1DNSDIST(1)                          dnsdist                         DNSDIST(1)
2
3
4

NAME

6       dnsdist - A DNS and DoS aware, scriptable loadbalancer
7

SYNOPSIS

9       dnsdist [<option>...] [address]...
10

DESCRIPTION

12       dnsdist  receives DNS queries and relays them to one or more downstream
13       servers. It subsequently sends  back  responses  to  the  original  re‐
14       questor.
15
16       dnsdist  operates  over  TCP  and UDP, and strives to deliver very high
17       performance over both.
18
19       Currently, queries are sent to the downstream  server  with  the  least
20       outstanding  queries.  This  effectively implies load balancing, making
21       sure that slower servers get less queries.
22
23       If a reply has not come in after a few seconds, it is removed from  the
24       queue,  but  in  the short term, timeouts do cause a server to get less
25       traffic.
26
27       IPv4 and IPv6 operation can be  mixed  and  matched,  in  other  words,
28       queries coming in over IPv6 could be forwarded to IPv4 and vice versa.
29
30       dnsdist  is  scriptable  in Lua, see the dnsdist documentation for more
31       information on this.
32

SCOPE

34       dnsdist does not 'think' about DNS queries, it restricts itself to mea‐
35       suring  response  times  and  error codes and routing questions accord‐
36       ingly. It comes with a very high performance packet-cache.
37
38       The goal for dnsdist is to remain simple. If more powerful  loadbalanc‐
39       ing  is  required, dedicated hardware or software is recommended. Linux
40       Virtual Server for example is often mentioned.
41

OPTIONS

43       -a <netmask>, --acl <netmask>
44              Add netmask to the ACL.
45
46       -C <file>, --config <file>
47              Load configuration from file.
48
49       --check-config
50              Test the configuration file (which may be set with  --config  or
51              -C)  for  errors.  dnsdist  will show the errors and exit with a
52              non-zero exit-code when errors are found.
53
54       -c <address>, --client <address>
55              Operate as a client, connect to dnsdist. This will read the dns‐
56              dist  configuration  for the controlSocket statement and connect
57              to it.  When address (with an optional port number) is set, dns‐
58              dist will connect to that instead.
59
60       -k <key>, --setkey <key>
61              When  operating as a client(-c, --client), use key as shared se‐
62              cret to connect to dnsdist. This should be the same key that  is
63              used on the server (set with setKey()). Note that this will leak
64              the key into your shell's history and into the  systems  running
65              process  list. Only available when dnsdist is compiled with lib‐
66              sodium support.
67
68       -e,--execute <command>
69              Connect to dnsdist and execute command.
70
71       -h, --help
72              Display a helpful message and exit.
73
74       -l,--local <address>
75              Bind to address, Supply as many addresses (using multiple  --lo‐
76              cal  statements)  to  listen  on  as  required.  Specify IPv4 as
77              0.0.0.0:53 and IPv6 as [::]:53.
78
79       --supervised
80              Run in foreground, but do not spawn a console. Use  this  switch
81              to  run  dnsdist  inside a supervisor (use with e.g. systemd and
82              daemontools).
83
84       --disable-syslog
85              Disable logging to syslog. Use this when running inside a super‐
86              visor that handles logging (like systemd).
87
88       -u,--uid <uid>
89              Change the process user to uid after binding sockets. uid can be
90              a name or number.
91
92       -g,--gid <gid>
93              Change the process group to gid after binding sockets.  gid  Can
94              be a name or number.
95
96       -V, --version
97              Show the dnsdist version and exit.
98
99       -v, --verbose
100              Be verbose.
101
102       address are any number of downstream DNS servers, in the same syntax as
103       used with --local. If the port is not specified, 53 is used.
104

BUGS

106       Right now, the TCP support has some rather arbitrary limits.
107

RESOURCES

109       Website: https://dnsdist.org
110

AUTHOR

112       PowerDNS.COM BV and its contributors
113
115       2015-2019, PowerDNS.COM BV and its contributors
116
117
118
119
120                                 Sep 13, 2021                       DNSDIST(1)
Impressum