[thirdparty/pdns.git] / pdns / dnsdistdist / docs / guides / downstreams.rst

Configuring Downstream Servers
==============================

As dnsdist is a loadbalancer and does not do any DNS resolving or serving by itself, it needs downstream servers.
To add downstream servers, either include them on the command line::

    dnsdist -l 130.161.252.29 -a 130.161.0.0/16 8.8.8.8 208.67.222.222 2620:0:ccc::2 2620:0:ccd::2

Or add them to the configuration file:

.. code-block:: lua

    setLocal("130.161.252.29:53")
    setACL("130.161.0.0/16")
    newServer("8.8.8.8")
    newServer("208.67.222.222")
    newServer("2620:0:ccc::2")
    newServer("2620:0:0ccd::2")

These two equivalent configurations give you sane load balancing using a very sensible distribution policy.
Many users will simply be done with this configuration.
It works as well for authoritative as for recursive servers.

Healthcheck
-----------
dnsdist uses a health check, sent once every second, to determine the availability of a backend server.

By default, an A query for "a.root-servers.net." is sent.
A different query type and target can be specified by passing, respectively, the ``checkType`` and ``checkName`` parameters to :func:`newServer`.

The default behavior is to consider any valid response with an RCODE different from ServFail as valid.
If the ``mustResolve`` parameter of :func:`newServer` is set to ``true``, a response will only be considered valid if its RCODE differs from NXDomain, ServFail and Refused.

The number of health check failures before a server is considered down is configurable via the ``maxCheckFailures`` parameter, defaulting to 1.
The CD flag can be set on the query by setting ``setCD`` to true.
e.g.::

  newServer({address="192.0.2.1", checkType="AAAA", checkName="a.root-servers.net.", mustResolve=true})

Source address selection
------------------------

In multi-homed setups, it can be useful to be able to select the source address or the outgoing
interface used by dnsdist to contact a downstream server. This can be done by using the `source` parameter::

  newServer({address="192.0.2.1", source="192.0.2.127"})
  newServer({address="192.0.2.1", source="eth1"})
  newServer({address="192.0.2.1", source="192.0.2.127@eth1"})

The supported values for source are:
- an IPv4 or IPv6 address, which must exist on the system
- an interface name
- an IPv4 or IPv6 address followed by '@' then an interface name

Please note that specifying the interface name is only supported on system having `IP_PKTINFO`.
Commit	Line	Data
20d81666 PL	1	Configuring Downstream Servers
	2	==============================
	3
	4	As dnsdist is a loadbalancer and does not do any DNS resolving or serving by itself, it needs downstream servers.
	5	To add downstream servers, either include them on the command line::
	6
	7	dnsdist -l 130.161.252.29 -a 130.161.0.0/16 8.8.8.8 208.67.222.222 2620:0:ccc::2 2620:0:ccd::2
	8
	9	Or add them to the configuration file:
	10
	11	.. code-block:: lua
	12
	13	setLocal("130.161.252.29:53")
	14	setACL("130.161.0.0/16")
	15	newServer("8.8.8.8")
	16	newServer("208.67.222.222")
	17	newServer("2620:0:ccc::2")
	18	newServer("2620:0:0ccd::2")
	19
	20	These two equivalent configurations give you sane load balancing using a very sensible distribution policy.
	21	Many users will simply be done with this configuration.
	22	It works as well for authoritative as for recursive servers.
	23
	24	Healthcheck
	25	-----------
	26	dnsdist uses a health check, sent once every second, to determine the availability of a backend server.
	27
	28	By default, an A query for "a.root-servers.net." is sent.
	29	A different query type and target can be specified by passing, respectively, the ``checkType`` and ``checkName`` parameters to :func:`newServer`.
	30
	31	The default behavior is to consider any valid response with an RCODE different from ServFail as valid.
	32	If the ``mustResolve`` parameter of :func:`newServer` is set to ``true``, a response will only be considered valid if its RCODE differs from NXDomain, ServFail and Refused.
	33
	34	The number of health check failures before a server is considered down is configurable via the ``maxCheckFailures`` parameter, defaulting to 1.
	35	The CD flag can be set on the query by setting ``setCD`` to true.
	36	e.g.::
	37
	38	newServer({address="192.0.2.1", checkType="AAAA", checkName="a.root-servers.net.", mustResolve=true})
44f6dbd1 RG	39
	40	Source address selection
	41	------------------------
	42
	43	In multi-homed setups, it can be useful to be able to select the source address or the outgoing
	44	interface used by dnsdist to contact a downstream server. This can be done by using the `source` parameter::
	45
	46	newServer({address="192.0.2.1", source="192.0.2.127"})
	47	newServer({address="192.0.2.1", source="eth1"})
	48	newServer({address="192.0.2.1", source="192.0.2.127@eth1"})
	49
	50	The supported values for source are:
	51	- an IPv4 or IPv6 address, which must exist on the system
	52	- an interface name
	53	- an IPv4 or IPv6 address followed by '@' then an interface name
	54
	55	Please note that specifying the interface name is only supported on system having `IP_PKTINFO`.