dnsdist - dnsdist
- tool to balance DNS queries over downstream servers
dnsdist [<option>…] [address]…
receives DNS queries and relays them to one or more downstream
servers. It subsequently sends back responses to the original requestor.
operates over TCP and UDP, and strives to deliver very high
performance over both.
Currently, queries are sent to the downstream server with the least outstanding
queries. This effectively implies load balancing, making sure that slower
servers get less queries.
If a reply has not come in after a few seconds, it is removed from the queue,
but in the short term, timeouts do cause a server to get less traffic.
IPv4 and IPv6 operation can be mixed and matched, in other words, queries coming
in over IPv6 could be forwarded to IPv4 and vice versa.
is scriptable in Lua, see the dnsdist documentation for more
information on this.
does not ‘think’ about DNS queries, it restricts
itself to measuring response times and error codes and routing questions
accordingly. It comes with a very high performance packet-cache.
The goal for dnsdist is to remain simple. If more powerful loadbalancing is
required, dedicated hardware or software is recommended. Linux Virtual Server
for example is often mentioned.
- -a <netmask>, --acl <netmask>
- Add netmask to the ACL.
- -C <file>, --config <file>
- Load configuration from file.
- Test the configuration file (which may be set with
–config or -C) for errors. dnsdist will show the
errors and exit with a non-zero exit-code when errors are found.
- -c <address>, --client <address>
- Operate as a client, connect to dnsdist. This will read the
dnsdist configuration for the controlSocket statement and connect
to it. When address (with an optional port number) is set, dnsdist
will connect to that instead.
- -k <key>, --setkey <key>
- When operating as a client(-c,
–client), use key as shared secret to connect to
dnsdist. This should be the same key that is used on the server (set with
setKey()). Note that this will leak the key into your
shell’s history. Only available when dnsdist is compiled with
- -d, --daemon
- Operate as a daemon.
- -e,--execute <command>
- Connect to dnsdist and execute command.
- -h, --help
- Display a helpful message and exit.
- -l,--local <address>
- Bind to address, Supply as many addresses (using
multiple –local statements) to listen on as required.
Specify IPv4 as 0.0.0.0:53 and IPv6 as [::]:53.
- Run in foreground, but do not spawn a console. Use this
switch to run dnsdist inside a supervisor (use with e.g. systemd and
- Disable logging to syslog. Use this when running inside a
supervisor that handles logging (like systemd). Do not use in combination
- -p,--pidfile <file>
- Write a pidfile to file, works only with
- -u,--uid <uid>
- Change the process user to uid after binding
sockets. uid can be a name or number.
- -g,--gid <gid>
- Change the process group to gid after binding
sockets. gid Can be a name or number.
- -V, --version
- Show the dnsdist version and exit.
- -v, --verbose
- Be verbose.
are any number of downstream DNS servers, in the same syntax as
used with –local
. If the port is not specified, 53 is used.
Right now, the TCP support has some rather arbitrary limits.
PowerDNS.COM BV and its contributors
2015-2017, PowerDNS.COM BV and its contributors