]>
Commit | Line | Data |
---|---|---|
20d81666 PL |
1 | .. highlight:: lua |
2 | ||
3 | Configuration Reference | |
4 | ======================= | |
5 | ||
6 | This page lists all configuration options for dnsdist. | |
7 | ||
8 | .. note:: | |
9 | ||
10 | When an IPv6 IP:PORT combination is needed, the bracketed syntax from :rfc:`RFC 3986 <3986#section-3.2.2>` should be used. | |
11 | e.g. "[2001:DB8:14::C0FF:FEE]:5300". | |
12 | ||
13 | Functions and Types | |
14 | ------------------- | |
15 | ||
16 | Within dnsdist several core object types exist: | |
17 | ||
18 | * :class:`Server`: generated with :func:`newServer`, represents a downstream server | |
19 | * :class:`ComboAddress`: represents an IP address and port | |
20 | * :class:`DNSName`: represents a domain name | |
21 | * :class:`NetmaskGroup`: represents a group of netmasks | |
22 | * :class:`QPSLimiter`: implements a QPS-based filter | |
23 | * :class:`SuffixMatchNode`: represents a group of domain suffixes for rapid testing of membership | |
24 | * :class:`DNSHeader`: represents the header of a DNS packet | |
25 | ||
26 | The existence of most of these objects can mostly be ignored, unless you plan to write your own hooks and policies, but it helps to understand an expressions like: | |
27 | ||
28 | .. code-block:: lua | |
29 | ||
30 | getServer(0).order=12 -- set order of server 0 to 12 | |
31 | getServer(0):addPool("abuse") -- add this server to the abuse pool | |
32 | ||
33 | The ``.`` means ``order`` is a data member, while the ``:`` means ``addPool`` is a member function. | |
34 | ||
35 | Global configuration | |
36 | -------------------- | |
37 | ||
38 | .. function:: includeDirectory(path) | |
39 | ||
40 | Include configuration files from ``path``. | |
41 | ||
42 | :param str path: The directory to load the configuration from | |
43 | ||
44 | Listen Sockets | |
45 | ~~~~~~~~~~~~~~ | |
46 | ||
47 | .. function:: addLocal(address[, options]) | |
48 | ||
49 | .. versionadded:: 1.2.0 | |
50 | ||
51 | Add to the list of listen addresses. | |
52 | ||
53 | :param str address: The IP Address with an optional port to listen on. | |
54 | The default port is 53. | |
55 | :param table options: A table with key: value pairs with listen options. | |
56 | ||
57 | Options: | |
58 | ||
59 | * ``doTCP=true``: bool - Also bind on TCP on ``address``. | |
60 | * ``reusePort=false``: bool - Set the ``SO_REUSEPORT`` socket option. | |
61 | * ``tcpFastOpenSize=0``: int - Set the TCP Fast Open queue size, enabling TCP Fast Open when available and the value is larger than 0 | |
62 | * ``interface=""``: str - Sets the network interface to use | |
63 | ||
64 | .. code-block:: lua | |
65 | ||
66 | addLocal('0.0.0.0:5300', { doTCP=true, reusePort=true }) | |
67 | ||
68 | This will bind to both UDP and TCP on port 5300 with SO_REUSEPORT enabled. | |
69 | ||
70 | .. function:: addLocal(address[[[,do_tcp], so_reuseport], tcp_fast_open_qsize]) | |
71 | ||
72 | .. deprecated:: 1.2.0 | |
73 | ||
74 | Add to the list of addresses listened on. | |
75 | ||
76 | :param str address: The IP Address with an optional port to listen on. | |
77 | The default port is 53. | |
78 | :param bool do_tcp: Also bind a TCP port on ``address``, defaults to true. | |
79 | :param bool so_reuseport: Use ``SO_REUSEPORT`` if it is available, defaults to false | |
5d31a326 RG |
80 | :param int tcp_fast_open_qsize: The size of the TCP Fast Open queue. Set to a number |
81 | higher than 0 to enable TCP Fast Open when available. | |
82 | Default is 0. | |
20d81666 PL |
83 | |
84 | .. function:: setLocal(address[, options]) | |
85 | ||
86 | .. versionadded:: 1.2.0 | |
87 | ||
88 | Remove the list of listen addresses and add a new one. | |
89 | ||
90 | :param str address: The IP Address with an optional port to listen on. | |
91 | The default port is 53. | |
