DNS/実装/pdns/configについて、ここに記述してください。

/usr/local/etc/recursor.conf

1. pdns.config

#################################
# dnssec        DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate
#
# dnssec=process-no-validate

#################################
# dnssec-log-bogus      Log DNSSEC bogus validations
#
# dnssec-log-bogus=no

dnssec=no

default は　process-no-validate　らしい。

-- ToshinoriMaeno 2018-11-24 23:54:17

1.1. run

# /usr/local/sbin/pdns_recursor 
Nov 25 10:26:05 PowerDNS Recursor 4.1.7 (C) 2001-2018 PowerDNS.COM BV
Nov 25 10:26:05 Using 64-bits mode. Built using gcc 5.4.0 20160609 on Nov 14 2018 19:18:35 by tmaeno@u16.04.
Nov 25 10:26:05 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Nov 25 10:26:05 Reading random entropy from '/dev/urandom'
Nov 25 10:26:05 If using IPv6, please raise sysctl net.ipv6.route.max_size, currently set to 4096 which is < 16384
Nov 25 10:26:05 NOT using IPv6 for outgoing queries - set 'query-local-address6=::' to enable
Nov 25 10:26:05 Only allowing queries from: 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10
Nov 25 10:26:05 Will not send queries to: 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, ::ffff:0:0/96, 100::/64, 2001:db8::/32, 0.0.0.0, ::
Nov 25 10:26:05 PowerDNS Recursor itself will distribute queries over threads
Nov 25 10:26:05 Inserting rfc 1918 private space zones
Nov 25 10:26:05 Listening for UDP queries on 127.0.0.2:53
Nov 25 10:26:05 Enabled TCP data-ready filter for (slight) DoS protection
Nov 25 10:26:05 Listening for TCP queries on 127.0.0.2:53
Nov 25 10:26:05 Raised soft limit on number of filedescriptors to 4121 to match max-mthreads and threads settings
Nov 25 10:26:05 Launching 3 threads
Nov 25 10:26:05 Done priming cache with root hints
Nov 25 10:26:05 Done priming cache with root hints
Nov 25 10:26:05 Done priming cache with root hints
Nov 25 10:26:05 Enabled 'epoll' multiplexer
Nov 25 10:26:05 Done priming cache with root hints

1.2. log 関係

$ grep log recursor.conf
# api-logfile   Location of the server logfile (used by the REST API)
# api-logfile=/var/log/pdns.log
# disable-syslog        Disable logging to syslog, useful when running inside a supervisor that logs stdout
# disable-syslog=no
# dnssec        DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate
# dnssec-log-bogus      Log DNSSEC bogus validations
# dnssec-log-bogus=no
# log-common-errors     If we should log rather common errors
# log-common-errors=no
# log-rpz-changes       Log additions and removals to RPZ zones at Info level
# log-rpz-changes=no
# log-timestamp Print timestamps in log lines, useful to disable when running with a tool that timestamps stdout already
# log-timestamp=yes
# logging-facility      Facility to log messages as. 0 corresponds to local0
# logging-facility=
# loglevel      Amount of logging. Higher is more. Do not set below 3
# loglevel=6
# quiet Suppress logging of questions and answers
# trace if we should output heaps of logging. set to 'fail' to only log failing domains
tmaeno@u16:/usr/local/etc$ 
tmaeno@u16:/usr/local/etc$ 
tmaeno@u16:/usr/local/etc$ grep log recursor.conf
# api-logfile   Location of the server logfile (used by the REST API)
# api-logfile=/var/log/pdns.log
# disable-syslog        Disable logging to syslog, useful when running inside a supervisor that logs stdout
# disable-syslog=no
# dnssec        DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate
# dnssec-log-bogus      Log DNSSEC bogus validations
# dnssec-log-bogus=no
# log-common-errors     If we should log rather common errors
# log-common-errors=no
# log-rpz-changes       Log additions and removals to RPZ zones at Info level
# log-rpz-changes=no
# log-timestamp Print timestamps in log lines, useful to disable when running with a tool that timestamps stdout already
# log-timestamp=yes
# logging-facility      Facility to log messages as. 0 corresponds to local0
# logging-facility=
# loglevel      Amount of logging. Higher is more. Do not set below 3
# loglevel=6
# quiet Suppress logging of questions and answers
# trace if we should output heaps of logging. set to 'fail' to only log failing domains