Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  YADIFAD.CONF (5)


yadifad.conf - configuration file for yadifad(8).


See Also
Mailing Lists
License And Copyright




The configuration of yadifad has several containers:
<main> General container
  Description of the domain name in specific attributes
  Description of the logger outputs
  Description of the loggers
<key> TSIG keys
<acl> Access lists.
The configuration supports included files.
example: include /etc/yadifa/conf.d/local.conf
The configuration files can be nested.
The configuration consists of:
* Container, which starts with <container name> and ends with </container name>
* Variable name
* 1 or 2 arguments
* Arguments can contain 1 or more comma separated values.

        # variable  argument
        variable    value1 
        # variable  argument1       argument2
        variable    value1          value2
        # variable  argument1
        variable    value1,value2


Examples of containers defined for a configuration file.

* Main
1. Config with includes

# start yadifad.conf <main> container
        include /etc/yadifa/conf.d/local.conf
# end yadifad.conf <main> container

2. Main without includes
        # Detach from the console
        daemon                  off

# Jail the application chroot off

# The path of the log files logpath "/var/log/yadifa"

# The location of the pid file pidfile "/var/run/yadifa/"

# The path of the zone files datapath "/var/lib/yadifa"

# The path of the DNSSEC keys keyspath "/var/lib/yadifa/keys"

# The path of the transfer and journaling files (AXFR & IXFR) xfrpath "/var/lib/yadifa/xfr"

# A string returned by a query of hostname. CH TXT # note: if you leave this out, the real hostname will be given back hostname "server-yadifad"

# An ID returned by a query to id.server. CH TXT serverid "yadifad-01"

# The version returned by a query to version.yadifa. CH TXT version "2.1.3"

# Set the maximum UDP packet size. # note: the packetsize cannot be less than 512 or more than 65535. # Typical choice is 4096. edns0-max-size 4096

# The maximum number of parallel TCP queries. max-tcp-queries 100

# The user id to use uid yadifa

# The group id to use gid yadifa

# The DNS port - any DNS query will use that port unless a specific value is used port 53

# The interfaces to listen to. # listen listen,, port 8053, 2001:db8::2

# Enable the collection and logging of statistics statistics on

# Drop queries with erroneous content # # answer-formerr-packets on answer-formerr-packets off

# Maximum number of records in an AXFR packet. Set to 1 for compatibility # with very old name servers axfr-maxrecordbypacket 0

# Global Access Control rules # # Rules can be defined on network ranges, TSIG signatures, and ACL rules

# simple queries: # # allow-query any allow-query !,any

# dynamic update of a zone # # allow-update none allow-update admins

# dynamic update of a slave (forwarded to the master) # # allow-update-forwarding none allow-update-forwarding admins,key abroad-admin-key

# transfer of a zone (AXFR or IXFR) # # allow-transfer any allow-transfer transferer

# notify of a change in the master # # allow-notify any allow-notify master,admins

# If YADIFA has the controller enabled, allow control only for these # clients (none by default) allow-control localhost


* Key
TSIG-key configuration

1. Admin-key key definition (the name is arbitrary)

        name        abroad-admin-key
        algorithm   hmac-md5
        secret      WorthlessKeyForExample==

2. Master-slave key definition

        name        master-slave
        algorithm   hmac-md5
        secret      MasterAndSlavesTSIGKey==

Access Control List definitions

1. Master-slave key use

    transferer  key master-slave
    admins, 2001:db8::74
    localhost, ::1

* Zone

1. Master domain zone config

        # This server is master for that zone (mandatory)
        type        master

# The domain name (mandatory) domain

# The zone file, relative to ’datapath’ (mandatory for a master) file master/

# List of servers also notified of a change (beside the ones in the zone file) also-notify, </zone>

2. Slave domain zone config

        # This server is slave for that zone (mandatory)
        type        slave

# The domain name (mandatory) domain

# The address of the master (mandatory for a slave, forbidden for a master) masters port 4053 key master-slave

# The zone file, relative to ’datapath’. file slaves/ </zone>

* Channels
Logging output-channel configurations:
The "name" is arbitrary and is used in the <loggers>.
The "stream-name" defines the output type (ie: a file name or syslog).
The "arguments" are specific to the output type (ie: unix file access rights or syslog options and facilities).


