NAME
delphinusdns.conf
—
the delphinus DNS daemon configuration
file
DESCRIPTION
The delphinusdnsd(8) has a default configfile it is called
delphinusdns.conf
and it is found in
/var/delphinusdnsd/etc. You may wonder why there is a missing d, so I ask
you to look up syslogd(8)
and syslog.conf(5)
which also drop the d in the config file. This follows that name
convention.
Delphinusdnsd zonefiles can be packed into the configfile, but this is discouraged. It is encouraged to use zinclude's to include each logical zone separately. This also makes sense from a DNSSEC signing perspective which requires separate zonefiles. The format of zonefiles deviates from RFC 1034 format (BIND format) and I have adopted a CSV (comma separated values) scheme. This scheme requires that all domainnames be written out absolute relative to the DNS root. There is no emphasis on a trailing dot and a trailing dot can be left out on domainnames. It is also necessary to write out a TTL on every RR. Here is an example of the beginning of a zonefile:
zone "delphinusdns.org" { delphinusdns.org,soa,86400,pod.delphinusdns.org.,dns-admin.delphinusdns.org.,2021040404,3600,1200,1209600,86400 delphinusdns.org,ns,86400,pod.delphinusdns.org. delphinusdns.org,ns,86400,job.delphinusdns.org. delphinusdns.org,ns,86400,sky.delphinusdns.org. delphinusdns.org,mx,86400,10,mail.delphinusdns.org [...] }
EXAMPLES
Here is a sample delphinusdns.conf
file:
version "1"; options { interface "lo0"; interface "em0"; ;bind 127.0.0.1; ;bind 192.168.34.4; ratelimit-pps 6; port 53; ;fork 2; log; ;dnssec; ;tcp-on-any-only; axfrport 10053; } axfr-for { 127.0.0.1; ::1; 192.168.0.0/16; } mzone "centroid.eu" { zonename "centroid.eu"; notifydest 192.168.34.1 NOKEY; notifydest ::1 port 8053 NOKEY; } zone "centroid.eu" { centroid.eu,soa,3600,ns1.centroid.eu.,hostcontact.centroid.eu.,2019111901,3600,1800,7200,3600 centroid.eu,ns,3600,somenameserver.delphinusdns.org. centroid.eu,ns,3600,anothernameserver.delphinusdns.org. ; all lines in zone start with domainname, RR Type, RR TTL, RDATA centroid.eu,a,3600,127.0.0.1 centroid.eu,a,3600,10.0.0.10 }
delphinusdns.conf
file suited for
DNSSEC:
version "1"; options { ratelimit-pps 12; bind 127.0.0.1; bind ::1; bind 10.110.99.87; port 32253; log; dnssec; versionstring "delphinusdnsd 1.5.0"; axfrport 10053; } axfr-for { ::1/128; 127.0.0.1/32; 10.110.99.88/32; } mzone "centroid.eu" { zonename "centroid.eu"; notifydest 10.1110.99.88 NOKEY; notifydest ::1 port 8053 NOKEY; } zinclude "/var/delphinusdnsd/primary/centroid.eu.signed";
A forwarding-only config may look like this:
version "1"; options { interface "em0"; interface "lo0"; port 8053; versionstring ""; dnssec; } tsig-auth secret "9qD4Qi4ghqFR1xm0fIwGF9t0aLx+SZWVEPAqEvysZFg="; tsig { 0.0.0.0/0; } forward { incoming-tsig yes; destination 127.0.0.1 port 5353 key NOKEY; forwardstrategy spray; }
Finally below is a sample replicant
delphinusdns.conf
as taken from a
delphinusdnsd with only one zone:
version "1"; options { ratelimit-pps 12; interface "lo0"; interface "vio0"; port 53; log; dnssec; versionstring "delphinusdnsd-20191103"; } include "/var/delphinusdnsd/etc/delphinusdns.tsig"; rzone "ip6.centroid.eu." { constraints 600, 600, 600; bytelimit 65536; ; do make sure you have a tsig {} for this tsigkey "pass"; primaryport 10053; primary 2a01:4f8:162:e700:881c:fe60:3582:f49c; zonename "ip6.centroid.eu."; filename "/var/delphinusdnsd/replicant/ip6.centroid.eu.repl"; }
