NAME
avahi-daemon.conf - avahi-daemon configuration file
SYNOPSIS
/etc/avahi/avahi-daemon.conf
DESCRIPTION
avahi-daemon.conf is the configuration file for avahi-daemon.
SECTION [SERVER]
host-name=
Set the host name avahi-daemon tries to register on the LAN.
If omited defaults to the system host name as set with the
sethostname() system call.
host-name-from-machine-id= Takes a boolean value
("yes" or "no"). If
set to "yes" avahi-daemon will use the machine-id
as name on the LAN.
domain-name= Set the default domain name avahi-daemon
tries to register
its host name and services on the LAN in. If omitted
defaults to
".local".
browse-domains= Set a comma separated list of browsing
domains (in
addition to the default one and those announced inside the
default
browsing domain). Please note that the user may specify
additional
browsing domains on the client side, either by setting
$AVAHI_BROWSE_DOMAINS to a list of colon separated domains
or by adding
them to the XDG config file
~/.config/avahi/browse-domains (separated
by newlines).
use-ipv4= Takes a boolean value ("yes" or
"no"). If set to "no"
avahi-daemon will not use IPv4 sockets. Default is
"yes".
use-ipv6= Takes a boolean value ("yes" or
"no"). If set to "no"
avahi-daemon will not use IPv6 sockets. Default is
"yes".
allow-interfaces= Set a comma separated list of allowed
network
interfaces that should be used by the avahi-daemon. Traffic
on other
interfaces will be ignored. If set to an empty list all
local
interfaces except loopback and point-to-point will be used.
deny-interfaces= Set a comma separated list of network
interfaces that
should be ignored by avahi-daemon. Other not specified
interfaces will
be used, unless allow-interfaces= is set. This option
takes precedence
over allow-interfaces=.
check-response-ttl= Takes a boolean value
("yes" or "no"). If set to
"yes", an additional security check is activated:
incoming IP packets
will be ignored unless the IP TTL is 255. Earlier mDNS
specifications
required this check. Since this feature may be incompatible
with newer
implementations of mDNS it defaults to "no". On
the other hand it
provides extra security.
use-iff-running= Takes a boolean value ("yes"
or "no"). If set to "yes"
avahi-daemon monitors the IFF_RUNNING flag bit which is used
by some
(modern) network drivers to tell user space if a network
cable is
plugged in (in case of copper ethernet), or the network card
is
associated with some kind of network (in case of WLAN). If
IFF_RUNNING
is set avahi-daemon will automatically announce its services
on that
network. Unfortunately far too many network drivers do not
support this
flag or support it in a broken way. Therefore this option
defaults to
"no".
enable-dbus= Takes either "yes",
"no" or "warn". If set to
"yes"
avahi-daemon connects to D-Bus, offering an object oriented
client API.
It is only available if Avahi has been compiled with
--enable-dbus in
which case it defaults to "yes". "warn"
behaves like "yes", but the
daemon starts up even when it fails to connect to a D-Bus
daemon. In
addition, if the connection to the D-Bus daemon is
terminated we try to
reconnect. (Unless we are in a chroot() environment where
this
definitely will fail.)
disallow-other-stacks= Takes a boolean value
("yes" or "no"). If set to
"yes" no other process is allowed to bind to UDP
port 5353. This
effectively impedes other mDNS stacks from running on the
host. Use
this as a security measure to make sure that only Avahi is
responsible
for mDNS traffic. Please note that we do not recommend
running multiple
mDNS stacks on the same host simultaneously. This hampers
reliability
and is a waste of resources. However, to not annoy people
this option
defaults to "no".
allow-point-to-point= Takes a boolean value
("yes" or "no"). If set to
"yes" avahi-daemon will make use of interfaces
with the POINTOPOINT
flag set. This option defaults to "no" as it might
make mDNS unreliable
due to usually large latencies with such links and opens a
potential
security hole by allowing mDNS access from Internet
connections. Use
with care and YMMV!