1. Example: YADIFA running as daemon channel definition.

#   name        stream-name     arguments
    database    database.log    0644
    dnssec      dnssec.log      0644
    server      server.log      0644
    statistics  statistics.log  0644
    system      system.log      0644
    queries     queries.log     0644
    zone        zone.log        0644
    all         all.log         0644

syslog syslog user </channels>

2. Example: YADIFA running in debug mode.
This example shows the "stderr" and "stdout" which can also be used in the first example, but will output to the console.

#   name        stream-name     arguments
    syslog      syslog          user

stderr STDERR stdout STDOUT </channels>

* Loggers
Logging input configurations:
The "bundle" name is predifined: database, dnssec, server, statistics, system, zone.
The "debuglevel" uses the same names as syslog or "*" or "all" to filter the input.
The "channels" are a comma-separated list of channels.

1. Example without syslog

#   bundle          debuglevel                          channels
    database        ALL                                 database,all
    dnssec          warning                             dnssec,all
    server          INFO,WARNING,ERR,CRIT,ALERT,EMERG   server,all
    statistics      *                                   statistics
    system          *                                   system,all
    queries         *                                   queries
    zone            *                                   zone,all

2. Example with syslog

#   bundle          debuglevel                          channels
    database        ALL                                 database,syslog
    dnssec          warning                             dnssec,syslog
    server          INFO,WARNING,ERR,CRIT,ALERT,EMERG   server,syslog
    stats           *                                   statistics, syslog
    system          *                                   system,syslog
    queries         *                                   queries,syslog
    zone            *                                   zone,syslog

The defined loggers are:

  contains low level messages about the system such as memory allocation, threading, IOs, timers and cryptography, ...
  It contains messages about most lower-level operations in the DNS database. ie: journal, updates, zone loading and sanitization, DNS message query resolution, ...)
  contains messages about lower-level dnssec operations in the DNS database. ie: status, maintenance, verification, ...
  contains messages about operations in the DNS server. ie: start up, shutdown, configuration, transfers, various services status (database management, network management, DNS notification management, dynamic update management, resource rate limiting, ...)
zone contains messages about the loading of a zone from a source (file parsing, transferred binary zone reading, ...)
stats contains the statistics of the server.
  contains the queries on the server. Queries can be logged with the BIND and/or with the YADIFA format.
BIND format:
client sender-ip#port: query: fqdn class type +SETDC (listen-ip)
YADIFA format:
query [ id ] {+SETDC} fqdn class type (sender-ip#port)
id is the query message id
+ means the message has the Recursion Desired flag set
S means the message is signed with a TSIG
E means the message is EDNS
T means the message was sent using TCP instead of UDP
D means the message has the DNSSEC OK flag set
C means the message has the Checking Disabled flag set
fqdn is the queried FQDN
class is the queried class
type is the queried type
  is the IP of the client that sent the query
port is the port of the client that sent the query
  is the listen network interface that received the message

Note that on YADIFA any unset flag is replaced by a ’-’, on BIND only the ’+’ follows that rule.

System operators will mostly be interested in the info and above messages of queries and stats, as well as the error and above messages of the other loggers.




Since unquoted leading whitespace is generally ignored in the yadifad.conf you can indent everything to taste.


Please check the file ChangeLog from the sources.


Version: 2.1.3 of 2015-08-14.


There exists a mailinglist for questions relating to any program in the yadifa package:

for submitting questions/answers.
for subscription requests.
If you would like to stay informed about new versions and official patches send a subscription request to via:
(this is a readonly list).


  (C)2012-2015, EURid
B-1831 Diegem, Belgium


Gery Van Emelen
Eric Diaz Fernandez


Search for    or go to Top of page |  Section 5 |  Main Index

YADIFA YADIFAD-CONF (5) 2015-08-14

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.