.\" Copyright (c) 2014-2021 Peter J. Philipp
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote products
.\"    derived from this software without specific prior written permission
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd January 7, 2021
.Dt DELPHINUSDNS.CONF 5
.Os 
.Sh NAME
.Nm delphinusdns.conf
.Nd the delphinus DNS daemon configuration file
.Sh DESCRIPTION
The 
.Xr delphinusdnsd 8
has a default configfile it is called
.Nm
and it is found in /var/delphinusdnsd/etc.  You may wonder why there is a 
missing d, so I ask you to look up 
.Xr syslogd 8
and
.Xr syslog.conf 5
which also drop the d in the config file.  This follows that name convention.
.Sh EXAMPLES
Here is a sample 
.Nm
file:
.Bd -literal
version "1";
options "cool stuff" {
	interface "lo0";
	interface "em0";

	;bind 127.0.0.1;
	;bind 192.168.34.4;

	ratelimit-pps 6;

	port 53;

	;fork 2;
	log;
	;dnssec;
	;tcp-on-any-only;
}

axfrport "10053";

axfr-for "these hosts" {
	127.0.0.1;
	::1;
	192.168.0.0/16;
}

mzone "centroid.eu" {
	zonename "centroid.eu";
	notifydest 192.168.34.1 NOKEY;
	notifydest ::1 port 8053 NOKEY;
}

zone "centroid.eu" {
	centroid.eu,soa,3600,ns1.centroid.eu.,hostmaster.centroid.eu.,2019111901,3600,1800,7200,3600
	centroid.eu,ns,3600,somenameserver.delphinusdns.org.
	centroid.eu,ns,3600,anothernameserver.delphinusdns.org.
	; all lines in zone start with domainname, RR Type, RR TTL, RDATA
	centroid.eu,a,3600,127.0.0.1
	centroid.eu,a,3600,10.0.0.10
}
.Ed
Here is a sample 
.Nm
file suited for DNSSEC:
.Bd -literal
version "1";
options "some options" {
        ratelimit-pps 12;
        bind 127.0.0.1;
        bind ::1;
        bind 10.110.99.87;
        port 32253;
        log;
        dnssec;
        versionstring "delphinusdnsd 1.5.0";
}
axfr-for "these hosts" {
        ::1/128;
        127.0.0.1/32;
        10.110.99.88/32;
}

axfrport "10053";

mzone "centroid.eu" {
	zonename "centroid.eu";
	notifydest 10.1110.99.88 NOKEY;
	notifydest ::1 port 8053 NOKEY;
}
 

zinclude "/var/delphinusdnsd/master/centroid.eu.signed";

.Ed
Then the included files are output of
.Xr dddctl 8
.Pp
A forwarding-only config may look like this:
.Bd -literal
version "1";

options "this mess" {
        interface "em0";
        interface "lo0";
        port 8053;
        versionstring "";
        dnssec;
}

tsig-auth secret "9qD4Qi4ghqFR1xm0fIwGF9t0aLx+SZWVEPAqEvysZFg=";
tsig "these hosts" {
        0.0.0.0/0;
}

forward "to these hosts" {
        incoming-tsig yes;
        destination 127.0.0.1 port 5353 key NOKEY;
}
.Ed
.Pp
Finally below is a sample replicant 
.Nm
as taken from a 
.Xr delphinusdnsd 
with only one zone:
.Bd -literal
version "1";

options "arrowhead" {
        ratelimit-pps 12;
        interface "lo0";
        interface "vio0";
        port 53;
        log;
        dnssec;
        versionstring "delphinusdnsd-20191103";
}

include "/var/delphinusdnsd/etc/delphinusdns.tsig";

rzone "ip6.centroid.eu." {
	constraints 600, 600, 600;
	bytelimit 65536;
	; do make sure you have a tsig "" {} for this
        tsigkey "pass";
        masterport 10053;
        master 2a01:4f8:162:e700:881c:fe60:3582:f49c;
        zonename "ip6.centroid.eu.";
        filename "/var/delphinusdnsd/replicant/ip6.centroid.eu.repl";
}

