1REC_CONTROL(1) PowerDNS Recursor REC_CONTROL(1)
2
3
4
6 rec_control - Command line tool to control a running Recursor
7
9 rec_control [OPTION]... COMMAND [COMMAND-OPTION]...
10
12 rec_control allows the operator to query and control a running instance
13 of the PowerDNS Recursor.
14
15 rec_control talks to the recursor via a the 'controlsocket'. Which is
16 usually located in /var/run . The --socket-dir or the --config-dir and
17 --config-name switches control to which process rec_control connects.
18
20 To see if the Recursor is alive, run:
21
22 # rec_control ping
23
24 To stop the recursor by hand, run:
25
26 # rec_control quit
27
28 To dump the cache to disk, execute:
29
30 # rec_control dump-cache /tmp/the-cache
31
33 --help provide this helpful message.
34
35 --config-dir=<path>
36 Directory where the recursor.conf lives.
37
38 --config-name=<name>
39 Name of the virtual configuration.
40
41 --socket-dir=<path>
42 Where the controlsocket will live, please use --config-dir in‐
43 stead.
44
45 --socket-pid=<pid>
46 When running in SMP mode, pid of pdns_recursor to control.
47
48 --timeout=<num>
49 Number of seconds to wait for the remote PowerDNS Recursor to
50 respond.
51
53 add-dont-throttle-names NAME [NAME...]
54 Add names for nameserver domains that may not be throttled.
55
56 add-dont-throttle-netmasks NETMASK [NETMASK...]
57 Add netmasks for nameservers that may not be throttled.
58
59 add-nta DOMAIN [REASON]
60 Add a Negative Trust Anchor for DOMAIN, suffixed optionally with
61 REASON.
62
63 add-ta DOMAIN DSRECORD
64 Add a Trust Anchor for DOMAIN with DS record data DSRECORD. This
65 adds the new Trust Anchor to the existing set of Trust Anchors
66 for DOMAIN.
67
68 current-queries
69 Shows the currently active queries.
70
71 clear-dont-throttle-names NAME [NAME...]
72 Remove names that are not allowed to be throttled. If NAME is
73 '*', remove all
74
75 clear-dont-throttle-netmasks NETMASK [NETMASK...]
76 Remove netmasks that are not allowed to be throttled. If NETMASK
77 is '*', remove all
78
79 clear-nta DOMAIN...
80 Remove Negative Trust Anchor for one or more DOMAINs. Set domain
81 to '*' to remove all NTA's.
82
83 clear-ta [DOMAIN]...
84 Remove Trust Anchor for one or more DOMAINs. Note that removing
85 the root trust anchor is not possible.
86
87 dump-cache FILENAME
88 Dumps the entire cache to FILENAME. This file should not exist
89 already, PowerDNS will refuse to overwrite it. While dumping,
90 the recursor will not answer questions.
91
92 Typical PowerDNS Recursors run multiple threads, therefore
93 you'll see duplicate, different entries for the same domains.
94 The negative cache is also dumped to the same file. The
95 per-thread positive and negative cache dumps are separated with
96 an appropriate comment.
97
98 NOTE:
99 pdns_recursor often runs in a chroot. You can retrieve the
100 file using:
101
102 rec_control dump-cache /tmp/file
103 mv /proc/$(pidof pdns_recursor)/root/tmp/file /tmp/filename
104
105 dump-edns FILENAME
106 Dumps the EDNS status to the filename mentioned. This file
107 should not exist already, PowerDNS will refuse to overwrite it.
108 While dumping, the recursor will not answer questions.
109
110 NOTE:
111 pdns_recursor often runs in a chroot. You can retrieve the
112 file using:
113
114 rec_control dump-edns /tmp/file
115 mv /proc/$(pidof pdns_recursor)/root/tmp/file /tmp/filename
116
117 dump-nsspeeds FILENAME
118 Dumps the nameserver speed statistics to the FILENAME mentioned.
119 This file should not exist already, PowerDNS will refuse to
120 overwrite it. While dumping, the recursor will not answer ques‐
121 tions. Statistics are kept per thread, and the dumps end up in
122 the same file.
