This object represents a backend server.
- .. versionchanged:: 1.3.1
- The ``dropRate`` property was added
-
:property string address: The remote IP and port
:property integer id: Internal identifier
:property integer latency: The current latency of this backend server
.. function:: addLocal(address[, options])
- .. versionchanged:: 1.3.0
- Added ``cpus`` to the options.
-
.. versionchanged:: 1.4.0
Removed ``doTCP`` from the options. A listen socket on TCP is always created.
.. function:: addTLSLocal(address, certFile(s), keyFile(s) [, options])
- .. versionchanged:: 1.3.1
- ``certFile(s)`` and ``keyFile(s)`` parameters accept a list of files.
- ``sessionTickets`` option added.
- .. versionchanged:: 1.3.3
- ``numberOfStoredSessions`` option added.
.. versionchanged:: 1.4.0
``ciphersTLS13``, ``minTLSVersion``, ``ocspResponses``, ``preferServerCiphers``, ``keyLogFile`` options added.
.. versionchanged:: 1.5.0
.. function:: setRingBuffersSize(num [, numberOfShards])
- .. versionchanged:: 1.3.0
- ``numberOfShards`` optional parameter added.
-
Set the capacity of the ringbuffers used for live traffic inspection to ``num``, and the number of shards to ``numberOfShards`` if specified.
:param int num: The maximum amount of queries to keep in the ringbuffer. Defaults to 10000
.. function:: newServer(server_string)
newServer(server_table)
- .. versionchanged:: 1.3.0
- Added ``checkClass``, ``sockets`` and ``checkFunction`` to server_table.
-
.. versionchanged:: 1.4.0
Added ``checkInterval``, ``checkTimeout`` and ``rise`` to server_table.
.. method:: Server:setAuto([status])
- .. versionchanged:: 1.3.0
- ``status`` optional parameter added.
-
Set the server in the default auto state.
This will enable health check queries that will set the server ``up`` and ``down`` appropriately.
.. function:: newPacketCache(maxEntries[, maxTTL=86400[, minTTL=0[, temporaryFailureTTL=60[, staleTTL=60[, dontAge=false[, numberOfShards=1[, deferrableInsertLock=true[, maxNegativeTTL=3600[, parseECS=false]]]]]]]) -> PacketCache
- .. versionchanged:: 1.3.0
- ``numberOfShards`` and ``deferrableInsertLock`` parameters added.
-
- .. versionchanged:: 1.3.1
- ``maxNegativeTTL`` and ``parseECS`` parameters added.
-
.. deprecated:: 1.4.0
Creates a new :class:`PacketCache` with the settings specified.
.. method:: PacketCache:expungeByName(name [, qtype=DNSQType.ANY[, suffixMatch=false]])
- .. versionchanged:: 1.2.0
- ``suffixMatch`` parameter added.
-
.. versionchanged:: 1.6.0
``name`` can now also be a string
.. function:: addDynBlocks(addresses, message[, seconds=10[, action]])
- .. versionchanged:: 1.2.0
- ``action`` parameter added.
-
Block a set of addresses with ``message`` for (optionally) a number of seconds.
The default number of seconds to block for is 10.
.. function:: setDynBlocksAction(action)
- .. versionchanged:: 1.3.3
- ``DNSAction.NXDomain`` action added.
-
Set which action is performed when a query is blocked.
Only DNSAction.Drop (the default), DNSAction.NoOp, DNSAction.NXDomain, DNSAction.Refused, DNSAction.Truncate and DNSAction.NoRecurse are supported.
.. method:: DynBlockRulesGroup:setQueryRate(rate, seconds, reason, blockingTime [, action [, warningRate]])
- .. versionchanged:: 1.3.3
- ``warningRate`` parameter added.
-
Adds a query rate-limiting rule, equivalent to:
```
addDynBlocks(exceedQRate(rate, seconds), reason, blockingTime, action)
.. method:: DynBlockRulesGroup:setRCodeRate(rcode, rate, seconds, reason, blockingTime [, action [, warningRate]])
- .. versionchanged:: 1.3.3
- ``warningRate`` parameter added.
-
Adds a rate-limiting rule for responses of code ``rcode``, equivalent to:
```
addDynBlocks(exceedServfails(rcode, rate, seconds), reason, blockingTime, action)
.. method:: DynBlockRulesGroup:setQTypeRate(qtype, rate, seconds, reason, blockingTime [, action [, warningRate]])
- .. versionchanged:: 1.3.3
- ``warningRate`` parameter added.
-
Adds a rate-limiting rule for queries of type ``qtype``, equivalent to:
```
addDynBlocks(exceedQTypeRate(type, rate, seconds), reason, blockingTime, action)
.. method:: DynBlockRulesGroup:setResponseByteRate(rate, seconds, reason, blockingTime [, action [, warningRate]])
- .. versionchanged:: 1.3.3
- ``warningRate`` parameter added.
-
Adds a bandwidth rate-limiting rule for responses, equivalent to:
```
addDynBlocks(exceedRespByterate(rate, seconds), reason, blockingTime, action)
.. function:: addDNSCryptBind(address, provider, certFile(s), keyFile(s) [, options])
- .. versionchanged:: 1.3.0
- ``cpus`` option added.
-
.. versionchanged:: 1.4.0
Removed ``doTCP`` from the options. A listen socket on TCP is always created.
``certFile(s)`` and ``keyFile(s)`` now accept a list of files.
.. function:: generateDNSCryptCertificate(privatekey, certificate, keyfile, serial, validFrom, validUntil[, version])
- .. versionchanged:: 1.3.0
- ``version`` optional parameter added.
