]> git.ipfire.org Git - thirdparty/pdns.git/blame - pdns/dnsdistdist/docs/reference/config.rst
projects / thirdparty / pdns.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dnsdist: Add an optional `status` parameter to `setAuto()`
[thirdparty/pdns.git] / pdns / dnsdistdist / docs / reference / config.rst
CommitLineData
20d81666
PL		 1.. highlight:: lua
2
3Configuration Reference
4=======================
5
6This page lists all configuration options for dnsdist.
7
8.. note::
9
10 When an IPv6 IP:PORT combination is needed, the bracketed syntax from :rfc:`RFC 3986 <3986#section-3.2.2>` should be used.
11 e.g. "[2001:DB8:14::C0FF:FEE]:5300".
12
13Functions and Types
14-------------------
15
16Within dnsdist several core object types exist:
17
18* :class:`Server`: generated with :func:`newServer`, represents a downstream server
19* :class:`ComboAddress`: represents an IP address and port
20* :class:`DNSName`: represents a domain name
21* :class:`NetmaskGroup`: represents a group of netmasks
22* :class:`QPSLimiter`: implements a QPS-based filter
23* :class:`SuffixMatchNode`: represents a group of domain suffixes for rapid testing of membership
24* :class:`DNSHeader`: represents the header of a DNS packet
25
26The existence of most of these objects can mostly be ignored, unless you plan to write your own hooks and policies, but it helps to understand an expressions like:
27
28.. code-block:: lua
29
30 getServer(0).order=12 -- set order of server 0 to 12
31 getServer(0):addPool("abuse") -- add this server to the abuse pool
32
33The ``.`` means ``order`` is a data member, while the ``:`` means ``addPool`` is a member function.
34
35Global configuration
36--------------------
37
38.. function:: includeDirectory(path)
39
40 Include configuration files from ``path``.
41
42 :param str path: The directory to load the configuration from
43
44Listen Sockets
45~~~~~~~~~~~~~~
46
47.. function:: addLocal(address[, options])
48
49 .. versionadded:: 1.2.0
50
51 Add to the list of listen addresses.
52
53 :param str address: The IP Address with an optional port to listen on.
54 The default port is 53.
55 :param table options: A table with key: value pairs with listen options.
56
57 Options:
58
59 * ``doTCP=true``: bool - Also bind on TCP on ``address``.
60 * ``reusePort=false``: bool - Set the ``SO_REUSEPORT`` socket option.
61 * ``tcpFastOpenSize=0``: int - Set the TCP Fast Open queue size, enabling TCP Fast Open when available and the value is larger than 0
62 * ``interface=""``: str - Sets the network interface to use
63
64 .. code-block:: lua
65
66 addLocal('0.0.0.0:5300', { doTCP=true, reusePort=true })
67
68 This will bind to both UDP and TCP on port 5300 with SO_REUSEPORT enabled.
69
70.. function:: addLocal(address[[[,do_tcp], so_reuseport], tcp_fast_open_qsize])
71
72 .. deprecated:: 1.2.0
73
74 Add to the list of addresses listened on.
75
76 :param str address: The IP Address with an optional port to listen on.
77 The default port is 53.
78 :param bool do_tcp: Also bind a TCP port on ``address``, defaults to true.
79 :param bool so_reuseport: Use ``SO_REUSEPORT`` if it is available, defaults to false
5d31a326
RG		 80 :param int tcp_fast_open_qsize: The size of the TCP Fast Open queue. Set to a number
81 higher than 0 to enable TCP Fast Open when available.
82 Default is 0.
20d81666
PL		 83
84.. function:: setLocal(address[, options])
85
86 .. versionadded:: 1.2.0
87
88 Remove the list of listen addresses and add a new one.
89
90 :param str address: The IP Address with an optional port to listen on.
91 The default port is 53.
92 :param table options: A table with key: value pairs with listen options.
