[thirdparty/pdns.git] / pdns / dnsdistdist / docs / guides / downstreams.rst

Configuring Downstream Servers
==============================

As dnsdist is a loadbalancer and does not do any DNS resolving or serving by itself, it needs downstream servers.
To add downstream servers, either include them on the command line::

    dnsdist -l 130.161.252.29 -a 130.161.0.0/16 8.8.8.8 208.67.222.222 2620:0:ccc::2 2620:0:ccd::2

Or add them to the configuration file:

.. code-block:: lua

    setLocal("130.161.252.29:53")
    setACL("130.161.0.0/16")
    newServer("8.8.8.8")
    newServer("208.67.222.222")
    newServer("2620:0:ccc::2")
    newServer("2620:0:0ccd::2")

These two equivalent configurations give you sane load balancing using a very sensible distribution policy.
Many users will simply be done with this configuration.
It works as well for authoritative as for recursive servers.

.. _Healthcheck:

Healthcheck
-----------
dnsdist uses a health check, sent once every second, to determine the availability of a backend server.

By default, an A query for "a.root-servers.net." is sent.
A different query type, class and target can be specified by passing, respectively, the ``checkType``, ``checkClass`` and ``checkName`` parameters to :func:`newServer`.

The default behavior is to consider any valid response with an RCODE different from ServFail as valid.
If the ``mustResolve`` parameter of :func:`newServer` is set to ``true``, a response will only be considered valid if its RCODE differs from NXDomain, ServFail and Refused.

The number of health check failures before a server is considered down is configurable via the ``maxCheckFailures`` parameter, defaulting to 1.
The CD flag can be set on the query by setting ``setCD`` to true.
e.g.::

  newServer({address="192.0.2.1", checkType="AAAA", checkType=DNSClass.CHAOS, checkName="a.root-servers.net.", mustResolve=true})

You can turn on logging of health check errors using the :func:`setVerboseHealthChecks` function.

Since the 1.3.0 release, the ``checkFunction`` option is also supported, taking a ``Lua`` function as parameter. This function receives a DNSName, two integers and a ``DNSHeader`` object (:ref:`DNSHeader`)
representing the QName, QType and QClass of the health check query as well as the DNS header, as they are defined before the function was called. The function must return a DNSName and two integers
representing the new QName, QType and QClass, and can directly modify the ``DNSHeader`` object.

The following example sets the CD flag to true and change the QName to "powerdns.com." and the QType to AAAA while keeping the initial QClass.

.. code-block:: lua

    function myHealthCheck(qname, qtype, qclass, dh)
      dh:setCD(true)

      return newDNSName("powerdns.com."), dnsdist.AAAA, qclass
    end

    newServer("2620:0:0ccd::2")

Source address selection
------------------------

In multi-homed setups, it can be useful to be able to select the source address or the outgoing
interface used by dnsdist to contact a downstream server. This can be done by using the `source` parameter::

  newServer({address="192.0.2.1", source="192.0.2.127"})
  newServer({address="192.0.2.1", source="eth1"})
  newServer({address="192.0.2.1", source="192.0.2.127@eth1"})

The supported values for source are:

- an IPv4 or IPv6 address, which must exist on the system
- an interface name
- an IPv4 or IPv6 address followed by '@' then an interface name

Please note that specifying the interface name is only supported on system having `IP_PKTINFO`.
Commit	Line	Data
20d81666 PL	1	Configuring Downstream Servers
	2	==============================
	3
	4	As dnsdist is a loadbalancer and does not do any DNS resolving or serving by itself, it needs downstream servers.
	5	To add downstream servers, either include them on the command line::
	6
	7	dnsdist -l 130.161.252.29 -a 130.161.0.0/16 8.8.8.8 208.67.222.222 2620:0:ccc::2 2620:0:ccd::2
	8
	9	Or add them to the configuration file:
	10
	11	.. code-block:: lua
	12
	13	setLocal("130.161.252.29:53")
	14	setACL("130.161.0.0/16")
	15	newServer("8.8.8.8")
	16	newServer("208.67.222.222")
	17	newServer("2620:0:ccc::2")
	18	newServer("2620:0:0ccd::2")
	19
	20	These two equivalent configurations give you sane load balancing using a very sensible distribution policy.
	21	Many users will simply be done with this configuration.
	22	It works as well for authoritative as for recursive servers.
	23
98650fde RG	24	.. _Healthcheck:
98650fde RG	25
20d81666 PL	26	Healthcheck
	27	-----------
	28	dnsdist uses a health check, sent once every second, to determine the availability of a backend server.
	29
	30	By default, an A query for "a.root-servers.net." is sent.
de9f7157	31	A different query type, class and target can be specified by passing, respectively, the ``checkType``, ``checkClass`` and ``checkName`` parameters to :func:`newServer`.
20d81666 PL	32
	33	The default behavior is to consider any valid response with an RCODE different from ServFail as valid.
	34	If the ``mustResolve`` parameter of :func:`newServer` is set to ``true``, a response will only be considered valid if its RCODE differs from NXDomain, ServFail and Refused.
	35
	36	The number of health check failures before a server is considered down is configurable via the ``maxCheckFailures`` parameter, defaulting to 1.
	37	The CD flag can be set on the query by setting ``setCD`` to true.
	38	e.g.::
	39
de9f7157	40	newServer({address="192.0.2.1", checkType="AAAA", checkType=DNSClass.CHAOS, checkName="a.root-servers.net.", mustResolve=true})
44f6dbd1	41
0fb7654e CHB	42	You can turn on logging of health check errors using the :func:`setVerboseHealthChecks` function.
0fb7654e CHB	43
98650fde RG	44	Since the 1.3.0 release, the ``checkFunction`` option is also supported, taking a ``Lua`` function as parameter. This function receives a DNSName, two integers and a ``DNSHeader`` object (:ref:`DNSHeader`)
	45	representing the QName, QType and QClass of the health check query as well as the DNS header, as they are defined before the function was called. The function must return a DNSName and two integers
	46	representing the new QName, QType and QClass, and can directly modify the ``DNSHeader`` object.
	47
	48	The following example sets the CD flag to true and change the QName to "powerdns.com." and the QType to AAAA while keeping the initial QClass.
ad9344ba	49
98650fde RG	50	.. code-block:: lua
	51
	52	function myHealthCheck(qname, qtype, qclass, dh)
	53	dh:setCD(true)
	54
	55	return newDNSName("powerdns.com."), dnsdist.AAAA, qclass
	56	end
	57
	58	newServer("2620:0:0ccd::2")
	59
44f6dbd1 RG	60	Source address selection
	61	------------------------
	62
	63	In multi-homed setups, it can be useful to be able to select the source address or the outgoing
	64	interface used by dnsdist to contact a downstream server. This can be done by using the `source` parameter::
	65
	66	newServer({address="192.0.2.1", source="192.0.2.127"})
	67	newServer({address="192.0.2.1", source="eth1"})
	68	newServer({address="192.0.2.1", source="192.0.2.127@eth1"})
	69
	70	The supported values for source are:
fc9a4408	71
44f6dbd1 RG	72	- an IPv4 or IPv6 address, which must exist on the system
	73	- an interface name
	74	- an IPv4 or IPv6 address followed by '@' then an interface name
	75
	76	Please note that specifying the interface name is only supported on system having `IP_PKTINFO`.