# ignore-unknown-settings	Configuration settings to ignore if they are unknown
ignore-unknown-settings=false

# allow-from	If set, only allow these comma separated netmasks to recurse
allow-from=127.0.0.0/8, ::1/128, 2a06:5840::/29, 185.110.148.0/22, 151.216.128.0/17, 88.92.0.0/17

#################################
# config-dir	Location of configuration directory (recursor.conf)
config-dir=/etc/powerdns

#################################
# dnssec	DNSSEC mode: off/process-no-validate/process (default)/log-fail/validate
#
dnssec=validate

#################################
# dnssec-log-bogus	Log DNSSEC bogus validations
dnssec-log-bogus=yes

#################################
# hint-file	If set, load root hints from this file
hint-file=/usr/share/dns/root.hints

#################################
# include-dir	Include *.conf files from this directory
include-dir=/etc/powerdns/recursor.d

#################################
# local-address	IP addresses to listen on, separated by spaces or commas. Also accepts ports.
local-address=185.110.148.132,2a06:5841:f:e::132

# query-local-address Send out local queries from this address, or addresses.
query-local-address=185.110.148.130,185.110.148.131,2a06:5841:f:e::130,2a06:5841:f:e::131

# local-port	port to listen on
local-port=53

# loglevel	Amount of logging. Higher is more. Do not set below 3
loglevel=4

# lua-config-file	More powerful configuration options
lua-config-file=/etc/powerdns/recursor.lua

# quiet	Suppress logging of questions and answers
quiet=yes

# serve-rfc1918	If we should be authoritative for RFC 1918 private IP space
serve-rfc1918=yes

# setgid	If set, change group id to this gid for more security. When running inside systemd, use the User and Group settings in the unit-file!
setgid=pdns

# setuid	If set, change user id to this uid for more security. When running inside systemd, use the User and Group settings in the unit-file!
setuid=pdns

# threads	Launch this number of threads
# threads=2

# webserver-address	IP Address of webserver to listen on
# webserver-address=127.0.0.1

# webserver-allow-from	Webserver access is only allowed from these subnets
# webserver-allow-from=127.0.0.1,::1

# webserver-password	Password required for accessing the webserver
# webserver-password=

# webserver-port	Port of webserver to listen on
# webserver-port=8082
#
#
socket-mode = 770