Note! Queries Per Minute (QPM) feature will limit requests from a client subnet based on its IP address and the specified subnet prefix lengths. The QPM limit configured will be compared with the average count from the sample size which means a client may exceed the QPM limit for a given minute but won't exceed for the given sample size in minutes.
+
+
+
+
+
+
+ milliseconds (valid range 1000-10000; default 4000)
+
+
The amount of time the DNS server must wait before responding with a ServerFailure response to a client request when no answer is available.
+
+
+
+
+
+
+ milliseconds (valid range 1000-90000; default 10000)
+
+
The amount of time a TCP socket must wait for an ACK before closing the connection. This option will apply for DNS requests being received by the DNS Server over TCP, TLS, or HTTPS transports.
+
+
+
+
+
+
+ milliseconds (valid range 1000-90000; default 10000)
+
+
The amount of time a TCP socket must wait for data before closing the connection. This option will apply for DNS requests being received by the DNS Server over TCP, TLS, or HTTPS transports.
+
+
@@ -1020,6 +1051,10 @@
+
Note! Disable recursion if you wish this server to act only as authoritative name server for the configured zones.
Note! Disable recursion if you wish this server to act only as authoritative name server for the configured zones.
+
+
+
+
+
+ (valid range 1-10; default 3)
+
+
The total number of retries the recursive resolver must do per name server.
+
+
+
+
+
+
+ milliseconds (valid range 1000-10000; default 2000)
+
+
The amount of time the recursive resolver must wait between retries.
+
+
+
+
+
+
+ (valid range 10-30; default 16)
+
+
The maximum stack count the recursive resolver must use for resolving a domain name.
+
@@ -1068,7 +1130,7 @@
- (recommended 259200 seconds i.e. 3 days)
+ seconds (recommended 259200 i.e. 3 days)
The TTL value in seconds which should be used for cached records that are expired. When the serve stale TTL too expires for a stale record, it gets removed from the cache. Recommended value is between 1-3 days and maximum supported value is 7 days.
@@ -1079,7 +1141,7 @@
- (recommended 10)
+ seconds (recommended 10)
The minimum TTL value that a record can have in the cache. Set a value to make sure that the records with TTL value less than that stays in cache for a minimum duration.
@@ -1088,7 +1150,7 @@
- (default 604800)
+ seconds (default 604800)
The maximum TTL value that a record can have in the cache. Set a lower value to allow the records to expire early.
@@ -1097,7 +1159,7 @@
- (recommended 300)
+ seconds (recommended 300)
The negative TTL value to use when there is no SOA MINIMUM value available.
@@ -1106,7 +1168,7 @@
- (recommended 60)
+ seconds (recommended 60)
The failure TTL value to be used for caching failure responses. This allows storing failure record in cache and prevent frequent recursive resolution requests to the name servers that are responding with ServerFailure.
@@ -1117,7 +1179,7 @@
- (recommended 2)
+ seconds (recommended 2)
The minimum initial TTL value of a record needed to be eligible for prefetching.
@@ -1126,7 +1188,7 @@
- (recommended 9; set 0 to disable prefetching & auto prefetching)
+ seconds (recommended 9; set 0 to disable prefetching & auto prefetching)
A record with TTL value less than trigger value will initiate prefetch operation immediately for itself.
@@ -1449,6 +1511,35 @@
Forwarders are DNS servers which this DNS Server should use to resolve recursive queries. If no forwarders are configured then this DNS server will use preconfigured ROOT SERVERS to perform recursive resolution.
- When using "This Server", if a record does not exists in the zone then the request is forwarded to the DNS server's resolver internally. This allows you to override any record for the forwarded domain name.
+ When using "This Server", if a record does not exists in the zone then the request is forwarded to the DNS server's resolver internally. This allows you to override any record for the forwarded domain name or control its DNSSEC validation.
- When using "This Server", if a record does not exists in the zone then the request is forwarded to the DNS server's resolver internally. This allows you to override any record for the forwarded domain name.
+ When using "This Server", if a record does not exists in the zone then the request is forwarded to the DNS server's resolver internally. This allows you to override any record for the forwarded domain name or control its DNSSEC validation.
-
+
@@ -3173,6 +3264,17 @@ ns1.example.com ([2001:db8::])
The TTL value to be used for DNSKEY records. A lower value will allow quicker addition or rollover to a new DNS Key at the cost of increased frequency of DNSKEY queries by resolvers.
+
+
+
+
+
+ days (valid range 0-365; default 90; set 0 to disable)
+
+
+ The frequency at which the DNS server must automatically rollover all Zone Signing Key (ZSK) keys.
+
+
+
+
+
+
+
+
+
+ days (valid range 0-365; default 90; set 0 to disable)
+
+
+
+
+
+
+ The frequency at which the DNS server must automatically rollover all Zone Signing Key (ZSK) keys.
+