DELPHINUSDNS.CONF(5) File Formats Manual DELPHINUSDNS.CONF(5)

delphinusdns.confthe delphinus DNS daemon configuration file

The delphinusdnsd(8) has a default configfile it is called delphinusdns.conf and it is found in /var/delphinusdnsd/etc. You may wonder why there is a missing d, so I ask you to look up syslogd(8) and syslog.conf(5) which also drop the d in the config file. This follows that name convention.

Here is a sample delphinusdns.conf file:

version "1";
options "cool stuff" {
	interface "lo0";
	interface "em0";

	;bind 127.0.0.1;
	;bind 192.168.34.4;

	ratelimit-pps 6;

	port 53;

	;fork 2;
	log;
	;dnssec;
	;tcp-on-any-only;
}

axfrport "10053";

axfr-for "these hosts" {
	127.0.0.1;
	::1;
	192.168.0.0/16;
}

mzone "centroid.eu" {
	zonename "centroid.eu";
	notifydest 192.168.34.1 NOKEY;
	notifydest ::1 port 8053 NOKEY;
}

zone "centroid.eu" {
	centroid.eu,soa,3600,ns1.centroid.eu.,hostmaster.centroid.eu.,2019111901,3600,1800,7200,3600
	centroid.eu,ns,3600,somenameserver.delphinusdns.org.
	centroid.eu,ns,3600,anothernameserver.delphinusdns.org.
	; all lines in zone start with domainname, RR Type, RR TTL, RDATA
	centroid.eu,a,3600,127.0.0.1
	centroid.eu,a,3600,10.0.0.10
}
Here is a sample delphinusdns.conf file suited for DNSSEC:
version "1";
options "some options" {
        ratelimit-pps 12;
        bind 127.0.0.1;
        bind ::1;
        bind 10.110.99.87;
        port 32253;
        log;
        dnssec;
        versionstring "delphinusdnsd 1.5.0";
}
axfr-for "these hosts" {
        ::1/128;
        127.0.0.1/32;
        10.110.99.88/32;
}

axfrport "10053";

mzone "centroid.eu" {
	zonename "centroid.eu";
	notifydest 10.1110.99.88 NOKEY;
	notifydest ::1 port 8053 NOKEY;
}


zinclude "/var/delphinusdnsd/master/centroid.eu.signed";

Then the included files are output of dddctl(8)

A forwarding-only config may look like this:

version "1";

options "this mess" {
        interface "em0";
        interface "lo0";
        port 8053;
        versionstring "";
        dnssec;
}

tsig-auth secret "9qD4Qi4ghqFR1xm0fIwGF9t0aLx+SZWVEPAqEvysZFg=";
tsig "these hosts" {
        0.0.0.0/0;
}

forward "to these hosts" {
        incoming-tsig yes;
        destination 127.0.0.1 port 5353 key NOKEY;
}

Finally below is a sample replicant delphinusdns.conf as taken from a delphinusdnsd with only one zone:

version "1";

options "arrowhead" {
        ratelimit-pps 12;
        interface "lo0";
        interface "vio0";
        port 53;
        log;
        dnssec;
        versionstring "delphinusdnsd-20191103";
}

include "/var/delphinusdnsd/etc/delphinusdns.tsig";

rzone "ip6.centroid.eu." {
	constraints 600, 600, 600;
	bytelimit 65536;
	; do make sure you have a tsig "" {} for this
        tsigkey "pass";
        masterport 10053;
        master 2a01:4f8:162:e700:881c:fe60:3582:f49c;
        zonename "ip6.centroid.eu.";
        filename "/var/delphinusdnsd/replicant/ip6.centroid.eu.repl";
}

Notice the /var/delphinusdnsd/replicant/ directory, this is a hardcoded path.

Syntax for delphinusdns.conf in BNF:

line = ( version | axfrport | include | zinclude | zone | region |
	axfr | mzone | passlist | filter | recurse | comment |
		options | forward | rzone )

version = "version" ("number") ;

axfrport = "axfrport" ("port number") ;

include = "include" ("filename") ;

zinclude = "zinclude" ("filename") ;

zone = "zone" ("string") [ "{" zonedata "}" ]
zonedata = { [hostname] [ "," dnstype] [ "," ttl ] ["," variablednsdata] }
hostname = string
dnstype = ( 	"a" | "aaaa" | "cname" | "dnskey" | "ds" | "mx" | "naptr" |
		"ns" | "nsec3" | "nsec3param" | "ptr" | "rrsig" |
		"soa" | "srv" | "sshfp" | "tlsa" | "txt" | "hint" )

ttl = number

region = "region" ("string") [ "{" cidrlist "}"


cidrlist = { [ cidr-address ] ; ... }

axfr = "axfr-for" ("string") [ "{" cidrlist "}" ]

mzonelist = ( optzonename | optnotifydest | optnotifybind )
optzonename = "zonename" ("string") ;
optnotifydest = "notifydest" cidr-address ["port number"] "tsigkey" ;
optnotifybind = "notifybind" cidr-address ;

mzone = "mzone" ("string") [ "{" mzonelist "}" ]

passlist = "passlist" ("string") [ "{" cidrlist "}" ]

filter = "filter" ("string") [ "{" cidrlist "}" ]

recurse = "recurse-for" ("string") [ "{" cidrlist "}" ]

base64-string = (string)
tsig-auth = "tsig-auth" (string) ("base64-string") ;
tsig = "tsig" ("string") [ "{" cidrlist "}" ]

rzone = "rzone" ("string") [ "{" rzonelist "}" ]
rzonelist = ( opttsig | optmaster | optmasterport | optrzonename |
		optfilename | optconstraints | optbytelimit )

opttsig = "tsigkey" ("string") ;
optmaster = "master" ("cidr-address") ;
optmasterport = "masterport"  (number) ;
optrzonename = "zonename" ("string") ;
optfilename = "filename" ("string") ;
optconstraints = "constraints" (number), (number), (number) ;
optbytelimit = "bytelimit" (number) ;


forward = "forward" ("string") [ "{" forwardlist "}" ]
forwardlist = ( optdestination | optstrictx20 | optcache | optincomingtsig )

optdestination = "destination" ("cidr-address") "port" ("integer") "key"
			(string | "NOKEY") ;
optstrictx20 = "strictx20" ("yes" | "no") ;
optcache =  "cache" ("yes" | "no") ;
optincomingtsig = "incoming-tsig" ("yes" | "no") ;

comment = ( ; | pound ) line

options = "options" ("string") [ "{" optionlist "}" ]
optionlist = ( optrecurse | optinterface | optfork | optport |
		optratelimit | optbind | optdnssec | opttcponanyonly)
optrecurse = "recurse" ;
optinterface = "interface" ("string") ;
optfork = "fork" number ;
optratelimit = "ratelimit-pps" number ;
optbind = "bind" cidr-address ;
optdnssec = "dnssec" ;
opttcponanyonly = "tcp-on-any-only" ;

/var/delphinusdnsd/etc/delphinusdns.conf

dddctl(8), delphinusdnsd(8)

This software and manual was written by Peter J. Philipp ⟨petphi@delphinusdns.org⟩

September 25, 2020 OpenBSD 6.7