93
94 The options that can be set are the same as :func:`addLocal`.
95
96.. function:: setLocal(address[[[,do_tcp], so_reuseport], tcp_fast_open_qsize])
97
98 .. deprecated:: 1.2.0
99
100 Remove the list of listen addresses and add a new one.
101
102 :param str address: The IP Address with an optional port to listen on.
103 The default port is 53.
104 :param bool do_tcp: Also bind a TCP port on ``address``, defaults to true.
105 :param bool so_reuseport: Use ``SO_REUSEPORT`` if it is available, defaults to false
5d31a326
RG		 106 :param int tcp_fast_open_qsize: The size of the TCP Fast Open queue. Set to a number
107 higher than 0 to enable TCP Fast Open when available.
108 Default is 0.
20d81666
PL		 109
110Control Socket, Console and Webserver
111~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
112
113.. function:: controlSocket(address)
114
115 Bind to ``addr`` and listen for a connection for the console
116
117 :param str address: An IP address with optional port. By default, the port is 5199.
118
119.. function:: makeKey()
120
121 Generate and print an encryption key.
122
506bb661
RG		 123.. function:: setConsoleConnectionsLogging(enabled)
124
125 .. versionadded:: 1.2.0
126
127 Whether to log the opening and closing of console connections.
128
129 :param bool enabled: Default to true.
130
20d81666
PL		 131.. function:: setKey(key)
132
133 Use ``key`` as shared secret between the client and the server
134
135 :param str key: An encoded key, as generated by :func:`makeKey`
136
137.. function:: testCrypto()
138
139 Test the crypto code, will report errors when something is not ok.
140
141Webserver
142~~~~~~~~~
143
144.. function:: webServer(listen_address, password[, apikey[, custom_headers]])
145
146 Launch the :doc:`../guides/webserver` with statistics and the API.
147
148 :param str listen_address: The IP address and Port to listen on
149 :param str password: The password required to access the webserver
150 :param str apikey: The key required to access the API
151 :param {[str]=str,...} custom_headers: Allows setting custom headers and removing the defaults
152
153.. function:: setAPIWritable(allow [,dir])
154
155 Allow modifications via the API.
156 Optionally saving these changes to disk.
157 Modifications done via the API will not be written to the configuration by default and will not persist after a reload
158
159 :param bool allow: Set to true to allow modification through the API
160 :param str dir: A valid directory where the configuration files will be written by the API.
161
162Access Control Lists
163~~~~~~~~~~~~~~~~~~~~
164
165.. function:: addACL(netmask)
166
167 Add a netmask to the existing ACL
168
169 :param str netmask: A CIDR netmask, e.g. ``"192.0.2.0/24"``. Without a subnetmask, only the specific address is allowed.
170
171.. function:: setACL(netmasks)
172
173 Remove the existing ACL and add the netmasks from the table.
174
175 :param {str} netmasks: A table of CIDR netmask, e.g. ``{"192.0.2.0/24", "2001:DB8:14::/56"}``. Without a subnetmask, only the specific address is allowed.
