144 lines
3 KiB
Groff
144 lines
3 KiB
Groff
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
|
.TH "COREDNS-FILE" 7 "August 2020" "CoreDNS" "CoreDNS Plugins"
|
|
|
|
.SH "NAME"
|
|
.PP
|
|
\fIfile\fP - enables serving zone data from an RFC 1035-style master file.
|
|
|
|
.SH "DESCRIPTION"
|
|
.PP
|
|
The \fIfile\fP plugin is used for an "old-style" DNS server. It serves from a preloaded file that exists
|
|
on disk. If the zone file contains signatures (i.e., is signed using DNSSEC), correct DNSSEC answers
|
|
are returned. Only NSEC is supported! If you use this setup \fIyou\fP are responsible for re-signing the
|
|
zonefile.
|
|
|
|
.SH "SYNTAX"
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
file DBFILE [ZONES...]
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.IP \(bu 4
|
|
\fBDBFILE\fP the database file to read and parse. If the path is relative, the path from the \fIroot\fP
|
|
plugin will be prepended to it.
|
|
.IP \(bu 4
|
|
\fBZONES\fP zones it should be authoritative for. If empty, the zones from the configuration block
|
|
are used.
|
|
|
|
|
|
.PP
|
|
If you want to round-robin A and AAAA responses look at the \fIloadbalance\fP plugin.
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
file DBFILE [ZONES... ] {
|
|
transfer to ADDRESS...
|
|
reload DURATION
|
|
}
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.IP \(bu 4
|
|
\fB\fCtransfer\fR enables zone transfers. It may be specified multiples times. \fB\fCTo\fR or \fB\fCfrom\fR signals
|
|
the direction. \fBADDRESS\fP must be denoted in CIDR notation (e.g., 127.0.0.1/32) or just as plain
|
|
addresses. The special wildcard \fB\fC*\fR means: the entire internet (only valid for 'transfer to').
|
|
When an address is specified a notify message will be sent whenever the zone is reloaded.
|
|
.IP \(bu 4
|
|
\fB\fCreload\fR interval to perform a reload of the zone if the SOA version changes. Default is one minute.
|
|
Value of \fB\fC0\fR means to not scan for changes and reload. For example, \fB\fC30s\fR checks the zonefile every 30 seconds
|
|
and reloads the zone when serial changes.
|
|
|
|
|
|
.SH "EXAMPLES"
|
|
.PP
|
|
Load the \fB\fCexample.org\fR zone from \fB\fCexample.org.signed\fR and allow transfers to the internet, but send
|
|
notifies to 10.240.1.1
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
example.org {
|
|
file example.org.signed {
|
|
transfer to *
|
|
transfer to 10.240.1.1
|
|
}
|
|
}
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.PP
|
|
Or use a single zone file for multiple zones:
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
\&. {
|
|
file example.org.signed example.org example.net {
|
|
transfer to *
|
|
transfer to 10.240.1.1
|
|
}
|
|
}
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.PP
|
|
Note that if you have a configuration like the following you may run into a problem of the origin
|
|
not being correctly recognized:
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
\&. {
|
|
file db.example.org
|
|
}
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.PP
|
|
We omit the origin for the file \fB\fCdb.example.org\fR, so this references the zone in the server block,
|
|
which, in this case, is the root zone. Any contents of \fB\fCdb.example.org\fR will then read with that
|
|
origin set; this may or may not do what you want.
|
|
It's better to be explicit here and specify the correct origin. This can be done in two ways:
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
\&. {
|
|
file db.example.org example.org
|
|
}
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.PP
|
|
Or
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
example.org {
|
|
file db.example.org
|
|
}
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.SH "ALSO SEE"
|
|
.PP
|
|
See the \fIloadbalance\fP plugin if you need simple record shuffling.
|
|
|