# Autogenerated configuration file template
#################################
# aaaa-additional-processing	turn on to do AAAA additional processing (slow)
#
# aaaa-additional-processing=off

#################################
# allow-from	If set, only allow these comma separated netmasks to recurse
#
#allow-from=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
allow-from=

#################################
# allow-from-file	If set, load allowed netmasks from this file
#
# allow-from-file=

#################################
# auth-can-lower-ttl	If we follow RFC 2181 to the letter, an authoritative server can lower the TTL of NS records
#
# auth-can-lower-ttl=off

#################################
# auth-zones	Zones for which we have authoritative data, comma separated domain=file pairs 
#
# auth-zones=

#################################
# chroot	switch to chroot jail
#
# chroot=

#################################
# client-tcp-timeout	Timeout in seconds when talking to TCP clients
#
# client-tcp-timeout=2

#################################
# config-dir	Location of configuration directory (recursor.conf)
#
# config-dir=/etc/powerdns/
config-dir={{WORKING_DIR}}

#################################
# daemon	Operate as a daemon
#
daemon=no

#################################
# delegation-only	Which domains we only accept delegations from
#
# delegation-only=

#################################
# disable-edns	Disable EDNS
#
# disable-edns=

#################################
# disable-edns-ping	Disable EDNSPing
#
# disable-edns-ping=no

#################################
# disable-packetcache	Disable packetcache
#
# disable-packetcache=no

dnssec={% if TRUST_ANCHORS|length > 0 %}validate{%else%}process{%endif%}

#################################
# dont-query	If set, do not query these netmasks for DNS data
#
# dont-query=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
dont-query=

# prevent unnecessary fallbacks in Deckard
edns-outgoing-bufsize=4096

#################################
# entropy-source	If set, read entropy from this file
#
# entropy-source=/dev/urandom

#################################
# etc-hosts-file	Path to 'hosts' file
#
# etc-hosts-file=/etc/hosts

#################################
# export-etc-hosts	If we should serve up contents from /etc/hosts
#
# export-etc-hosts=off

#################################
# forward-zones	Zones for which we forward queries, comma separated domain=ip pairs
#
# forward-zones=

#################################
# forward-zones-file	File with (+)domain=ip pairs for forwarding
#
# forward-zones-file=

#################################
# forward-zones-recurse	Zones for which we forward queries with recursion bit, comma separated domain=ip pairs
#
# forward-zones-recurse=
{% if FORWARD_ADDR %}
forward-zones-recurse=.={{FORWARD_ADDR}}
{% endif %}

#################################
# hint-file	If set, load root hints from this file
#
# hint-file=
{% if ROOT_ADDR %}
hint-file=hints.pdns
{% endif %}

#################################
# ignore-rd-bit	Assume each packet requires recursion, for compatability
#
# ignore-rd-bit=off

#################################
# local-address	IP addresses to listen on, separated by spaces or commas. Also accepts ports.
#
local-address={{SELF_ADDR}}

#################################
# local-port	port to listen on
#
local-port=53

#################################
# log-common-errors	If we should log rather common errors
#
# log-common-errors=yes

#################################
# logging-facility	Facility to log messages as. 0 corresponds to local0
#
# logging-facility=

lua-config-file={{WORKING_DIR}}/dnssec.lua

#################################
# lua-dns-script	Filename containing an optional 'lua' script that will be used to modify dns answers
#
# lua-dns-script=

#################################
# max-cache-entries	If set, maximum number of entries in the main cache
#
# max-cache-entries=1000000
max-cache-entries=1000000

#################################
# max-cache-ttl	maximum number of seconds to keep a cached entry in memory
#
# max-cache-ttl=86400

#################################
# max-mthreads	Maximum number of simultaneous Mtasker threads
#
# max-mthreads=2048

#################################
# max-negative-ttl	maximum number of seconds to keep a negative cached entry in memory
#
# max-negative-ttl=3600

#################################
# max-packetcache-entries	maximum number of entries to keep in the packetcache
#
# max-packetcache-entries=500000

#################################
# max-tcp-clients	Maximum number of simultaneous TCP clients
#
# max-tcp-clients=128

#################################
# max-tcp-per-client	If set, maximum number of TCP sessions per client (IP address)
#
# max-tcp-per-client=0

#################################
# network-timeout	Wait this nummer of milliseconds for network i/o
#
# network-timeout=1500

#################################
# no-shuffle	Don't change
#
# no-shuffle=off

#################################
# packetcache-servfail-ttl	maximum number of seconds to keep a cached servfail entry in packetcache
#
# packetcache-servfail-ttl=60

#################################
# packetcache-ttl	maximum number of seconds to keep a cached entry in packetcache
#
# packetcache-ttl=3600

#################################
# pdns-distributes-queries	If PowerDNS itself should distribute queries over threads (EXPERIMENTAL)
#
# pdns-distributes-queries=no

#################################
# processes	Launch this number of processes (EXPERIMENTAL, DO NOT CHANGE)
#
# processes=1

#################################
# query-local-address	Source IP address for sending queries
#
{% if ':' in SELF_ADDR %}
query-local-address=0.0.0.0
query-local-address6={{SELF_ADDR}}
{% else %}
query-local-address={{SELF_ADDR}}
query-local-address6=::
{% endif %}

#################################
# query-local-address6	Source IPv6 address for sending queries
# query-local-address6=::

#################################
# quiet	Suppress logging of questions and answers
#
quiet=no

#################################
# remotes-ringbuffer-entries	maximum number of packets to store statistics for
#
# remotes-ringbuffer-entries=0

security-poll-suffix=

#################################
# serve-rfc1918	If we should be authoritative for RFC 1918 private IP space
#
serve-rfc1918=no

#################################
# server-id	Returned when queried for 'server.id' TXT or NSID, defaults to hostname
#
# server-id=

#################################
# setgid	If set, change group id to this gid for more security
#
#setgid=pdns

#################################
# setuid	If set, change user id to this uid for more security
#
#setuid=pdns

#################################
# single-socket	If set, only use a single socket for outgoing queries
#
# single-socket=off

#################################
# soa-minimum-ttl	Don't change
#
# soa-minimum-ttl=0

#################################
# soa-serial-offset	Don't change
#
# soa-serial-offset=0

#################################
# socket-dir	Where the controlsocket will live
#
socket-dir={{WORKING_DIR}}

#################################
# socket-group	Group of socket
#
# socket-group=

#################################
# socket-mode	Permissions for socket
#
# socket-mode=

#################################
# socket-owner	Owner of socket
#
# socket-owner=

#################################
# spoof-nearmiss-max	If non-zero, assume spoofing after this many near misses
#
# spoof-nearmiss-max=20

#################################
# stack-size	stack size per mthread
#
# stack-size=200000

#################################
# threads	Launch this number of threads
#
threads=1

#################################
# trace	if we should output heaps of logging
#
trace=on

#################################
# version-string	string reported on version.pdns or version.bind
#
# version-string=PowerDNS Recursor 3.3 $Id: pdns_recursor.cc 1712 2010-09-11 13:40:03Z ahu $