92 | :param table options: A table with key: value pairs with listen options. | |
93 | ||
94 | The options that can be set are the same as :func:`addLocal`. | |
95 | ||
96 | .. function:: setLocal(address[[[,do_tcp], so_reuseport], tcp_fast_open_qsize]) | |
97 | ||
98 | .. deprecated:: 1.2.0 | |
99 | ||
100 | Remove the list of listen addresses and add a new one. | |
101 | ||
102 | :param str address: The IP Address with an optional port to listen on. | |
103 | The default port is 53. | |
104 | :param bool do_tcp: Also bind a TCP port on ``address``, defaults to true. | |
105 | :param bool so_reuseport: Use ``SO_REUSEPORT`` if it is available, defaults to false | |
5d31a326 RG |
106 | :param int tcp_fast_open_qsize: The size of the TCP Fast Open queue. Set to a number |
107 | higher than 0 to enable TCP Fast Open when available. | |
108 | Default is 0. | |
20d81666 PL |
109 | |
110 | Control Socket, Console and Webserver | |
111 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
112 | ||
113 | .. function:: controlSocket(address) | |
114 | ||
115 | Bind to ``addr`` and listen for a connection for the console | |
116 | ||
117 | :param str address: An IP address with optional port. By default, the port is 5199. | |
118 | ||
119 | .. function:: makeKey() | |
120 | ||
121 | Generate and print an encryption key. | |
122 | ||
506bb661 RG |
123 | .. function:: setConsoleConnectionsLogging(enabled) |
124 | ||
125 | .. versionadded:: 1.2.0 | |
126 | ||
127 | Whether to log the opening and closing of console connections. | |
128 | ||
129 | :param bool enabled: Default to true. | |
130 | ||
20d81666 PL |
131 | .. function:: setKey(key) |
132 | ||
133 | Use ``key`` as shared secret between the client and the server | |
134 | ||
135 | :param str key: An encoded key, as generated by :func:`makeKey` | |
136 | ||
137 | .. function:: testCrypto() | |
138 | ||
139 | Test the crypto code, will report errors when something is not ok. | |
140 | ||
141 | Webserver | |
142 | ~~~~~~~~~ | |
143 | ||
144 | .. function:: webServer(listen_address, password[, apikey[, custom_headers]]) | |
145 | ||
146 | Launch the :doc:`../guides/webserver` with statistics and the API. | |
147 | ||
148 | :param str listen_address: The IP address and Port to listen on | |
149 | :param str password: The password required to access the webserver | |
150 | :param str apikey: The key required to access the API | |
151 | :param {[str]=str,...} custom_headers: Allows setting custom headers and removing the defaults | |
152 | ||
153 | .. function:: setAPIWritable(allow [,dir]) | |
154 | ||
155 | Allow modifications via the API. | |
156 | Optionally saving these changes to disk. | |
157 | Modifications done via the API will not be written to the configuration by default and will not persist after a reload | |
158 | ||
159 | :param bool allow: Set to true to allow modification through the API | |
160 | :param str dir: A valid directory where the configuration files will be written by the API. | |
161 | ||
162 | Access Control Lists | |
163 | ~~~~~~~~~~~~~~~~~~~~ | |
164 | ||
165 | .. function:: addACL(netmask) | |
166 | ||
167 | Add a netmask to the existing ACL | |
168 | ||
169 | :param str netmask: A CIDR netmask, e.g. ``"192.0.2.0/24"``. Without a subnetmask, only the specific address is allowed. | |
170 | ||
171 | .. function:: setACL(netmasks) | |
172 | ||
173 | Remove the existing ACL and add the netmasks from the table. | |
174 | ||
175 | :param {str} netmasks: A table of CIDR netmask, e.g. ``{"192.0.2.0/24", "2001:DB8:14::/56"}``. Without a subnetmask, only the specific address is allowed. | |
176 | ||
177 | EDNS Client Subnet | |
178 | ~~~~~~~~~~~~~~~~~~ | |
179 | ||
180 | .. function:: setECSSourcePrefixV4(prefix) | |
181 | ||