176
177EDNS Client Subnet
178~~~~~~~~~~~~~~~~~~
179
180.. function:: setECSSourcePrefixV4(prefix)
181
182 When ``useClientSubnet`` in :func:`newServer` is set and dnsdist adds an EDNS Client Subnet Client option to the query, truncate the requestors IPv4 address to ``prefix`` bits
183
184 :param int prefix: The prefix length
185
186.. function:: setECSSourcePrefixV6(prefix)
187
188 When ``useClientSubnet`` in :func:`newServer` is set and dnsdist adds an EDNS Client Subnet Client option to the query, truncate the requestor's IPv6 address to bits
189
190 :param int prefix: The prefix length
191
192Ringbuffers
193~~~~~~~~~~~
194
195.. function:: setRingBuffersSize(num)
196
197 Set the capacity of the ringbuffers used for live traffic inspection to ``num``
198
199 :param int num: The maximum amount of queries to keep in the ringbuffer. Defaults to 10000
200
201Servers
202-------
203
204.. function:: newServer(server_string)
205 newServer(server_table)
206
207 Add a new backend server. Call this function with either a string::
208
209 newServer(
210 "IP:PORT" -- IP and PORT of the backend server
211 )
212
213 or a table::
214
215 newServer({
216 address="IP:PORT", -- IP and PORT of the backend server (mandatory)
c19aa18d
RG		 217 qps=NUM, -- Limit the number of queries per second to NUM, when using the `firstAvailable` policy
218 order=NUM, -- The order of this server, used by the `leastOustanding` and `firstAvailable` policies
219 weight=NUM, -- The weight of this server, used by the `wrandom` and `whashed` policies
5d31a326
RG		 220 pool=STRING|{STRING}, -- The pools this server belongs to (unset or empty string means default pool) as a string or table of strings
221 retries=NUM, -- The number of TCP connection attempts to the backend, for a given query
222 tcpConnectTimeout=NUM, -- The timeout (in seconds) of a TCP connection attempt
223 tcpSendTimeout=NUM, -- The timeout (in seconds) of a TCP write attempt
224 tcpRecvTimeout=NUM, -- The timeout (in seconds) of a TCP read attempt
225 tcpFastOpen=BOOL, -- Whether to enable TCP Fast Open
226 name=STRING, -- The name associated to this backend, for display purpose
20d81666
PL		 227 checkName=STRING, -- Use STRING as QNAME in the health-check query, default: "a.root-servers.net."
228 checkType=STRING, -- Use STRING as QTYPE in the health-check query, default: "A"
229 setCD=BOOL, -- Set the CD (Checking Disabled) flag in the health-check query, default: false
230 maxCheckFailures=NUM, -- Allow NUM check failures before declaring the backend down, default: false
231 mustResolve=BOOL, -- Set to true when the health check MUST return a NOERROR RCODE and an answer
232 useClientSubnet=BOOL, -- Add the client's IP address in the EDNS Client Subnet option when forwarding the query to this backend
233 source=STRING -- The source address or interface to use for queries to this backend, by default this is left to the kernel's address selection
234 -- The following formats are supported:
235 -- "address", e.g. "192.0.2.2"
236 -- "interface name", e.g. "eth0"
237 -- "address@interface", e.g. "192.0.2.2@eth0"
238 })
239
240 :param str server_string: A simple IP:PORT string.
241 :param table server_table: A table with at least a 'name' key
242
243.. function:: getServer(index) -> Server
244
245 Get a :class:`Server`
246
247 :param int index: The number of the server (as seen in :func:`showServers`).
248 :returns: The :class:`Server` object or nil
249
250.. function:: getServers()
251
252 Returns a table with all defined servers.
253
254.. function:: rmServer(index)
255 rmServer(server)
256
257 Remove a backend server.
258
259 :param int index: The number of the server (as seen in :func:`showServers`).
260 :param Server server: A :class:`Server` object as returned by e.g. :func:`getServer`.
261
262Server Functions
263~~~~~~~~~~~~~~~~
264A server object returned by :func:`getServer` can be manipulated with these functions.
265
266.. class:: Server
267
268 This object represents a backend server. It has several methods.
269
270.. classmethod:: Server:addPool(pool)
271
272 Add this server to a pool.
273
274 :param str pool: The pool to add the server to
275
276.. classmethod:: Server:getName() -> string
277
278 Get the name of this server.
279
280 :returns: The name of the server, or an empty string if it does not have one
281
282.. classmethod:: Server:getNameWithAddr() -> string
283
284 Get the name plus IP address and port of the server
285
286 :returns: A string containing the server name if any plus the server address and port
287
288.. classmethod:: Server:getOutstanding() -> int
289
290 Get the number of outstanding queries for this server.
291
292 :returns: The number of outstanding queries
293
294.. classmethod:: Server:isUp() -> bool
295
296 Returns the up status of the server
297
298 :returns: true when the server is up, false otherwise
299
300.. classmethod:: Server:rmPool(pool)
301
302 Removes the server from the named pool
303
304 :param str pool: The pool to remove the server from
305
d92708ed
RG		 306.. classmethod:: Server:setAuto([status])
307
308.. versionchanged:: 1.3.0
309 ``status`` optional parameter added.