GRAMMAR
Syntax for delphinusdns.conf
in BNF:
line = ( version | include | zinclude | zone | region | axfr | mzone | passlist | filter | comment | options | forward | rzone | tsig | tsig-auth | tsigpassname ) version = "version" ("number") ; include = "include" ("filename") ; zinclude = "zinclude" ("filename") ; hostname = string zone = "zone" ("hostname") [ "{" zonedata "}" ] zonedata = { [hostname] [ "," dnstype] [ "," ttl ] ["," variablednsdata] } dnstype = ( "a" | "aaaa" | "caa" | "cname" | "dnskey" | "ds" | "eui48" | "eui64" | "hinfo" | "hint" | "https" | "kx" | "mx" | "naptr" | "ns" | "nsec3" | "nsec3param" | "ptr" | "rp" | "rrsig" | "soa" | "srv" | "sshfp" | "svcb" | "tlsa" | "txt" ) ttl = number region = "region" ("string") [ "{" cidrlist "}" cidrlist = { [ cidr-address ] ; ... } axfr = "axfr-for" [ "{" cidrlist "}" ] mzonelist = ( optzonename | optnotifydest | optnotifybind ) optzonename = "zonename" ("string") ; optnotifydest = "notifydest" cidr-address ["port number"] "tsigkey" ; optnotifybind = "notifybind" cidr-address ; mzone = "mzone" ("string") [ "{" mzonelist "}" ] passlist = "passlist" [ "{" cidrlist "}" ] filter = "filter" [ "{" cidrlist "}" ] base64-string = (string) tsig-auth = "tsig-auth" (string) ("base64-string") ; tsig = "tsig" ("string") [ "{" cidrlist "}" ] tsigpassname = "tsigpassname" ("string") [ "{" ("hostname") "}" ] rzone = "rzone" ("string") [ "{" rzonelist "}" ] rzonelist = ( opttsig | optprimary | optprimaryport | optrzonename | optfilename | optconstraints | optbytelimit ) opttsig = "tsigkey" ("string") ; optprimary = "primary" ("cidr-address") ; optprimaryport = "primaryport" (number) ; optrzonename = "zonename" ("string") ; optfilename = "filename" ("string") ; optconstraints = "constraints" (number), (number), (number) ; optbytelimit = "bytelimit" (number) ; forward = "forward" [ "{" forwardlist "}" ] forwardlist = ( optdestination | optstrictx20 | optcache | optincomingtsig | optfudge | optrdomain | optstrategy ) optdestination = "destination" ("cidr-address") "port" ("integer") "key" (string | "NOKEY") ; optstrictx20 = "strictx20" ("yes" | "no") ; optcache = "cache" ("yes" | "no") ; optincomingtsig = "incoming-tsig" ("yes" | "no") ; optfudge = "fudge" (number) ; optrdomain = "rdomain" (number) ; optstrategy = "forwardstrategy" ("single" | "spray") ; comment = ( ; | pound ) line options = "options" [ "{" optionlist "}" ] optionlist = ( optinterface | optfork | optport | optratelimit | optratelimit-cidr | optratelimit-cidr6 | optbind | optdnssec | opttcponanyonly | optmaxudppayload | optnocookies | optcookiesecret | optrdomain | optaxfrport | strictaxfr ) optinterface = "interface" ("string") ; optfork = "fork" (number) ; optratelimit = "ratelimit-pps" (number) ; optratelimit-cidr = "ratelimit-cidr" (number) ; optratelimit-cidr6 = "ratelimit-cidr6" (number) ; optbind = "bind" cidr-address ; optdnssec = "dnssec" ; opttcponanyonly = "tcp-on-any-only" ; optmaxudppayload = "max-udp-payload" (number) ; optnocookies = "nocookies" ; optcookiesecret = "cookie-secret" ("base64string") ; optrdomain = "rdomain" (number) ; optaxfrport = "axfrport" (number) ; optstrictaxfr = "strictaxfr" ;
FILES
/var/delphinusdnsd/etc/delphinusdns.conf
SEE ALSO
AUTHORS
This software was written by Peter J. Philipp ⟨pbug44@delphinusdns.org⟩ and this manual was written with the help of Francisco Gaitan.