182 | When ``useClientSubnet`` in :func:`newServer` is set and dnsdist adds an EDNS Client Subnet Client option to the query, truncate the requestors IPv4 address to ``prefix`` bits | |
183 | ||
184 | :param int prefix: The prefix length | |
185 | ||
186 | .. function:: setECSSourcePrefixV6(prefix) | |
187 | ||
188 | When ``useClientSubnet`` in :func:`newServer` is set and dnsdist adds an EDNS Client Subnet Client option to the query, truncate the requestor's IPv6 address to bits | |
189 | ||
190 | :param int prefix: The prefix length | |
191 | ||
192 | Ringbuffers | |
193 | ~~~~~~~~~~~ | |
194 | ||
195 | .. function:: setRingBuffersSize(num) | |
196 | ||
197 | Set the capacity of the ringbuffers used for live traffic inspection to ``num`` | |
198 | ||
199 | :param int num: The maximum amount of queries to keep in the ringbuffer. Defaults to 10000 | |
200 | ||
201 | Servers | |
202 | ------- | |
203 | ||
204 | .. function:: newServer(server_string) | |
205 | newServer(server_table) | |
206 | ||
207 | Add a new backend server. Call this function with either a string:: | |
208 | ||
209 | newServer( | |
210 | "IP:PORT" -- IP and PORT of the backend server | |
211 | ) | |
212 | ||
213 | or a table:: | |
214 | ||
215 | newServer({ | |
216 | address="IP:PORT", -- IP and PORT of the backend server (mandatory) | |
c19aa18d RG |
217 | qps=NUM, -- Limit the number of queries per second to NUM, when using the `firstAvailable` policy |
218 | order=NUM, -- The order of this server, used by the `leastOustanding` and `firstAvailable` policies | |
219 | weight=NUM, -- The weight of this server, used by the `wrandom` and `whashed` policies | |
5d31a326 RG |
220 | pool=STRING|{STRING}, -- The pools this server belongs to (unset or empty string means default pool) as a string or table of strings |
221 | retries=NUM, -- The number of TCP connection attempts to the backend, for a given query | |
222 | tcpConnectTimeout=NUM, -- The timeout (in seconds) of a TCP connection attempt | |
223 | tcpSendTimeout=NUM, -- The timeout (in seconds) of a TCP write attempt | |
224 | tcpRecvTimeout=NUM, -- The timeout (in seconds) of a TCP read attempt | |
225 | tcpFastOpen=BOOL, -- Whether to enable TCP Fast Open | |
226 | name=STRING, -- The name associated to this backend, for display purpose | |
20d81666 PL |
227 | checkName=STRING, -- Use STRING as QNAME in the health-check query, default: "a.root-servers.net." |
228 | checkType=STRING, -- Use STRING as QTYPE in the health-check query, default: "A" | |
229 | setCD=BOOL, -- Set the CD (Checking Disabled) flag in the health-check query, default: false | |
230 | maxCheckFailures=NUM, -- Allow NUM check failures before declaring the backend down, default: false | |
231 | mustResolve=BOOL, -- Set to true when the health check MUST return a NOERROR RCODE and an answer | |
232 | useClientSubnet=BOOL, -- Add the client's IP address in the EDNS Client Subnet option when forwarding the query to this backend | |
233 | source=STRING -- The source address or interface to use for queries to this backend, by default this is left to the kernel's address selection | |
234 | -- The following formats are supported: | |
235 | -- "address", e.g. "192.0.2.2" | |
236 | -- "interface name", e.g. "eth0" | |
237 | -- "address@interface", e.g. "192.0.2.2@eth0" | |
238 | }) | |
239 | ||
240 | :param str server_string: A simple IP:PORT string. | |
241 | :param table server_table: A table with at least a 'name' key | |
242 | ||
243 | .. function:: getServer(index) -> Server | |
244 | ||
245 | Get a :class:`Server` | |
246 | ||
247 | :param int index: The number of the server (as seen in :func:`showServers`). | |
248 | :returns: The :class:`Server` object or nil | |
249 | ||
250 | .. function:: getServers() | |
251 | ||
252 | Returns a table with all defined servers. | |
253 | ||
254 | .. function:: rmServer(index) | |
255 | rmServer(server) | |
256 | ||
