allow-dnsupdate-from=
allow-notify-from=
allow-unsigned-notify=no
allow-unsigned-supermaster=no

# keep entries in packet cache for 65s instead of default 20
cache-ttl=65

chroot=
config-dir={{ pdns_dir }}
consistent-backends=yes

daemon=yes
default-ksk-algorithm=ed25519
default-soa-content=ns.{{ int_tld }} admin.{{ tld }} 0 3600 360 604800 120
default-ttl=1200
default-zsk-algorithm=ed25519
disable-axfr=yes
distributor-threads=1
dnsupdate=no	# disable it for now

guardian=yes

local-port=53
logging-facility=1
loglevel=4

master=no

max-cache-entries=50000
max-ent-entries=10000
max-packet-cache-entries=10000
max-queue-length=2500
max-tcp-connections=60

negquery-cache-ttl=60
only-notify=

query-cache-ttl=20
queue-limit=1500

receiver-threads={{ container_cores }}
reuseport=yes
signing-threads={{ container_cores }}
security-poll-suffix=

version-string=anonymous
webserver=no
write-pid=yes



launch=gpgsql

gpgsql-host={{ hostvars['postgres']['ansible_host'] | mandatory }}
gpgsql-port=5432
gpgsql-dbname={{ database_name }}
gpgsql-user={{ database_user }}
gpgsql-password={{ database_password }}
gpgsql-dnssec=yes