dwood3rc-all

# This is an example deadwood rc file showing all parameters in the Deadwood
# man page
# Note that comments are started by the hash symbol

# IP Deadwood runs as
bind_address="127.0.0.1" 

# If you want to read and write the cache from disk, make sure chroot_dir
# is "/etc/deadwood", and that there is a "/etc/deadwood/cache" directory
# owned by the owner of maradns_uid below.  Next, uncomment the following 
# line
#cache_file = "cache/dw_cache"

# Directory we run program from (not used in Win32)
chroot_dir = "/etc/deadwood" 

# The following parameter actually doesn't do anything in Deadwood 3
# This line is disabled by being commented out
#deliver_all = 1

# What port number to listen on
dns_port = 53

# By default, for security reasons, Deadwood does not allow IPs in the
# 192.168.x.x, 172.[16-31].x.x, 10.x.x.x, 127.x.x.x, 169.254.x.x,
# 224.x.x.x, or 0.0.x.x range.  If using Deadwood to resolve names
# on an internal network, set this to 0
filter_rfc1918 = 1

# Send a SERVER FAIL when no upstream reply
handle_noreply = 1

# Send a SERVER FAIL should Deadwood be overloaded
handle_overload = 1

# This parameter doesn't actually do anything in Deadwood 3
#hash_magic_number = 1629222941

# Disable certain IPs in upstream replies
#ip_blocklist = "10.1.2.3, 10.1.2.4"

# User-id Deadwood runs as
maradns_uid = 707

# Group-id Deadwood runs as
maradns_gid = 707

# If this is 1, enable RR rotation.  Otherwise, it is disabled
max_ar_chain = 1

# Maximum number of queries to merge together
max_inflights = 8

# Maximum number of cached elements
# Increase this for an enterprise
maximum_cache_elements = 1024

# Maximum number of pending connections.  
# Increase this for an enterprise
maxprocs = 2048

# Maximum number of TCP connections.  tcp_listen also must be set.
max_tcp_procs = 8

# Maximum time an entry will stay in the cache, in seconds (86400 = one day)
max_ttl = 86400

# Minimum time an entry will stay in the cache in seconds
min_ttl = 180

# The number of times we retry to send a query upstream before giving up.
num_retries = 2

# The RR type we send to resolve glueless records.  Should be 1 (If we
# don't get a NS IP, use an IPv4 A request to solve it)
ns_glueless_type = 1

# This should never be set.  Use secret.txt on Windows and /dev/urandom
# on UNIX and UNIX clones
random_seed_file = "/dev/urandom"

# Lowest port number we randomly bind to for upstream queries
recurse_min_bind_port = 15000

# Number of ports to bind to.  Must be a power of 2
recurse_number_ports = 4096

# Who is allowed to use the cache
recursive_acl =  "127.0.0.1/16"
recursive_acl += ", 10.1.0.0/16" 
recursive_acl += ", 192.168.1.0/24" 

# Whether to not resolve AAAA (IPv6) queries.  This should be 1 on IPv4-only
# networks; default is 0
reject_aaaa = 0

# Whether to not resolve PTR (Reverse DNS lookup) queries.  Some things will
# speed up if this has a value of 1
reject_ptr = 0

# Should Deadwood send an expired record in the cache to the user 
# before giving up? The following line tells Deadwood to fetch an 
# expired record if it's impossible to connect to any nameservers
resurrections = 1

# ICANN DNS root servers (Deadwood default if both root_servers and
# upstream_servers are not defined)
# Please note that each root_servers entry takes up space in Deadwood's
# cache and that maximum_cache_elements will need to be increased to store
# a large number of these entries.
#root_servers = {}
#root_servers["."]="198.41.0.4, 170.247.170.2, 192.33.4.12, 199.7.91.13,"
#root_servers["."]+="192.203.230.10, 192.5.5.241, 192.112.36.4, "
#root_servers["."]+="198.97.190.53, 192.36.148.17, 192.58.128.30, "
#root_servers["."]+="193.0.14.129, 199.7.83.42, 202.12.27.33"
#root_servers["phish.example.com."]="10.254.254.254"

# Should we have DNS-over-TCP?  Usually, no.
tcp_listen = 0

# How long Deadwood will wait before giving up and discarding a 
# pending UDP DNS reply.
timeout_seconds = 1

# How long to wait on an idle TCP connection before dropping it.  Does nothing
# unless tcp_listen is 1
timeout_seconds_tcp = 4

# Should we age TTLs of entries fetched from the cache?
ttl_age = 1

# This is the port Deadwood uses to connect or send packets to the
# upstream servers.
upstream_port = 53

# Servers we connect to that themselves recursively solve DNS records
# Please note that each upstream_servers entry takes up space in Deadwood's
# cache and that maximum_cache_elements will need to be increased to store
# a large number of these entries.
#upstream_servers = {}
#upstream_servers["."]="8.8.8.8, 8.8.4.4" 

# We can have given names resolve to bogus IPv4 addresses.  Here, we
# have the name "maradns.foo" resolve to "10.10.10.10" and "kabah.foo"
# resolve to "10.11.11.11", regardless of what real values these DNS
# records may have.  Note that a given name can only resolve to a
# single IP, and that the records have a fixed TTL of 30 seconds.
ip4 = {}
ip4["maradns.foo."] = "10.10.10.10"
ip4["kabah.foo."] = "10.11.11.11"

# We can also use a similar syntax to have bogus IPv6 addresses.
# We don't use standard notation for IPv6 addresses.  Instead, we
# we use 32-character hex addresses (case insensitive); to make
# it easier to count long strings of "0"s, the "_" acts like a 0
# It is also allowed to add "-" (dash) and " " (space) to IPv6 strings
ip6 = {}
ip6["maradns.foo."] = "20010db84d617261444e530000001234"
ip6["kabah.foo."] = "2001-0DB8-4D61-7261 444E-5300-__00-2345"

# How many messages to log.  Higher means more messages.
verbose_level = 3

# If this is 0, we allow ANY queries
rfc8482 = 1