NameSurfer Suite
The primary DNS server configuration file
FusionLayer
HELP
  Table of contents
   Exit help

NameSurfer 7.6.4.1


The configuration file config/server.conf in the NameSurfer directory tree contains a number of configurable settings in a simple, human-readable text format. It is read by the NameSurfer primary DNS server process on startup. Changes made to this file will not take effect until the process is killed and restarted.

Each setting is entered on a line of its own as a "name: value" pair. Empty lines and comments beginning with a # character are allowed. The following settings are supported:

index_on_startup (true or false), default false
Deprecated.

primary_addr (character string), default <none>
The IP address of this host (the host on which NameSurfer primary name server runs). This address is used by the secondary name servers to perform zone transfers.

dns_port (integer), default 8054
The port number where NameSurfer daemon listens for DNS queries and zone transfer requests (both UDP and TCP).

notify (true or false), default true
When true, NameSurfer daemon sends DNS NOTIFY messages (RFC1996) to the secondary name servers whenever changes are made to local DNS data.

notify_only (character string), default <none>
When set, NameSurfer daemon sends DNS NOTIFY messages only to the servers specified in this list, and does not notify servers listed in NS and ALSO_NOTIFY records.

bind_addr IPv4_address
Bind FusionLayer NameSurfer to specified IPv4 address.

bind_addr6 IPv6_address
Bind FusionLayer NameSurfer to specified IPv6 address.

max_children (integer), default 2
A soft limit on the maximum number of simultaneous child processes that may be spawned by NameSurfer daemon. Additional child processes may be created in above of this limit, but their creation will be delayed in order to limit server load.

translog_expire_days (integer), default 90
Discard old transaction log data after this many days.

translog_expire_at (character string), default 04:00
Perform the expiration of old transaction log data at this time of the day. This is a string in 24-hour format (hh:mm).

max_message_len (integer), default 10000000
A limit on the size of network messages accepted by the server process. This size limit should be large enough to contain all the data for your largest zone, but small enough for a malicious user not to exhaust memory by sending a giant message.

recursive_name_server (character string), default <none>
The IP address of a name server providing recursive name service, for example, a BIND server. This is needed to resolve addresses for RFC1996 notify messages. If you run NameSurfer primary DNS server and BIND on the same machine, this can simply be the machine's own IP address.

forwarder_address (character string), default
The IP address of a name server providing recursive name service, for example, a BIND server. If this option is defined, ordinary queries for the zones NameSurfer is not authoritative for will be redirected to this name server.

allow_insecure_updates (true or false), default false
When true, RFC2136 DynDNS update messages will be accepted allowing anyone on the Internet to make changes to the DNS data. We strongly recommend against turning it on in customer installations. When false, update messages are only accepted from hosts whose IP addresses are defined in the option "allow_insecure_updates_from". Secure dynamic updates (that is, updates signed with a Transaction Signature (TSIG)) are always accepted.

allow_insecure_updates_from (character string), default
A comma-separated list of the IP addresses of hosts that are allowed to make insecure RFC2136 DynDNS updates. Note that the server cannot detect IP address spoofing, so this option cannot be considered secure if the server is reachable from the Internet. If empty, only secure dynamic updates are accepted. The syntax of list elements can be one of the following: 1. a single IP address like 10.10.10.10 2. IP address ranges, such as 10.10.10.10-11.11.11.11 or 10.10.10.10-17 3. IP subnetworks such as 10.10.10.0/24 or 10.10.10.0:255.255.255.240

log_events (character string), default security,fatal,error,warning,update,bindconf
A comma-separated list of events that should be logged in the log file (logs/namesurfer.log). The events that can be logged are:

security
Security-related messages
fatal
Fatal server errors (causing the server to exit)
error
Non-fatal server errors
warning
Server warning messages
update
Changes made to the dns data
bindconf
Invocation of the bindconf utility
translog
Periodic transaction log cleanups
axfr
Outgoing zone transfers
debug
Debugging messages

self_mx_special (true or false), default false
This configuration option affects the operation of MX selector boxes in the web user interface. When true, MX record pointing back at the host itself is treated as a special "MX pointing to self" token rather than as an ordinary MX record pointing to the specific host in question. This will reduce the number of alternatives offered to the user in the MX selector box.

format_serial_number (true or false), default true
When true, the automatic serial number incrementation of NameSurfer is based on the date. The serial number is incremented in "yyyymmddnn" format. This format allows for a number of 100 changes per day. When false, the serial number is incremented automatically by 1.

allow_multiple_cnames (true or false), default false
Strict DNS implementation does not allow multiple CNAMEs with the same name, although some existing implementations (including BIND) do allow it. This option is provided for compatibility with these implementations.

global_changelog (true or false), default false
By default global ChangeLog contains only information about addition and deletion of zones. All the changes made to existing zones are logged in zone ChangeLog files. If this option is set to "true" changes made in the zone are also duplicated to global ChangeLog.

tcp_connections_limit (integer), default 30
Limit for the number of simultaneous TCP connections.

tld_first_sorting (true or false), default true
This option controls nodes sorting order. If it is true, node name is less important than domain name, otherwise it is more important.

bindconf_oldstyle (true or false), default false
This option controls secondary server update style. If set to "true" it updates the secondary server in the "old" NameSurfer 3 style. Which mens new zone is added to the secondary server immediatelly.

local_notify_lookup (true or false), default true
When true, FusionLayer NameSurfer daemon tries to look up IP addresses of the DNS servers to notify from local database first, before attempting to resolve them through the recursive name server. This setting is most useful when the recursive server relies on data provided by the FusionLayer NameSurfer primary and thus doesn't necessarily have the information requested by the primary prior to fetching it from there.

gss_input_name (character string), default <none>
Input name to init GSS-API.

use_syslog (true_or_false), default false
When true, FusionLayer NameSurfer server components will use the system's syslog facility for most logging instead of writing to the FusionLayer NameSurfer's own log files.

syslog_facility local0
Specifies the syslog facility identifier to use for logging when configured to use syslog. If the configured facility name is unrecognized, the 'user' facility will be used instead.