cache-entries-max= Takes an unsigned integer specifying
how many
resource records are cached per interface. Bigger values
allow mDNS
work correctly in large LANs but also increase memory
consumption.
clients-max= Takes an unsigned integer. The maximum
number of
concurrent D-Bus clients allowed. If the maximum number is
reached
further clients will be refused until at least one existing
client
disconnects.
objects-per-client-max= Takes an unsigned integer. The
maximum number
of objects (entry groups, browsers, resolvers) that may be
registered
per D-Bus client at a time. If the maximum number is reached
further
object creation will be refused until at least one object is
freed.
entries-per-entry-group-max= Takes an unsigned integer.
The maximum
number of entries (resource records) per entry group
registered by a
D-Bus client at a time. If the maximum number is reached
further
resource records may not be added to an entry group.
ratelimit-interval-usec= Takes an unsigned integer. Sets
the
per-interface packet rate-limiting interval parameter.
Together with
ratelimit-burst= this may be used to control the maximum
number of
packets Avahi will generated in a specific period of time on
an
interface.
ratelimit-burst= Takes an unsigned integer. Sets the
per-interface
packet rate-limiting burst parameter. Together with
ratelimit-interval-usec= this may be used to control the
maximum number
of packets Avahi will generated in a specific period of time
on an
interface.
SECTION [WIDE-AREA]
enable-wide-area=
Takes a boolean value ("yes" or "no").
Enable
wide-area DNS-SD, aka DNS-SD over unicast DNS. If this is
enabled only
domains ending in .local will be resolved on mDNS, all other
domains
are resolved via unicast DNS. If you want to maintain
multiple
different multicast DNS domains even with this option
enabled we
encourage you to use subdomains of .local, such as
"kitchen.local".
This option defaults to "yes".
SECTION [PUBLISH]
disable-publishing=
Takes a boolean value ("yes" or "no").
If set to
"yes", no record will be published by Avahi, not
even address records
for the local host. Avahi will be started in a querying-only
mode. Use
this is a security measure. This option defaults to
"no"
disable-user-service-publishing= Takes a boolean value
("yes" or "no").
If set to "yes", Avahi will still publish address
records and suchlike
but will not allow user applications to publish services.
Use this is a
security measure. This option defaults to "no"
add-service-cookie= Takes a boolean value
("yes" or "no"). If set to
"yes" an implicit TXT entry will be added to all
locally registered
services, containing a cookie value which is chosen randomly
on daemon
startup. This can be used to detect if two services on two
different
interfaces/protocols are actually identical. Defaults to
"no".
publish-addresses= Takes a boolean value
("yes" or "no"). If set to
"yes" avahi-daemon will register mDNS address
records for all local IP
addresses. Unless you want to use avahi-daemon exclusively
for browsing
it’s recommended to enable this. If you plan to
register local services
you need to enable this option. Defaults to "yes".
publish-hinfo= Takes a boolean value ("yes" or
"no"). If set to "yes"
avahi-daemon will register an mDNS HINFO record on all
interfaces which
contains information about the local operating system and
CPU, which
might be useful for administrative purposes. This is
recommended by the
mDNS specification but not required. For the sake of privacy
you might
choose to disable this feature. Defaults to "no".
publish-workstation= Takes a boolean value
("yes" or "no"). If set to
"yes" avahi-daemon will register a service of type
"_workstation._tcp"
on the local LAN. This might be useful for administrative
purposes
(i.e. browse for all PCs on the LAN), but is not required or
recommended by any specification. Newer MacOS X releases
register a
service of this type. Defaults to "no".
publish-domain= Takes a boolean value ("yes"
or "no"). If set to "yes"
avahi-daemon will announce the locally used domain name (see
above) for
browsing by other hosts. Defaults to "yes".
publish-dns-servers= Takes a comma separated list of IP
addresses for
unicast DNS servers. You can use this to announce unicast
DNS servers
via mDNS. When used in conjunction with avahi-dnsconfd on
the client
side this allows DHCP-like configuration of unicast DNS
servers.
publish-resolv-conf-dns-servers= Takes a boolean value
("yes" or "no").