257 | Remove a backend server. | |
258 | ||
259 | :param int index: The number of the server (as seen in :func:`showServers`). | |
260 | :param Server server: A :class:`Server` object as returned by e.g. :func:`getServer`. | |
261 | ||
262 | Server Functions | |
263 | ~~~~~~~~~~~~~~~~ | |
264 | A server object returned by :func:`getServer` can be manipulated with these functions. | |
265 | ||
266 | .. class:: Server | |
267 | ||
268 | This object represents a backend server. It has several methods. | |
269 | ||
270 | .. classmethod:: Server:addPool(pool) | |
271 | ||
272 | Add this server to a pool. | |
273 | ||
274 | :param str pool: The pool to add the server to | |
275 | ||
276 | .. classmethod:: Server:getName() -> string | |
277 | ||
278 | Get the name of this server. | |
279 | ||
280 | :returns: The name of the server, or an empty string if it does not have one | |
281 | ||
282 | .. classmethod:: Server:getNameWithAddr() -> string | |
283 | ||
284 | Get the name plus IP address and port of the server | |
285 | ||
286 | :returns: A string containing the server name if any plus the server address and port | |
287 | ||
288 | .. classmethod:: Server:getOutstanding() -> int | |
289 | ||
290 | Get the number of outstanding queries for this server. | |
291 | ||
292 | :returns: The number of outstanding queries | |
293 | ||
294 | .. classmethod:: Server:isUp() -> bool | |
295 | ||
296 | Returns the up status of the server | |
297 | ||
298 | :returns: true when the server is up, false otherwise | |
299 | ||
300 | .. classmethod:: Server:rmPool(pool) | |
301 | ||
302 | Removes the server from the named pool | |
303 | ||
304 | :param str pool: The pool to remove the server from | |
305 | ||
d92708ed RG |
306 | .. classmethod:: Server:setAuto([status]) |
307 | ||
308 | .. versionchanged:: 1.3.0 | |
309 | ``status`` optional parameter added. | |
20d81666 PL |
310 | |
311 | Set the server in the default auto state. | |
d92708ed RG |
312 | This will enable health check queries that will set the server ``up`` and ``down`` appropriately. |
313 | ||
314 | :param bool status: Set the initial status of the server to ``up`` (true) or ``down`` (false) instead of using the last known status | |
20d81666 PL |
315 | |
316 | .. classmethod:: Server:setQPS(limit) | |
317 | ||
318 | Limit the queries per second for this server. | |
319 | ||
320 | :param int limit: The maximum number of queries per second | |
321 | ||
322 | .. classmethod:: Server:setDown() | |
323 | ||
324 | Set the server in an ``DOWN`` state. | |
325 | The server will not receive queries and the health checks are disabled | |
326 | ||
327 | .. classmethod:: Server:setUp() | |
328 | ||
329 | Set the server in an ``UP`` state. | |
330 | This server will still receive queries and health checks are disabled | |
331 | ||
332 | Attributes | |
333 | ~~~~~~~~~~ | |
334 | ||
335 | .. attribute:: Server.name | |
336 | ||
337 | The name of the server | |
338 | ||
339 | .. attribute:: Server.upStatus | |
340 | ||
341 | Whether or not this server is up or down | |
342 | ||
343 | .. attribute:: Server.order | |
344 | ||
345 | The order of the server | |
346 | ||
347 | .. attribute:: Server.weight | |
348 | ||
349 | The weight of the server | |
350 | ||
351 | Pools | |
352 | ----- | |
353 | ||
354 | :class:`Server`\ s can be part of any number of pools. | |
5d31a326 RG |
355 | Pools are automatically created when a server is added to a pool (with :func:`newServer`), or can be manually created with :func:`addPool`. |
356 | ||
357 | .. function:: addPool(name) -> ServerPool | |
358 | ||
359 | Returns a :class:`ServerPool`. | |
360 | ||
361 | :param string name: The name of the pool to create | |
20d81666 PL |
362 | |
363 | .. function:: getPool(name) -> ServerPool | |
364 | ||
365 | Returns a :class:`ServerPool` or nil. | |