20d81666
PL		 310
311 Set the server in the default auto state.
d92708ed
RG		 312 This will enable health check queries that will set the server ``up`` and ``down`` appropriately.
313
314 :param bool status: Set the initial status of the server to ``up`` (true) or ``down`` (false) instead of using the last known status
20d81666
PL		 315
316.. classmethod:: Server:setQPS(limit)
317
318 Limit the queries per second for this server.
319
320 :param int limit: The maximum number of queries per second
321
322.. classmethod:: Server:setDown()
323
324 Set the server in an ``DOWN`` state.
325 The server will not receive queries and the health checks are disabled
326
327.. classmethod:: Server:setUp()
328
329 Set the server in an ``UP`` state.
330 This server will still receive queries and health checks are disabled
331
332Attributes
333~~~~~~~~~~
334
335.. attribute:: Server.name
336
337 The name of the server
338
339.. attribute:: Server.upStatus
340
341 Whether or not this server is up or down
342
343.. attribute:: Server.order
344
345 The order of the server
346
347.. attribute:: Server.weight
348
349 The weight of the server
350
351Pools
352-----
353
354:class:`Server`\ s can be part of any number of pools.
5d31a326
RG		 355Pools are automatically created when a server is added to a pool (with :func:`newServer`), or can be manually created with :func:`addPool`.
356
357.. function:: addPool(name) -> ServerPool
358
359 Returns a :class:`ServerPool`.
360
361 :param string name: The name of the pool to create
20d81666
PL		 362
363.. function:: getPool(name) -> ServerPool
364
365 Returns a :class:`ServerPool` or nil.
366
367 :param string name: The name of the pool
368
5d31a326
RG		 369.. function:: rmPool(name)
370
371 Remove the pool named `name`.
372
373 :param string name: The name of the pool to remove
374
20d81666
PL		 375.. function:: getPoolServers(name) -> [ Server ]
376
377 Returns a list of :class:`Server`\ s or nil.
378
379 :param string name: The name of the pool
380
381.. class:: ServerPool
382
383 This represents the pool where zero or more servers are part of.
384
385.. classmethod:: ServerPool:getCache() -> PacketCache
386
387 Returns the :class:`PacketCache` for this pool or nil.
388
389.. classmethod:: ServerPool:setCache(cache)
390
391 Adds ``cache`` as the pool's cache.
392
393 :param PacketCache cache: The new cache to add to the pool
394
395.. classmethod:: ServerPool:unsetCache()
396
397 Removes the cache from this pool.
398
399PacketCache
400~~~~~~~~~~~
401
402A Pool can have a packet cache to answer queries directly in stead of going to the backend.
403See :doc:`../guides/cache` for a how to.
404
405.. function:: newPacketCache(maxEntries[, maxTTL=86400[, minTTL=0[, temporaryFailureTTL=60[, staleTTL=60[, dontAge=false]]]]]) -> PacketCache
406
407 Creates a new :class:`PacketCache` with the settings specified.
408
409 :param int maxEntries: The maximum number of entries in this cache
410 :param int maxTTL: Cap the TTL for records to his number
411 :param int minTTL: Don't cache entries with a TTL lower than this
412 :param int temporaryFailureTTL: On a SERVFAIL or REFUSED from the backend, cache for this amount of seconds
413 :param int staleTTL: When the backend servers are not reachable, send responses if the cache entry is expired at most this amount of seconds
414 :param bool dontAge: Don't reduce TTLs when serving from the cache. use this when :program:`dnsdist` fronts a cluster of authoritative servers
415
416.. class:: PacketCache
417
418 Represents a cache that can be part of :class:`ServerPool`.
419
420.. classmethod:: PacketCache:expunge(n)
421
422 Remove entries from the cache, leaving at most ``n`` entries
423
424 :param int n: Number of entries to keep
425
426.. classmethod:: PacketCache:expungeByName(name [, qtype=dnsdist.ANY[, suffixMatch=false]])
427
428 .. versionchanged:: 1.2.0
429 ``suffixMatch`` parameter added.
