1DNSDIST(1) dnsdist DNSDIST(1)
2
3
4
6 dnsdist - A DNS and DoS aware, scriptable loadbalancer
7
9 dnsdist [<option>...] [address]...
10
12 dnsdist receives DNS queries and relays them to one or more downstream
13 servers. It subsequently sends back responses to the original re‐
14 questor.
15
16 dnsdist operates over TCP and UDP, and strives to deliver very high
17 performance over both.
18
19 Currently, queries are sent to the downstream server with the least
20 outstanding queries. This effectively implies load balancing, making
21 sure that slower servers get less queries.
22
23 If a reply has not come in after a few seconds, it is removed from the
24 queue, but in the short term, timeouts do cause a server to get less
25 traffic.
26
27 IPv4 and IPv6 operation can be mixed and matched, in other words,
28 queries coming in over IPv6 could be forwarded to IPv4 and vice versa.
29
30 dnsdist is scriptable in Lua, see the dnsdist documentation for more
31 information on this.
32
34 dnsdist does not 'think' about DNS queries, it restricts itself to mea‐
35 suring response times and error codes and routing questions accord‐
36 ingly. It comes with a very high performance packet-cache.
37
38 The goal for dnsdist is to remain simple. If more powerful loadbalanc‐
39 ing is required, dedicated hardware or software is recommended. Linux
40 Virtual Server for example is often mentioned.
41
43 -a <netmask>, --acl <netmask>
44 Add netmask to the ACL.
45
46 -C <file>, --config <file>
47 Load configuration from file.
48
49 --check-config
50 Test the configuration file (which may be set with --config or
51 -C) for errors. dnsdist will show the errors and exit with a
52 non-zero exit-code when errors are found.
53
54 -c <address>, --client <address>
55 Operate as a client, connect to dnsdist. This will read the dns‐
56 dist configuration for the controlSocket statement and connect
57 to it. When address (with an optional port number) is set, dns‐
58 dist will connect to that instead.
59
60 -k <key>, --setkey <key>
61 When operating as a client(-c, --client), use key as shared se‐
62 cret to connect to dnsdist. This should be the same key that is
63 used on the server (set with setKey()). Note that this will leak
64 the key into your shell's history and into the systems running
65 process list. Only available when dnsdist is compiled with lib‐
66 sodium support.
67
68 -e,--execute <command>
69 Connect to dnsdist and execute command.
70
71 -h, --help
72 Display a helpful message and exit.
73
74 -l,--local <address>
75 Bind to address, Supply as many addresses (using multiple --lo‐
76 cal statements) to listen on as required. Specify IPv4 as
77 0.0.0.0:53 and IPv6 as [::]:53.
78
79 --supervised
80 Run in foreground, but do not spawn a console. Use this switch
81 to run dnsdist inside a supervisor (use with e.g. systemd and
82 daemontools).
83
84 --disable-syslog
85 Disable logging to syslog. Use this when running inside a super‐
86 visor that handles logging (like systemd).
87
88 -u,--uid <uid>
89 Change the process user to uid after binding sockets. uid can be
90 a name or number.
91
92 -g,--gid <gid>
93 Change the process group to gid after binding sockets. gid Can
94 be a name or number.
95
96 -V, --version
97 Show the dnsdist version and exit.
98
99 -v, --verbose
100 Be verbose.
101
102 address are any number of downstream DNS servers, in the same syntax as
103 used with --local. If the port is not specified, 53 is used.
104
106 Right now, the TCP support has some rather arbitrary limits.
107
109 Website: https://dnsdist.org
110
112 PowerDNS.COM BV and its contributors
113
115 2015-2019, PowerDNS.COM BV and its contributors
116
117
118
119
120 Sep 13, 2021 DNSDIST(1)