.Ed
Notice the /var/delphinusdnsd/replicant/ directory, this is a hardcoded path.
.Sh GRAMMAR
Syntax for 
.Nm
in BNF:
.Bd -literal
line = ( 	version | axfrport | include | zinclude | zone | region | 
		axfr | mzone | passlist | filter | recurse | comment | 
		options | forward | rzone | tsig | tsig-auth |
		tsigpassname )

version = "version" ("number") ;

axfrport = "axfrport" ("port number") ; 

include = "include" ("filename") ; 

zinclude = "zinclude" ("filename") ;

hostname = string
zone = "zone" ("hostname") [ "{" zonedata "}" ]
zonedata = { [hostname] [ "," dnstype] [ "," ttl ] ["," variablednsdata] }
dnstype = ( 	"a" | "aaaa" | "caa" | "cname" | "dnskey" | "ds" | "hinfo" | 
		"hint" | "mx" | "naptr" | "ns" | "nsec3" | "nsec3param" | 
		"ptr" | "rp" | "rrsig" | "soa" | "srv" | "sshfp" | "tlsa" | 
		"txt" )

ttl = number

region = "region" ("string") [ "{" cidrlist "}"


cidrlist = { [ cidr-address ] ; ... }

axfr = "axfr-for" ("string") [ "{" cidrlist "}" ]

mzonelist = ( optzonename | optnotifydest | optnotifybind )
optzonename = "zonename" ("string") ;
optnotifydest = "notifydest" cidr-address ["port number"] "tsigkey" ;
optnotifybind = "notifybind" cidr-address ;

mzone = "mzone" ("string") [ "{" mzonelist "}" ]

passlist = "passlist" ("string") [ "{" cidrlist "}" ]

filter = "filter" ("string") [ "{" cidrlist "}" ]

recurse = "recurse-for" ("string") [ "{" cidrlist "}" ]

base64-string = (string)
tsig-auth = "tsig-auth" (string) ("base64-string") ;
tsig = "tsig" ("string") [ "{" cidrlist "}" ]
tsigpassname = "tsigpassname" ("string") [ "{" ("hostname") "}" ]

rzone = "rzone" ("string") [ "{" rzonelist "}" ]
rzonelist = ( opttsig | optmaster | optmasterport | optrzonename | 
		optfilename | optconstraints | optbytelimit )

opttsig = "tsigkey" ("string") ;
optmaster = "master" ("cidr-address") ;
optmasterport = "masterport"  (number) ;
optrzonename = "zonename" ("string") ;
optfilename = "filename" ("string") ;
optconstraints = "constraints" (number), (number), (number) ;
optbytelimit = "bytelimit" (number) ;


forward = "forward" ("string") [ "{" forwardlist "}" ]
forwardlist = ( optdestination | optstrictx20 | optcache | optincomingtsig |
			optfudge )

optdestination = "destination" ("cidr-address") "port" ("integer") "key" 
			(string | "NOKEY") ;
optstrictx20 = "strictx20" ("yes" | "no") ;
optcache =  "cache" ("yes" | "no") ;
optincomingtsig = "incoming-tsig" ("yes" | "no") ;
optfudge = "fudge" (number) ;

comment = ( ; | pound ) line

options = "options" ("string") [ "{" optionlist "}" ]
optionlist = ( optrecurse | optinterface | optfork | optport | 
		optratelimit | optbind | optdnssec | opttcponanyonly |
		optmaxudppayload)
optrecurse = "recurse" ;
optinterface = "interface" ("string") ;
optfork = "fork" number ; 
optratelimit = "ratelimit-pps" number ; 
optbind = "bind" cidr-address ;
optdnssec = "dnssec" ; 
opttcponanyonly = "tcp-on-any-only" ;
optmaxudppayload = "max-udp-payload" number ;

.Ed
.Sh FILES
.Pa /var/delphinusdnsd/etc/delphinusdns.conf
.Sh SEE ALSO
.Xr dddctl 8 , 
.Xr delphinusdnsd 8
.Sh AUTHORS
This software and manual was written by
.An Peter J. Philipp Aq petphi@delphinusdns.org