430
431 Remove entries matching ``name`` and type from the cache.
432
433 :param DNSName name: The name to expunge
434 :param int qtype: The type to expunge
435 :param bool suffixMatch: When set to true, remove al entries under ``name``
436
437.. classmethod:: PacketCache:isFull() -> bool
438
439 Return true if the cache has reached the maximum number of entries.
440
441.. classmethod:: PacketCache:printStats()
442
443 Print the cache stats (hits, misses, deferred lookups and deferred inserts).
444
445.. classmethod:: PacketCache:purgeExpired(n)
446
447 Remove expired entries from the cache until there is at most ``n`` entries remaining in the cache.
448
449 :param int n: Number of entries to keep
450
451.. classmethod:: PacketCache:toString() -> string
452
453 Return the number of entries in the Packet Cache, and the maximum number of entries
454
455Status, Statistics and More
456---------------------------
457
458.. function:: dumpStats()
459
460 Print all statistics dnsdist gathers
461
462.. function:: grepq(selector[, num])
463 grepq(selectors[, num])
464
465 Prints the last ``num`` queries matching ``selector`` or ``selectors``.
466
467 The selector can be:
468
469 * a netmask (e.g. '192.0.2.0/24')
470 * a DNS name (e.g. 'dnsdist.org')
471 * a response time (e.g. '100ms')
472
473 :param str selector: Select queries based on this property.
474 :param {str} selectors: A lua table of selectors. Only queries matching all selectors are shown
475 :param int num: Show a maximum of ``num`` recent queries, default is 10.
476
477.. function:: showACL()
478
479 Print a list of all allowed netmasks.
480
77d43b54
RG		 481.. function:: showBinds()
482
483 Print a list of all the current addresses and ports dnsdist is listening on, also called ``frontends``
484
20d81666
PL		 485.. function:: showResponseLatency()
486
77d43b54 487 Show a plot of the response time latency distribution
20d81666
PL		 488
489.. function:: showServers()
490
491 This function shows all backend servers currently configured and some statistics.
492 These statics have the following fields:
493
494 * ``#`` - The number of the server, can be used as the argument for :func:`getServer`
495 * ``Address`` - The IP address and port of the server
496 * ``State`` - The current state of the server
497 * ``Qps`` - Current number of queries per second
498 * ``Qlim`` - Configured maximum number of queries per second
499 * ``Ord`` - The order number of the server
500 * ``Wt`` - The weight of the server
501 * ``Queries`` - Total amount of queries sent to this server
502 * ``Drops`` - Number of queries that were dropped by this server
503 * ``Drate`` - Number of queries dropped per second by this server
504 * ``Lat`` - The latency of this server in milliseconds
505 * ``Pools`` - The pools this server belongs to
506
507.. function:: showTCPStats()
508
77d43b54 509 Show some statistics regarding TCP
20d81666
PL		 510
511.. function:: showVersion()
512
513 Print the version of dnsdist
514
515.. function:: topBandwidth([num])
516
517 Print the top ``num`` clients that consume the most bandwidth.
518
519 :param int num: Number to show, defaults to 10.
520
521.. function:: topClients([num])
522
523 Print the top ``num`` clients sending the most queries over length of ringbuffer
524
525 :param int num: Number to show, defaults to 10.