123
124 NOTE:
125 pdns_recursor often runs in a chroot. You can retrieve the
126 file using:
127
128 rec_control dump-nsspeeds /tmp/file
129 mv /proc/$(pidof pdns_recursor)/root/tmp/file /tmp/filename
130
131 dump-rpz ZONE NAME FILE NAME
132 Dumps the content of the RPZ zone named ZONE NAME to the FILE‐
133 NAME mentioned. This file should not exist already, PowerDNS
134 will refuse to overwrite it otherwise. While dumping, the recur‐
135 sor will not answer questions.
136
137 NOTE:
138 pdns_recursor often runs in a chroot. You can retrieve the
139 file using:
140
141 rec_control dump-rpz ZONE_NAME /tmp/file
142 mv /proc/$(pidof pdns_recursor)/root/tmp/file /tmp/filename
143
144 dump-throttlemap FILENAME
145 Dump the contents of the throttle map to the FILENAME mentioned.
146 This file should not exist already, PowerDNS will refuse to
147 overwrite it otherwise. While dumping, the recursor will not an‐
148 swer questions.
149
150 NOTE:
151 pdns_recursor often runs in a chroot. You can retrieve the
152 file using:
153
154 rec_control dump-throttlemap /tmp/file
155 mv /proc/$(pidof pdns_recursor)/root/tmp/file /tmp/filename
156
157 dump-failedservers FILENAME
158 Dump the contents of the failed server map to the FILENAME men‐
159 tioned. This file should not exist already, PowerDNS will
160 refuse to overwrite it otherwise. While dumping, the recursor
161 will not answer questions.
162
163 NOTE:
164 pdns_recursor often runs in a chroot. You can retrieve the
165 file using:
166
167 rec_control dump-failedservers /tmp/file
168 mv /proc/$(pidof pdns_recursor)/root/tmp/file /tmp/filename
169
170 get STATISTIC [STATISTIC]...
171 Retrieve a statistic. For items that can be queried, see ../met‐
172 rics
173
174 get-all
175 Retrieve all known statistics.
176
177 get-dont-throttle-names
178 Get the list of names that are not allowed to be throttled.
179
180 get-dont-throttle-netmasks
181 Get the list of netmasks that are not allowed to be throttled.
182
183 get-ntas
184 Get a list of the currently configured Negative Trust Anchors.
185
186 get-tas
187 Get a list of the currently configured Trust Anchors.
188
189 get-parameter KEY [KEY]...
190 Retrieves the specified configuration parameter(s).
191
192 get-qtypelist
193 Retrieves QType statistics. Queries from cache aren't being
194 counted yet.
195
196 help Shows a list of supported commands understood by the running
197 pdns_recursor
198
199 ping Check if server is alive.
200
201 quit Request shutdown of the recursor, exiting the process while let‐
202 ting the OS clean up resources.
203
204 quit-nicely
205 Request nice shutdown of the recursor. This method allows all
206 threads to finish their current work and releases resources be‐
207 fore exiting. This is the preferred method to stop the recursor.
208
209 reload-acls
210 Reloads ACLs.
211
212 reload-lua-script [FILENAME]
213 (Re)loads Lua script FILENAME. If FILENAME is empty, attempt to
214 reload the currently loaded script. This replaces the script
215 currently loaded.
216
217 reload-lua-config [FILENAME]
218 (Re)loads Lua configuration FILENAME. If FILENAME is empty, at‐
219 tempt to reload the currently loaded file. Note that FILENAME
220 will be fully executed, any settings changed at runtime that are
221 not modified in this file, will still be active. Reloading RPZ,
222 especially by AXFR, can take some time; during which the recur‐
223 sor will not answer questions.
224
225 reload-zones
226 Reload authoritative and forward zones. Retains current configu‐
227 ration in case of errors.
228
229 set-carbon-server CARBON SERVER [CARBON OURNAME]
230 Set the carbon-server setting to CARBON SERVER. If CARBON OUR‐
231 NAME is not empty, also set the carbon-ourname setting to CARBON
232 OURNAME.
233
234 set-dnssec-log-bogus SETTING
235 Set dnssec-log-bogus setting to SETTING. Set to 'on' or 'yes' to
236 log DNSSEC validation failures and to 'no' or 'off' to disable
237 logging these failures.
238
239 set-ecs-minimum-ttl NUM
240 Set ecs-minimum-ttl-override to NUM.
241
242 set-max-cache-entries NUM
243 Change the maximum number of entries in the DNS cache. If re‐
244 duced, the cache size will start shrinking to this number as
245 part of the normal cache purging process, which might take a
246 while.
