3. Configuration¶
Dino provides a variety of configuration options. Have a quick list through the list to see which ones are relevant to you!
3.1. Location¶
There are multiple ways to set configuration options:
- File
/etc/dino.cfg
, global config - File
~/.dino.cfg
, user config - File
./dino.cfg
, local config - Process Environment (e.g.
$DINO_BASE_DIR
)
They are loaded in the order above; later files overwrite earlier ones.
3.2. File Format¶
Configuration is stored in a simple, non-nested key=value
format. Comments
can be added using #
on dedicated lines. Lines without =
are ignored.
# this is a comment
DINO_BASE_DIR=/opt/dino
DINO_SECRET_KEY = verysecret
3.3. Options¶
3.3.1. DINO_BASE_DIR¶
Existing directory for dino to write internal data to. It must thus be created beforehand and be writeable by the user you use to run dino. It is currently only used to store the SQLite database (if used), but may contain other data in future releases. Note that this directory must not be accssible publicly.
- type: String
- required: no
- default:
.../lib/python3.x/site-packages/dino/
- example:
/opt/dino
3.3.2. DINO_SECRET_KEY¶
Long (>64 chars), random and ascii string of characters. It is used by django to derive crypto keys for cookies and other security-critical applications. Ensure that the string is private at all times. It can be changed without negative effect, if leaked accidentially.
- type: String
- required: yes
- example:
Aixa1ahs1euyo2oopii-Y:eex8sie~d5
This is a stock django setting; refer to the “SECRET_KEY” django docs for more information.
3.3.3. DINO_DEBUG¶
Run dino in development mode. Do not enable this setting in production, as it might leak sensitive information to clients.
- type: Boolean
- required: no
- default:
False
This is a stock django setting; refer to the “DEBUG” django docs for more information.
3.3.4. DINO_ALLOWED_HOSTS¶
List of hostnames under which dino should be accessible at. Accessing dino using a Host:
header not in this list, yields an 400 Bad Request error.
- type: List
- required: yes
- example:
dino.company.com,dino.internal
This is a stock django setting; refer to the “ALLOWED_HOSTS” django docs for more information.
3.3.5. DINO_PDNS_APIURL¶
Full URL to your PowerDNS server API endpoint, including the /api/v1
path.
- type: String
- required: yes
- example:
https://yourpowerdns.com/api/v1
3.3.6. DINO_PDNS_APIKEY¶
PowerDNS API key from pdns.conf.
- type: String
- required: yes
- example:
wooviex7ui0Eiy2Gohth4foovoob5Eip
3.3.7. DINO_LOGIN_PROVIDERS¶
Social login providers to load and offer to users. Please refer to the django-allauth docs for a list of available providers.
- type: List
- required: no
- example:
google,soundcloud
3.3.8. DINO_DB_URL¶
Database to connect to; refer to dj-database-url for information on the URL schema.
- type: String
- required: no
- default:
sqlite:////home/docs/checkouts/readthedocs.org/user_builds/dino/envs/latest/lib/python3.7/site-packages/db.sqlite3
- example:
mysql://dino:password@host/dino
3.3.9. DINO_TRUST_PROXY¶
Whether to trust the information given in the X-Forwarded-Proto
and X-Forwarded-Host
HTTP headers. If dino is behind a reverse proxy, set this to True
. Ensure that your server software is a) setting these headers and b) discards any content provided by clients.
- type: Boolean
- required: no
- default:
False
3.3.10. DINO_HTTPS_ONLY¶
Whether to enforce HTTPS, set HSTS and send cookies on HTTPS only. Recommended, if your setup exposes dino on HTTPS (which, again, is recommended).
- type: Boolean
- required: no
- default:
False
3.3.11. DINO_TIMEZONE¶
Timezone to use for auditing and logging.
- type: String
- required: no
- default:
UTC
- example:
Europ/Berlin
This is a stock django setting; refer to the “TIMEZONE” django docs for more information.
3.3.12. DINO_ENABLE_EMAIL_SIGNUP¶
Whether to let users create permissionless accounts without any prior authentication using username/password. not recommended, refer to User Signup for details.
- type: Boolean
- required: no
- default:
False
3.3.13. DINO_ENABLE_SOCIAL_SIGNUP¶
Whether to let users create permissionless accounts without any prior authentication social login (google, openid, …). not recommended, refer to User Signup for details.
- type: Boolean
- required: no
- default:
False
3.3.14. DINO_VALID_SIGNUP_DOMAINS¶
If DINO_ENABLE_EMAIL_SIGNUP
is enabled, restrict creation of new users to the given domains. Any user, who can receive mail at a whitelisted domain will then be able to create a permissionless account without any prior authentication. Accounts need to be activated by verifiying the email address, though.
- type: List
- required: no
- default:
[]
- example:
company.com,company.internal
3.3.15. DINO_ZONE_DEFAULT_KIND¶
PowerDNS kind to set for new zones, may be Native, Master or Slave. See PowerDNS Docs.
- type: String
- required: no
- default:
Native
- example:
None
3.3.16. DINO_ZONE_DEFAULT_NAMESERVERS¶
List of nameservers to set for new zones.
- type: List
- required: no
- example:
ns1.company.com,ns2.company.com
3.3.17. DINO_ZONE_DEFAULT_MASTERS¶
List of masters to set for new zones.
- type: List
- required: no
- example:
1.3.3.7,1.3.3.8
3.3.18. DINO_USE_DEFAULT_RECORD_TYPES¶
Whether to offer a selection of default record types (A, AAAA, MX, CAA, …) in the GUI, or rely on DINO_CUSTOM_RECORD_TYPES
only.
- type: Boolean
- required: no
- default:
True
3.3.19. DINO_CUSTOM_RECORD_TYPES¶
Additional record types to offer in the GUI. Any record type can be used here, but PowerDNS or secondary DNS servers might not be able to handle them.
- type: List
- required: no
- example:
X25,SPF,DS