526
527.. function:: topQueries([num[, labels]])
528
529 Print the ``num`` most popular QNAMEs from queries.
530 Optionally grouped by the rightmost ``labels`` DNS labels.
531
532 :param int num: Number to show, defaults to 10
533 :param int label: Number of labels to cut down to
534
535.. function:: topResponses([num[, rcode[, labels]]])
536
537 Print the ``num`` most seen responses with an RCODE or ``rcode``.
538 Optionally grouped by the rightmost ``labels`` DNS labels.
539
540 :param int num: Number to show, defaults to 10
541 :param int rcode: Response code (e.g. 0=NO Error, 2=ServFail, 3=ServFail), defaults to 0
542 :param int label: Number of labels to cut down to
543
544.. function:: topSlow([num[, limit[, labels]]])
545
546 Print the ``num`` slowest queries that are slower than ``limit`` milliseconds.
547 Optionally grouped by the rightmost ``labels`` DNS labels.
548
549 :param int num: Number to show, defaults to 10
af4b7afb 550 :param int limit: Show queries slower than this amount of milliseconds, defaults to 2000
20d81666
PL		 551 :param int label: Number of labels to cut down to
552
553.. _dynblocksref:
554
555Dynamic Blocks
556--------------
557
558.. function:: addDynBlocks(addresses, message[, seconds=10[, action]])
559
560 .. versionchanged:: 1.2.0
561 ``action`` parameter added.
562
563 Block a set of addresses with ``message`` for (optionally) a number of seconds.
564 The default number of seconds to block for is 10.
565
566 :param addresses: set of Addresses as returned by an exceed function
567 :param string message: The message to show next to the blocks
568 :param int seconds: The number of seconds this block to expire
569 :param int action: The action to take when the dynamic block matches, see :ref:`here <DNSAction>`. (default to the one set with :func:`setDynBlocksAction`)
570
571.. function:: clearDynBlocks()
572
573 Remove all current dynamic blocks.
574
575.. function:: showDynBlocks()
576
577 List all dynamic blocks in effect.
578
579.. function:: setDynBlocksAction(action)
580
581 Set which action is performed when a query is blocked.
582 Only DNSAction.Drop (the default) and DNSAction.Refused are supported.
583
584.. function:: addBPFFilterDynBlocks(addresses, filter[, seconds])
585
586 Block the set of addresses using the supplied BPF Filter, for seconds seconds (10 by default)
587
588 :param addresses: A set of addresses as returned by the exceed functions.
589 :param filter: and EBPF filter
590 :param int seconds: Number of seconds to block for
591
592.. _exceedfuncs:
593
594Getting addresses that exceeded parameters
595~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
596
597.. function:: exceedServFails(rate, seconds)
598
599 Get set of addresses that exceed ``rate`` servfails/s over ``seconds`` seconds
600
601 :param int rate: Number of Servfails per second to exceed
602 :param int seconds: Number of seconds the rate has been exceeded
603
604.. function:: exceedNXDOMAINs(rate, seconds)
605
606 get set of addresses that exceed ``rate`` NXDOMAIN/s over ``seconds`` seconds
607
608 :param int rate: Number of NXDOMAIN per second to exceed
609 :param int seconds: Number of seconds the rate has been exceeded
610
611.. function:: exceedRespByterate(rate, seconds)
612
613 get set of addresses that exceeded ``rate`` bytes/s answers over ``seconds`` seconds
614
615 :param int rate: Number of bytes per second to exceed
616 :param int seconds: Number of seconds the rate has been exceeded
617
618.. function:: exceedQRate(rate, seconds)
619
620 Get set of address that exceed ``rate`` queries/s over ``seconds`` seconds
621
622 :param int rate: Number of queries per second to exceed
623 :param int seconds: Number of seconds the rate has been exceeded
624
625.. function:: exceedQTypeRate(type, rate, seconds)
626
627 Get set of address that exceed ``rate`` queries/s for queries of QType ``type`` over ``seconds`` seconds
628
629 :param int type: QType
630 :param int rate: Number of QType queries per second to exceed
631 :param int seconds: Number of seconds the rate has been exceeded
632
633Other functions
634---------------
635
636.. function:: maintenance()
637
638 If this function exists, it is called every second to so regular tasks.
639 This can be used for e.g. :doc:`Dynamic Blocks <../guides/dynblocks>`.
Unnamed repository; edit this file 'description' to name the repository.