Configuration Reference

Technical reference for process environment parameters and persisted live config fields. This page describes what each parameter does in the implementation.

Deployment Parameters

Deployment parameters are read from environment variables during process startup.

ParameterTypeDefaultEffect
BIND_HOSTstring0.0.0.0Bind address used when starting the DNS UDP/TCP listeners and the HTTP API listener.
DNS_PORTstring:2053Port or host-port suffix used for the authoritative DNS UDP/TCP listeners.
API_PORTstring:8053Port or host-port suffix used for the HTTP API listener.
STORAGE_BACKENDstringbadgerSelects the storage implementation passed to storage.Init; currently badger is the implemented backend.
POSTGRES_DSNstringhost=localhost port=5432 user=postgres password=postgres dbname=go53 sslmode=disableStored in base config for a Postgres backend; current storage initialization does not enable Postgres.
BADGER_DIRstring/data/go53Filesystem directory opened by the Badger storage backend.
ADMIN_SOCKETstring/run/go53/admin.sockPath to the local admin Unix socket serving the full API gated by filesystem permissions instead of API tokens (break-glass local admin). Empty disables it.
ADMIN_SOCKET_GROUPstringgo53_adminOS group granted access to the admin socket (mode 0660). A missing group falls back to owner-only access.

Runtime Parameters

Runtime parameters are persisted in the config table and exposed through GET/PATCH /api/config. Secret-bearing fields such as auth.x_auth_key are not returned by GET /api/config and must be managed through the local admin socket.

JSON pathTypeDefaultEffect
log_levelstringinfoRuntime log level value stored in config and returned by the config API.
modestringprimarySelects primary, secondary, or distributed behavior for mutation blocking, NOTIFY/transfer behavior, DNSSEC signing paths, and distributed replication enablement.
allow_transferstring127.0.0.1Comma-separated client address allowlist used for AXFR/IXFR authorization and NOTIFY target selection.
allow_recursionboolfalseReserved runtime flag for recursion behavior; go53 query handling is authoritative-focused.
dnssec_enabledbooltrueEnables DNSSEC signing/material generation paths for authoritative answers and zone mutation maintenance when the node is not secondary.
default_ttlint seconds3600Fallback TTL used when records or generated DNSSEC records do not carry an explicit TTL.
versionstringgo53 1.0.1Version string returned in CHAOS/version handling and distributed node discovery/status.
max_udp_sizeint bytes1232Configured EDNS UDP payload size limit for DNS responses.
enable_ednsbooltrueControls whether EDNS handling is enabled in DNS responses.
rate_limit_qpsint0Max queries per second per source IP (token bucket, burst equal to this value). 0 (default) disables it. Only UDP queries are limited; TCP, AXFR/IXFR and NOTIFY are exempt. Over-limit queries are dropped silently. Up to 100000 source IPs are tracked to bound memory; idle entries are reclaimed about 10 minutes after a source goes quiet.
allow_axfrboolfalseAllows AXFR/IXFR response handling when client allowlist and TSIG policy also pass.
default_nsstringns1.go53.local.Default nameserver value used by helper logic that needs an NS name when zone data does not provide one.
enforce_tsigboolfalseRequires valid TSIG on DNS requests in TSIG validation paths and on AXFR/IXFR when enabled.
wal_retention_daysint days14How long go53 retains internal WAL events in storage for backup/restore. 0 keeps them indefinitely; external WAL archives written by go53ctl backup wal-follow are operator-managed. See Backup & Restore.
max_restore_bytesint bytes1073741824Upper bound on a restore upload (full backup or WAL), since restore reads the file into memory. 0 disables the cap. Raise it before restoring a backup larger than 1 GiB.
any_query_policystringhinfoAuthoritative ANY-query policy. hinfo returns a minimal RFC 8482-style HINFO answer; refuse returns REFUSED.
unknown_zone_policystringrefusedResponse policy for names outside all loaded authoritative zones. Default is non-authoritative REFUSED.

Authentication Parameters

The TCP admin API is gated by auth.mode. The local Unix admin socket bypasses API-token authentication and is controlled by filesystem permissions; use it for break-glass administration and for setting the API key.

JSON pathTypeDefaultEffect
auth.modestringdisabledControls TCP API access. disabled returns 503, none allows unauthenticated TCP API access, x-auth-key requires a valid static key, and oidc is reserved.
auth.x_auth_keystring""Static base62 API key used when auth.mode=x-auth-key. It must match ^[A-Za-z0-9]{48,}$. If unset or invalid, the TCP API returns 403.
auth.oidc_issuerstring""Reserved OIDC issuer URL.
auth.oidc_audiencestring""Reserved OIDC audience/client id.
auth.oidc_jwks_urlstring""Reserved JWKS endpoint override.