366 | ||
367 | :param string name: The name of the pool | |
368 | ||
5d31a326 RG |
369 | .. function:: rmPool(name) |
370 | ||
371 | Remove the pool named `name`. | |
372 | ||
373 | :param string name: The name of the pool to remove | |
374 | ||
20d81666 PL |
375 | .. function:: getPoolServers(name) -> [ Server ] |
376 | ||
377 | Returns a list of :class:`Server`\ s or nil. | |
378 | ||
379 | :param string name: The name of the pool | |
380 | ||
381 | .. class:: ServerPool | |
382 | ||
383 | This represents the pool where zero or more servers are part of. | |
384 | ||
385 | .. classmethod:: ServerPool:getCache() -> PacketCache | |
386 | ||
387 | Returns the :class:`PacketCache` for this pool or nil. | |
388 | ||
389 | .. classmethod:: ServerPool:setCache(cache) | |
390 | ||
391 | Adds ``cache`` as the pool's cache. | |
392 | ||
393 | :param PacketCache cache: The new cache to add to the pool | |
394 | ||
395 | .. classmethod:: ServerPool:unsetCache() | |
396 | ||
397 | Removes the cache from this pool. | |
398 | ||
399 | PacketCache | |
400 | ~~~~~~~~~~~ | |
401 | ||
402 | A Pool can have a packet cache to answer queries directly in stead of going to the backend. | |
403 | See :doc:`../guides/cache` for a how to. | |
404 | ||
405 | .. function:: newPacketCache(maxEntries[, maxTTL=86400[, minTTL=0[, temporaryFailureTTL=60[, staleTTL=60[, dontAge=false]]]]]) -> PacketCache | |
406 | ||
407 | Creates a new :class:`PacketCache` with the settings specified. | |
408 | ||
409 | :param int maxEntries: The maximum number of entries in this cache | |
410 | :param int maxTTL: Cap the TTL for records to his number | |
411 | :param int minTTL: Don't cache entries with a TTL lower than this | |
412 | :param int temporaryFailureTTL: On a SERVFAIL or REFUSED from the backend, cache for this amount of seconds | |
413 | :param int staleTTL: When the backend servers are not reachable, send responses if the cache entry is expired at most this amount of seconds | |
414 | :param bool dontAge: Don't reduce TTLs when serving from the cache. use this when :program:`dnsdist` fronts a cluster of authoritative servers | |
415 | ||
416 | .. class:: PacketCache | |
417 | ||
418 | Represents a cache that can be part of :class:`ServerPool`. | |
419 | ||
420 | .. classmethod:: PacketCache:expunge(n) | |
421 | ||
422 | Remove entries from the cache, leaving at most ``n`` entries | |
423 | ||
424 | :param int n: Number of entries to keep | |
425 | ||
426 | .. classmethod:: PacketCache:expungeByName(name [, qtype=dnsdist.ANY[, suffixMatch=false]]) | |
427 | ||
428 | .. versionchanged:: 1.2.0 | |
429 | ``suffixMatch`` parameter added. | |
430 | ||
431 | Remove entries matching ``name`` and type from the cache. | |
432 | ||
433 | :param DNSName name: The name to expunge | |
434 | :param int qtype: The type to expunge | |
435 | :param bool suffixMatch: When set to true, remove al entries under ``name`` | |
436 | ||
437 | .. classmethod:: PacketCache:isFull() -> bool | |
438 | ||
439 | Return true if the cache has reached the maximum number of entries. | |
440 | ||
441 | .. classmethod:: PacketCache:printStats() | |
442 | ||
443 | Print the cache stats (hits, misses, deferred lookups and deferred inserts). | |
444 | ||
445 | .. classmethod:: PacketCache:purgeExpired(n) | |
446 | ||
447 | Remove expired entries from the cache until there is at most ``n`` entries remaining in the cache. | |
448 | ||
449 | :param int n: Number of entries to keep | |
450 | ||
451 | .. classmethod:: PacketCache:toString() -> string | |
452 | ||
453 | Return the number of entries in the Packet Cache, and the maximum number of entries | |
454 | ||
455 | Status, Statistics and More | |
456 | --------------------------- | |
457 | ||
458 | .. function:: dumpStats() | |
459 | ||
460 | Print all statistics dnsdist gathers | |
461 | ||