247
248 set-max-packetcache-entries NUM
249 Change the maximum number of entries in the packet cache. If
250 reduced, the cache size will start shrinking to this number as
251 part of the normal cache purging process, which might take a
252 while.
253
254 set-minimum-ttl NUM
255 Set minimum-ttl-override to NUM.
256
257 top-queries
258 Shows the top-20 queries. Statistics are over the last
259 'stats-ringbuffer-entries' queries.
260
261 top-pub-queries
262 Shows the top-20 queries grouped by public suffix list. Statis‐
263 tics are over the last 'stats-ringbuffer-entries' queries.
264
265 top-largeanswer-remotes
266 Shows the top-20 remote hosts causing large answers. Statistics
267 are over the last 'stats-ringbuffer-entries' queries.
268
269 top-remotes
270 Shows the top-20 most active remote hosts. Statistics are over
271 the last 'stats-ringbuffer-entries' queries.
272
273 top-servfail-queries
274 Shows the top-20 queries causing servfail responses. Statistics
275 are over the last 'stats-ringbuffer-entries' queries.
276
277 top-bogus-queries
278 Shows the top-20 queries causing bogus responses. Statistics are
279 over the last 'stats-ringbuffer-entries' queries.
280
281 top-pub-servfail-queries
282 Shows the top-20 queries causing servfail responses grouped by
283 public suffix list. Statistics are over the last 'stats-ring‐
284 buffer-entries' queries.
285
286 top-pub-bogus-queries
287 Shows the top-20 queries causing bogus responses grouped by pub‐
288 lic suffix list. Statistics are over the last 'stats-ring‐
289 buffer-entries' queries.
290
291 top-servfail-remotes
292 Shows the top-20 most active remote hosts causing servfail re‐
293 sponses. Statistics are over the last 'stats-ringbuffer-en‐
294 tries' queries.
295
296 top-bogus-remotes
297 Shows the top-20 most active remote hosts causing bogus re‐
298 sponses. Statistics are over the last 'stats-ringbuffer-en‐
299 tries' queries.
300
301 top-timeouts
302 Shows the top-20 most active downstream timeout destinations.
303 Statistics are over the last 'stats-ringbuffer-entries' queries.
304
305 trace-regex REGEX
306 Emit resolution trace for matching queries. Empty regex to dis‐
307 able trace.
308
309 Queries matching this regular expression will generate volumi‐
310 nous tracing output. Be aware that matches from the packet cache
311 will still not generate tracing. To unset the regex, pass
312 trace-regex without a new regex.
313
314 The regular expression is matched against domain queries termi‐
315 nated with a dot. For example the regex 'powerdns.com$' will not
316 match a query for 'www.powerdns.com', since the attempted match
317 will be with 'www.powerdns.com.'.
318
319 In addition, since this is a regular expression, to exclusively
320 match queries for 'www.powerdns.com', one should escape the
321 dots: '^www\.powerdns\.com\.$'. Note that the single quotes
322 prevent further interpretation of the backslashes by the shell.
323
324 Multiple matches can be chained with the | operator. For exam‐
325 ple, to match all queries for Dutch (.nl) and German (.de) do‐
326 main names, use: '\.nl\.$|\.de\.$'.
327
328 unload-lua-script
329 Unloads Lua script if one was loaded.
330
331 version
332 Report running version.
333
334 wipe-cache DOMAIN [DOMAIN] [...]
335 Wipe entries for DOMAIN (exact name match) from the cache. This
336 is useful if, for example, an important server has a new IP ad‐
337 dress, but the TTL has not yet expired. Multiple domain names
338 can be passed. DOMAIN can be suffixed with a '$'. to delete the
339 whole tree from the cache. i.e. 'powerdns.com$' will remove all
340 cached entries under and including the powerdns.com name.
341
342 Note: this command also wipes the negative cache.
343
344 Warning: Don't just wipe "www.somedomain.com", its NS records or
345 CNAME target may still be undesired, so wipe "somedomain.com" as
346 well.
347
348 wipe-cache-typed qtype DOMAIN [DOMAIN] [...]
349 Same as wipe-cache, but only wipe records of type qtype.
350
352 pdns_recursor(1)
353
355 PowerDNS.COM BV
356
358 2001-2019, PowerDNS.COM BV
359
360
361
362
363 Dec 11, 2020 REC_CONTROL(1)