If set to "yes" avahi-daemon will publish the
unicast DNS servers
specified in /etc/resolv.conf in addition to those
specified with
publish-dns-servers. Send avahi-daemon a SIGHUP to have
it reload this
file. Defaults to "no".
publish-aaaa-on-ipv4= Takes a boolean value
("yes" or "no"). If set to
"yes" avahi-daemon will publish an IPv6 AAAA
record via IPv4, i.e. the
local IPv6 addresses can be resolved using an IPv4
transport. Only
useful when IPv4 is enabled with use-ipv4=true.
Defaults to "yes".
publish-a-on-ipv6= Takes a boolean value
("yes" or "no"). If set to
"yes" avahi-daemon will publish an IPv4 A record
via IPv6, i.e. the
local IPv4 addresses can be resolved using an IPv6
transport. Only
useful when IPv6 is enabled with use-ipv6=true.
Defaults to "no".
SECTION [REFLECTOR]
enable-reflector=
Takes a boolean value ("yes" or "no").
If set to
"yes" avahi-daemon will reflect incoming mDNS
requests to all local
network interfaces, effectively allowing clients to browse
mDNS/DNS-SD
services on all networks connected to the gateway. The
gateway is
somewhat intelligent and should work with all kinds of mDNS
traffic,
though some functionality is lost (specifically the unicast
reply bit,
which is used rarely anyway). Make sure to not run multiple
reflectors
between the same networks, this might cause them to play
Ping Pong with
mDNS packets. Defaults to "no".
reflect-ipv= Takes a boolean value ("yes" or
"no"). If set to "yes" and
enable-reflector is enabled, avahi-daemon will forward
mDNS traffic
between IPv4 and IPv6, which is usually not recommended.
Defaults to
"no".
reflect-filters= Set a comma separated list of allowed
service names to
be reflected. Each service that is seen must match an entry
in this
list to be reflected to other networks. This list can match
the type of
service or the name of the machine providing the service.
Defaults to
allowing all services.
SECTION [RLIMITS]
This section is
used to define system resource limits for the daemon. See
setrlimit(2) for more information. If any of the
options is not specified in the configuration file,
avahi-daemon does not change it from the system defaults.
rlimit-as= Value in bytes for RLIMIT_AS (maximum size of
the process’s
virtual memory). Sensible values are heavily system
dependent.
rlimit-core= Value in bytes for RLIMIT_CORE (maximum
core file size).
Unless you want to debug avahi-daemon, it is safe to set
this to 0.
rlimit-data= Value in bytes for RLIMIT_DATA (maximum
size of the
process’s data segment). Sensible values are heavily
system dependent.
rlimit-fsize= Value for RLIMIT_FSIZE (maximum size of
files the process
may create). Since avahi-daemon shouldn’t write any
files to disk, it
is safe to set this to 0.
rlimit-nofile= Value for RLIMIT_NOFILE (open file
descriptors).
avahi-daemon shouldn’t need more than 15 to 20 open
file descriptors
concurrently.
rlimit-stack= Value in bytes for RLIMIT_STACK (maximum
size of the
process stack). Sensible values are heavily system
dependent.
rlimit-nproc= Value for RLIMIT_NPROC (max number of
processes a user
can launch). avahi-daemon forks of a helper process on
systems where
chroot(2) is available therefore this value should not
be set below 2.
Note that while the process limit only applies to this
process, the
total count of processes to reach that limit includes all
processes on
the system with the same UID, including any containers
without UID
remapping (such as lxd containers with
security.privileged=true). The
default configuration of 3 was removed to prevent problems
in this
scenario.
AUTHORS
The Avahi Developers <avahi (at) lists (dot) freedesktop (dot) org>; Avahi is available from http://avahi.org/
SEE ALSO
avahi-daemon(8), avahi-dnsconfd(8)
COMMENTS
This man page was written using xml2man(1) by Oliver Kurth.