462 | .. function:: grepq(selector[, num]) | |
463 | grepq(selectors[, num]) | |
464 | ||
465 | Prints the last ``num`` queries matching ``selector`` or ``selectors``. | |
466 | ||
467 | The selector can be: | |
468 | ||
469 | * a netmask (e.g. '192.0.2.0/24') | |
470 | * a DNS name (e.g. 'dnsdist.org') | |
471 | * a response time (e.g. '100ms') | |
472 | ||
473 | :param str selector: Select queries based on this property. | |
474 | :param {str} selectors: A lua table of selectors. Only queries matching all selectors are shown | |
475 | :param int num: Show a maximum of ``num`` recent queries, default is 10. | |
476 | ||
477 | .. function:: showACL() | |
478 | ||
479 | Print a list of all allowed netmasks. | |
480 | ||
77d43b54 RG |
481 | .. function:: showBinds() |
482 | ||
483 | Print a list of all the current addresses and ports dnsdist is listening on, also called ``frontends`` | |
484 | ||
20d81666 PL |
485 | .. function:: showResponseLatency() |
486 | ||
77d43b54 | 487 | Show a plot of the response time latency distribution |
20d81666 PL |
488 | |
489 | .. function:: showServers() | |
490 | ||
491 | This function shows all backend servers currently configured and some statistics. | |
492 | These statics have the following fields: | |
493 | ||
494 | * ``#`` - The number of the server, can be used as the argument for :func:`getServer` | |
495 | * ``Address`` - The IP address and port of the server | |
496 | * ``State`` - The current state of the server | |
497 | * ``Qps`` - Current number of queries per second | |
498 | * ``Qlim`` - Configured maximum number of queries per second | |
499 | * ``Ord`` - The order number of the server | |
500 | * ``Wt`` - The weight of the server | |
501 | * ``Queries`` - Total amount of queries sent to this server | |
502 | * ``Drops`` - Number of queries that were dropped by this server | |
503 | * ``Drate`` - Number of queries dropped per second by this server | |
504 | * ``Lat`` - The latency of this server in milliseconds | |
505 | * ``Pools`` - The pools this server belongs to | |
506 | ||
507 | .. function:: showTCPStats() | |
508 | ||
77d43b54 | 509 | Show some statistics regarding TCP |
20d81666 PL |
510 | |
511 | .. function:: showVersion() | |
512 | ||
513 | Print the version of dnsdist | |
514 | ||
515 | .. function:: topBandwidth([num]) | |
516 | ||
517 | Print the top ``num`` clients that consume the most bandwidth. | |
518 | ||
519 | :param int num: Number to show, defaults to 10. | |
520 | ||
521 | .. function:: topClients([num]) | |
522 | ||
523 | Print the top ``num`` clients sending the most queries over length of ringbuffer | |
524 | ||
525 | :param int num: Number to show, defaults to 10. | |
526 | ||
527 | .. function:: topQueries([num[, labels]]) | |
528 | ||
529 | Print the ``num`` most popular QNAMEs from queries. | |
530 | Optionally grouped by the rightmost ``labels`` DNS labels. | |
531 | ||
532 | :param int num: Number to show, defaults to 10 | |
533 | :param int label: Number of labels to cut down to | |
534 | ||
535 | .. function:: topResponses([num[, rcode[, labels]]]) | |
536 | ||
537 | Print the ``num`` most seen responses with an RCODE or ``rcode``. | |
538 | Optionally grouped by the rightmost ``labels`` DNS labels. | |
539 | ||
540 | :param int num: Number to show, defaults to 10 | |
541 | :param int rcode: Response code (e.g. 0=NO Error, 2=ServFail, 3=ServFail), defaults to 0 | |
542 | :param int label: Number of labels to cut down to | |
543 | ||
544 | .. function:: topSlow([num[, limit[, labels]]]) | |
545 | ||
546 | Print the ``num`` slowest queries that are slower than ``limit`` milliseconds. | |
547 | Optionally grouped by the rightmost ``labels`` DNS labels. | |
548 | ||
549 | :param int num: Number to show, defaults to 10 | |
af4b7afb | 550 | :param int limit: Show queries slower than this amount of milliseconds, defaults to 2000 |
