echo requests. ping_timeout = 100; # ping test will time out after 10 seconds. interval = 15m; # Test every 15 minutes. preset = off; } */ /* # This section is meant for resolving from root servers. server { label = "root-servers"; root_server = on; randomize_servers = on; # Give every root server an equal chance # of being queried. ip = 198.41.0.4 , 192.228.79.201 , 192.33.4.12 , 128.8.10.90 , 192.203.230.10 , 192.5.5.241 , 192.112.36.4 , 128.63.2.53 , 192.36.148.17 , 192.58.128.30 , 193.0.14.129 , 198.32.64.12 , 202.12.27.33 ; timeout = 5; uptest = query; # Test availability using empty DNS queries. interval = 30m; # Test every half hour. ping_timeout = 300; # Test should time out after 30 seconds. purge_cache = off; exclude = .localdomain; policy = included; preset = off; } */ source { owner=localhost; # serve_aliases=on; file="/etc/hosts"; } /* include {file="/etc/pdnsd.include";} # Read additional definitions from /etc/pdnsd.include. */ rr { name=localhost; reverse=on; a=127.0.0.1; owner=localhost; soa=localhost,root.localhost,42,86400,900,86400,86400; } /* neg { name=doubleclick.net; types=domain; # This will also block xxx.doubleclick.net, etc. } */ /* neg { name=bad.server.com; # Badly behaved server you don't want to connect to. types=A,AAAA; } */