Set or inspect the key locally with go53ctl config set xauth_key --generate, go53ctl config set xauth_key VALUE, and go53ctl config get xauth_key. TCP clients authenticate with X-Auth-Key: VALUE.

Primary Parameters

JSON pathTypeDefaultEffect
primary.notify_debounce_msint milliseconds2000Delay used to coalesce NOTIFY sends after zone record changes.
primary.ipstring127.0.0.1Primary DNS address used by secondary transfer logic.
primary.portint53Primary DNS port used by secondary transfer logic.

Secondary Parameters

JSON pathTypeDefaultEffect
secondary.fetch_debounce_msint milliseconds3000Delay used to coalesce secondary AXFR/IXFR fetch scheduling.
secondary.min_fetch_interval_secint seconds10Minimum interval between transfer fetches for the same zone.
secondary.max_parallel_fetchesint5Maximum number of concurrent secondary zone fetches.
secondary.catalog_enabledboolfalseMaintains and follows an RFC 9432 catalog zone for dynamic secondary member-zone discovery.
secondary.catalog_zonestring_catalog.go53.Catalog zone name used as the secondary bootstrap catalog and primary-side member list.

DNSSEC Policy Parameters

DNSSEC rollover key generation supports RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, and ED25519 (ED25519 is the default). Legacy SHA-1 and DSA algorithms, ECC-GOST, and ED448 are not supported for go53-generated signing keys; see the DNSSEC guide for the full algorithm table and rationale.

JSON pathTypeDefaultEffect
dnssec.validity_secondsint seconds604800RRSIG validity window for non-DNSKEY RRsets.
dnssec.dnskey_validity_secondsint seconds1209600RRSIG validity window for DNSKEY RRsets.
dnssec.refresh_before_secondsint seconds86400Remaining validity threshold that marks an existing RRSIG as needing refresh.
dnssec.jitter_secondsint seconds3600Deterministic per-signature refresh offset used to spread RRSIG refresh timing.
dnssec.inception_skew_secondsint seconds3600Amount by which signature inception is backdated to tolerate clock skew.

Distributed Parameters

JSON pathTypeDefaultEffect
distributed.node_idstring""Stable local node identity used for event origin, vector-clock keys, HELLO proof, node discovery, and generated TLS certificate identity.
distributed.peersstring""Comma-separated peer endpoints used by distributed outbound workers and resync logic.
distributed.transportstringhttpSelects distributed transport behavior; supported values are http, tcp, tls, and mtls.
distributed.sync_bind_hoststring0.0.0.0Bind address used by the persistent distributed sync listener.
distributed.sync_portstring:53530Port or host-port suffix used by the persistent distributed sync listener and local discovery endpoint.
distributed.private_keystring""Base64 Ed25519 private key used for event signatures, HELLO challenge proof, public key derivation, and automatic TLS certificate generation.
distributed.peer_public_keysobject{}Map of trusted peer node_id to base64 Ed25519 public key used for event signature verification, HELLO verification, and TLS certificate public key pinning.
distributed.push_timeout_msint milliseconds2000Timeout used by distributed HTTP client paths, socket peer workers, vector fetches, event delivery, and Merkle repair requests.
distributed.resync_interval_sint seconds30Interval for background distributed resync, vector comparison, and Merkle integrity repair.

Storage Shape

Storage key/tableTypeEffect
config/{top-level-json-field}JSON valueEach top-level live config field is persisted separately under the config table and merged with defaults at startup.
zones/{zone}JSON zone dataPersistent zone storage loaded into the in-memory zone store during server startup.
distributed-events/{event-id}JSON eventDistributed event log used for vector comparison, replay, and repair.
distributed-vector/{node-id}JSON integerPersisted local vector-clock state for distributed replication.
distributed-entities/{entity}JSON entity clockPer-entity conflict metadata used by distributed event dominance checks.
distributed_invites/{jti}JSON invite recordStored cluster invite usage state consumed when a pending join is approved, auto-accepted, or manually accepted.
distributed_join_requests/{node-id}JSON join requestPending self-registration requests submitted over the distributed sync endpoint.

This page is a parameter reference. Operational setup examples live in the Guides.