20d81666 PL |
551 | :param int label: Number of labels to cut down to |
552 | ||
553 | .. _dynblocksref: | |
554 | ||
555 | Dynamic Blocks | |
556 | -------------- | |
557 | ||
558 | .. function:: addDynBlocks(addresses, message[, seconds=10[, action]]) | |
559 | ||
560 | .. versionchanged:: 1.2.0 | |
561 | ``action`` parameter added. | |
562 | ||
563 | Block a set of addresses with ``message`` for (optionally) a number of seconds. | |
564 | The default number of seconds to block for is 10. | |
565 | ||
566 | :param addresses: set of Addresses as returned by an exceed function | |
567 | :param string message: The message to show next to the blocks | |
568 | :param int seconds: The number of seconds this block to expire | |
569 | :param int action: The action to take when the dynamic block matches, see :ref:`here <DNSAction>`. (default to the one set with :func:`setDynBlocksAction`) | |
570 | ||
571 | .. function:: clearDynBlocks() | |
572 | ||
573 | Remove all current dynamic blocks. | |
574 | ||
575 | .. function:: showDynBlocks() | |
576 | ||
577 | List all dynamic blocks in effect. | |
578 | ||
579 | .. function:: setDynBlocksAction(action) | |
580 | ||
581 | Set which action is performed when a query is blocked. | |
582 | Only DNSAction.Drop (the default) and DNSAction.Refused are supported. | |
583 | ||
584 | .. function:: addBPFFilterDynBlocks(addresses, filter[, seconds]) | |
585 | ||
586 | Block the set of addresses using the supplied BPF Filter, for seconds seconds (10 by default) | |
587 | ||
588 | :param addresses: A set of addresses as returned by the exceed functions. | |
589 | :param filter: and EBPF filter | |
590 | :param int seconds: Number of seconds to block for | |
591 | ||
592 | .. _exceedfuncs: | |
593 | ||
594 | Getting addresses that exceeded parameters | |
595 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
596 | ||
597 | .. function:: exceedServFails(rate, seconds) | |
598 | ||
599 | Get set of addresses that exceed ``rate`` servfails/s over ``seconds`` seconds | |
600 | ||
601 | :param int rate: Number of Servfails per second to exceed | |
602 | :param int seconds: Number of seconds the rate has been exceeded | |
603 | ||
604 | .. function:: exceedNXDOMAINs(rate, seconds) | |
605 | ||
606 | get set of addresses that exceed ``rate`` NXDOMAIN/s over ``seconds`` seconds | |
607 | ||
608 | :param int rate: Number of NXDOMAIN per second to exceed | |
609 | :param int seconds: Number of seconds the rate has been exceeded | |
610 | ||
611 | .. function:: exceedRespByterate(rate, seconds) | |
612 | ||
613 | get set of addresses that exceeded ``rate`` bytes/s answers over ``seconds`` seconds | |
614 | ||
615 | :param int rate: Number of bytes per second to exceed | |
616 | :param int seconds: Number of seconds the rate has been exceeded | |
617 | ||
618 | .. function:: exceedQRate(rate, seconds) | |
619 | ||
620 | Get set of address that exceed ``rate`` queries/s over ``seconds`` seconds | |
621 | ||
622 | :param int rate: Number of queries per second to exceed | |
623 | :param int seconds: Number of seconds the rate has been exceeded | |
624 | ||
625 | .. function:: exceedQTypeRate(type, rate, seconds) | |
626 | ||
627 | Get set of address that exceed ``rate`` queries/s for queries of QType ``type`` over ``seconds`` seconds | |
628 | ||
629 | :param int type: QType | |
630 | :param int rate: Number of QType queries per second to exceed | |
631 | :param int seconds: Number of seconds the rate has been exceeded | |
632 | ||
633 | Other functions | |
634 | --------------- | |
635 | ||
636 | .. function:: maintenance() | |
637 | ||
638 | If this function exists, it is called every second to so regular tasks. | |
639 | This can be used for e.g. :doc:`Dynamic Blocks <../guides/dynblocks>`. |