-
generate a new resolver private key and related certificate, valid from the ``validFrom`` UNIX timestamp until the ``validUntil`` one, signed with the provider private key.
:param string privatekey: Path to the private key of the provider
.. method:: DNSCryptContext:generateAndLoadInMemoryCertificate(keyfile, serial, begin, end [, version])
- .. versionchanged:: 1.3.0
- ``version`` optional parameter added.
-
Generate a new resolver key and the associated certificate in-memory, sign it with the provided provider key, and add it to the context
:param string keyfile: Path to the provider key file to use
.. method:: DNSCryptContext:loadNewCertificate(certificate, keyfile[, active])
- .. versionchanged:: 1.3.0
- ``active`` optional parameter added.
-
Load a new certificate and the corresponding private key. If `active` is false, the
certificate will not be advertised to clients but can still be used to answer queries
tied to it.
.. function:: addBPFFilterDynBlocks(addresses, dynbpf[[, seconds=10], msg])
- .. versionchanged:: 1.3.0
- ``msg`` optional parameter added.
-
This is the eBPF equivalent of :func:`addDynBlocks`, blocking a set of addresses for (optionally) a number of seconds, using an eBPF dynamic filter.
The default number of seconds to block for is 10.
.. function:: addLuaAction(DNSrule, function [, options])
- .. versionchanged:: 1.3.0
- Added the optional parameter ``options``.
-
- .. versionchanged:: 1.3.0
- The second argument returned by the ``function`` can be omitted. For earlier releases, simply return an empty string.
-
.. deprecated:: 1.4.0
Removed in 1.4.0, use :func:`LuaAction` with :func:`addAction` instead.
.. function:: addLuaResponseAction(DNSrule, function [, options])
- .. versionchanged:: 1.3.0
- Added the optional parameter ``options``.
-
- .. versionchanged:: 1.3.0
- The second argument returned by the ``function`` can be omitted. For earlier releases, simply return an empty string.
-
.. deprecated:: 1.4.0
Removed in 1.4.0, use :func:`LuaResponseAction` with :func:`addResponseAction` instead.
.. function:: addAction(DNSrule, action [, options])
- .. versionchanged:: 1.3.0
- Added the optional parameter ``options``.
-
.. versionchanged:: 1.6.0
Added ``name`` to the ``options``.
.. function:: newRuleAction(rule, action[, options])
- .. versionchanged:: 1.3.0
- Added the optional parameter ``options``.
-
.. versionchanged:: 1.6.0
Added ``name`` to the ``options``.
.. function:: showRules([options])
- .. versionchanged:: 1.3.0
- ``options`` optional parameter added
-
Show all defined rules for queries, optionally displaying their UUIDs.
:param table options: A table with key: value pairs with display options.
.. function:: rmRule(id)
- .. versionchanged:: 1.3.0
- ``id`` can now be an UUID.
-
.. versionchanged:: 1.6.0
``id`` can now be a string representing the name of the rule.
.. function:: addResponseAction(DNSRule, action [, options])
- .. versionchanged:: 1.3.0
- Added the optional parameter ``options``.
-
.. versionchanged:: 1.6.0
Added ``name`` to the ``options``.
.. function:: rmResponseRule(id)
- .. versionchanged:: 1.3.0
- ``id`` can now be an UUID.
-
.. versionchanged:: 1.6.0
``id`` can now be a string representing the name of the rule.
.. function:: showResponseRules([options])
- .. versionchanged:: 1.3.0
- ``options`` optional parameter added
-
Show all defined response rules, optionally displaying their UUIDs.
:param table options: A table with key: value pairs with display options.
.. function:: addCacheHitResponseAction(DNSRule, action [, options])
- .. versionchanged:: 1.3.0
- Added the optional parameter ``options``.
-
.. versionchanged:: 1.6.0
Added ``name`` to the ``options``.
.. function:: rmCacheHitResponseRule(id)
- .. versionchanged:: 1.3.0
- ``id`` can now be an UUID.
-
.. versionchanged:: 1.6.0
``id`` can now be a string representing the name of the rule.
.. function:: showCacheHitResponseRules([options])
- .. versionchanged:: 1.3.0
- ``options`` optional parameter added
-
Show all defined cache hit response rules, optionally displaying their UUIDs.
:param table options: A table with key: value pairs with display options.
.. function:: MaxQPSIPRule(qps[, v4Mask[, v6Mask[, burst[, expiration[, cleanupDelay[, scanFraction]]]]]])
- .. versionchanged:: 1.3.1
- Added the optional parameters ``expiration``, ``cleanupDelay`` and ``scanFraction``.
-
Matches traffic for a subnet specified by ``v4Mask`` or ``v6Mask`` exceeding ``qps`` queries per second up to ``burst`` allowed.
This rule keeps track of QPS by netmask or source IP. This state is cleaned up regularly if ``cleanupDelay`` is greater than zero,
removing existing netmasks or IP addresses that have not been seen in the last ``expiration`` seconds.
.. function:: RemoteLogAction(remoteLogger[, alterFunction [, options]])
- .. versionchanged:: 1.3.0
- ``options`` optional parameter added.
-
.. versionchanged:: 1.4.0
``ipEncryptKey`` optional key added to the options table.
.. function:: RemoteLogResponseAction(remoteLogger[, alterFunction[, includeCNAME [, options]]])
- .. versionchanged:: 1.3.0
- ``options`` optional parameter added.
-
.. versionchanged:: 1.4.0
``ipEncryptKey`` optional key added to the options table.
projects / thirdparty / pdns.git / commitdiff
