# This is an example deadwood rc file 
# Note that comments are started by the hash symbol

bind_address="127.0.0.1" # IP we bind to

# The following line is disabled by being commented out
#bind_address="::1" # We have optional IPv6 support

chroot_dir = "/etc/deadwood" # Directory we run program from (not used in Win32)

# The following upstream DNS servers are Google's public DNS servers.
# For more information, see https://code.google.com/speed/public-dns/
#
# These IPs can be changed to the IPs of any recursive DNS servers that
# can be reached from the computer running Deadwood.
#
# These are commented out; if upstream_servers is not set, Deadwood will
# use QUAD9 recursive DNS server
#upstream_servers = {}
#upstream_servers["."]="8.8.8.8, 8.8.4.4" # Servers we connect to

# It is also possible to use ICANN root servers, as follows
#root_servers = {}
# ICANN DNS root servers 
#root_servers["."]="198.41.0.4, 199.9.14.201, 192.33.4.12, 199.7.91.13,"
#root_servers["."]+="192.203.230.10, 192.5.5.241, 192.112.36.4, "
#root_servers["."]+="198.97.190.53, 192.36.148.17, 192.58.128.30, "
#root_servers["."]+="193.0.14.129, 199.7.83.42, 202.12.27.33"

recursive_acl = "127.0.0.1/16" # Who is allowed to use the cache

maxprocs = 2048 # Maximum number of pending requests
handle_overload = 1 # Send SERVER FAIL when overloaded

maradns_uid = 99 # UID Deadwood runs as
maradns_gid = 99 # GID Deadwood runs as

maximum_cache_elements = 60000

# If you want to read and write the cache from disk, make sure chroot_dir 
# above is readable and writable by the maradns_uid/gid above, and 
# uncomment the following line
#cache_file = "cache/dw_cache"

# The following line tells deadwood to fetch an expired record if it's 
# impossible to connect to any nameservers
resurrections = 1

# By default, for security reasons, Deadwood does not allow IPs in the
# 192.168.x.x, 172.[16-31].x.x, 10.x.x.x, 127.x.x.x, 169.254.x.x,
# 224.x.x.x, or 0.0.x.x range.  If using Deadwood to resolve names
# on an internal network, uncomment the following line:
#filter_rfc1918 = 0

# We can have given names resolve to bogus IPv4 addresses.  Here, we
# have the name "maradns.foo" resolve to "10.10.10.10" and "kabah.foo"
# resolve to "10.11.11.11", regardless of what real values these DNS
# records may have.  Note that a given name can only resolve to a
# single IP, and that the records have a fixed TTL of 30 seconds.
ip4 = {}
ip4["maradns.foo."] = "10.10.10.10"
ip4["kabah.foo."] = "10.11.11.11"
# Blacklist a bad site; this blocks resolution for both IPv4 and IPv6
ip4["phish.example.com."] = "X"

# We can also use a similar syntax to have bogus IPv6 addresses.
# We don't use standard notation for IPv6 addresses.  Instead, we
# we use 32-character hex addresses (case insensitive); to make
# it easier to count long strings of "0"s, the "_" acts like a 0
ip6 = {}
ip6["maradns.foo."] = "20010db84d617261444e530000001234"
ip6["kabah.foo."] = "2001_DB84D617261444E5300__002345"

