dnsconfd.conf - Man Page

dnsconfd configuration file

Description

Dnsconfd.conf is YAML formatted configuration file altering behaviour of Dnsconfd.

Options

dbus_name

DBUS name that dnsconfd should use, default com.redhat.dnsconfd

log_level

Log level of dnsconfd, default INFO

resolv_conf_path

Path to resolv.conf that the dnsconfd should manage, default /etc/resolv.conf

prioritize_wire

If set to yes then wireless interfaces will have lower priority, default yes

listen_address

Address on which local resolver listens, default 127.0.0.1

resolver_options

Options to be used in resolv.conf for alteration of resolver, default "edns0 trust-ad"

dnssec_enabled

Enable dnssec record validation, default no

handle_routing

Dnsconfd will submit necessary routes to routing manager, default yes

api_choice

Dnsconfd will switch between APIs. Allowed options are resolve1 and dnsconfd. Default is dnsconfd

stderr_log

Dnsconfd will write logs into stderr, default yes

journal_log

Dnsconfd will send logs into journal, default no

syslog_log

Dnsconfd will send logs into syslog destination specified by this option, by default disabled. See command line option for destination specification syntax.

file_log

Dnsconfd will write logs into specified file, not used by default

certification_authority

Absolute path to a bundle of certification authorities that will be used when no custom were specified.

static_servers

List of servers that should be configured, default is empty

certification_authority

Space separated list of CA bundles used for encrypted protocols as default when no custom CA was specified. The first one that can be accessed will be used, default /etc/pki/dns/extracted/pem/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Available attributes of servers are:

· address required, string of servers ip address
· protocol optional, DoT or plain
· name optional, name that should be present in server's TLS certificate
· port optional, port on which server is listening. If not given then 53 is used for plain protocol and 853 for DoT
· routing_domains optional, domains whose resolution should be performed through this server
· search_domains optional, domains that should be used for host-name lookup
· nssec optional, boolean indicating whether this server supports dnssec or not
· 0tworks optional, networks whose reverse dns records must be resolved by this server

Examples:

Enabling one global server using DNS over TLS

static_servers:
  - address: 192.168.6.3
    protocol: "DoT"
    name: named

Enabling one server for specific domain and second for everything else

static_servers:
   - address: 192.168.6.3
   - address: 192.168.6.4
     routing_domains:
       - example.com

ignore_api

If enabled, dnsconfd will ignore configuration received through API, default no

Reporting Bugs

Please for reporting bugs use Github repository https://github.com/InfrastructureServices/dnsconfd

See Also

dnsconfd(8) Dnsconfd daemon dnsconfd-status(8) Checking status of dnsconfd dnsconfd-reload(8) Reload running cache service dnsconfd-config(8) Change configuration of host dnsconfd-update(8) Change Dnsconfd configuration

Referenced By

dnsconfd(8), dnsconfd-config(8), dnsconfd-reload(8), dnsconfd-status(8).

19 Feb 2025 dnsconfd-1.7.2