1REC_CONTROL(1) PowerDNS Recursor REC_CONTROL(1)
2
3
4
6 rec_control - Command line tool to control a running Recursor
7
9 rec_control [OPTION]... COMMAND [COMMAND-OPTION]...
10
12 rec_control allows the operator to query and control a running instance
13 of the PowerDNS Recursor.
14
15 rec_control talks to the recursor via a the 'controlsocket'. Which is
16 usually located in /var/run . The --socket-dir or the --config-dir and
17 --config-name switches control to which process rec_control connects.
18
20 To see if the Recursor is alive, run:
21
22 # rec_control ping
23
24 To stop the recursor by hand, run:
25
26 # rec_control quit
27
28 To dump the cache to disk, execute:
29
30 # rec_control dump-cache /tmp/the-cache
31
32 NOTE:
33 Before version 4.5.0, for each command that writes to a file,
34 pdns_recursor would open the file to write to. Starting with 4.5.0,
35 the files are opened by the rec_control command itself using the
36 credentials and the current working directory of the user running
37 rec_control. A single minus - can be used as a filename to write
38 the data to the standard output stream.
39
41 --help provide this helpful message.
42
43 --config-dir=<path>
44 Directory where the recursor.conf lives.
45
46 --config-name=<name>
47 Name of the virtual configuration.
48
49 --socket-dir=<path>
50 Where the controlsocket will live, please use --config-dir in‐
51 stead.
52
53 --socket-pid=<pid>
54 When running in SMP mode, pid of pdns_recursor to control.
55
56 --timeout=<num>
57 Number of seconds to wait for the remote PowerDNS Recursor to
58 respond.
59
61 add-dont-throttle-names NAME [NAME...]
62 Add names for nameserver domains that may not be throttled.
63
64 add-dont-throttle-netmasks NETMASK [NETMASK...]
65 Add netmasks for nameservers that may not be throttled.
66
67 add-nta DOMAIN [REASON]
68 Add a Negative Trust Anchor for DOMAIN, suffixed optionally with
69 REASON.
70
71 add-ta DOMAIN DSRECORD
72 Add a Trust Anchor for DOMAIN with DS record data DSRECORD. This
73 adds the new Trust Anchor to the existing set of Trust Anchors
74 for DOMAIN.
75
76 current-queries
77 Shows the currently active queries.
78
79 clear-dont-throttle-names NAME [NAME...]
80 Remove names that are not allowed to be throttled. If NAME is
81 '*', remove all
82
83 clear-dont-throttle-netmasks NETMASK [NETMASK...]
84 Remove netmasks that are not allowed to be throttled. If NETMASK
85 is '*', remove all
86
87 clear-nta DOMAIN...
88 Remove Negative Trust Anchor for one or more DOMAINs. Set domain
89 to '*' to remove all NTA's.
90
91 clear-ta [DOMAIN]...
92 Remove Trust Anchor for one or more DOMAINs. Note that removing
93 the root trust anchor is not possible.
94
95 dump-cache FILENAME
96 Dumps the entire cache to FILENAME. This file should not exist
97 already, PowerDNS will refuse to overwrite it. While dumping,
98 the recursor might not answer questions.
99
100 Typical PowerDNS Recursors run multiple threads, therefore
101 you'll see duplicate, different entries for the same domains.
102 The negative cache is also dumped to the same file. The
103 per-thread positive and negative cache dumps are separated with
104 an appropriate comment.
105
106 dump-edns FILENAME
107 Dumps the EDNS status to the filename mentioned. This file
108 should not exist already, PowerDNS will refuse to overwrite it.
109 While dumping, the recursor will not answer questions.
110
111 dump-failedservers FILENAME
112 Dump the contents of the failed server map to the FILENAME men‐
113 tioned. This file should not exist already, PowerDNS will
114 refuse to overwrite it otherwise. While dumping, the recursor
115 will not answer questions.
116
117 dump-non-resolving FILENAME
118 Dump the contents of the map of nameserver names that did not
119 resolve to an address. This file should not exist already, Pow‐
120 erDNS will refuse to overwrite it otherwise. While dumping, the
121 recursor will not answer questions.
122
123 dump-nsspeeds FILENAME
124 Dumps the nameserver speed statistics to the FILENAME mentioned.
125 This file should not exist already, PowerDNS will refuse to
126 overwrite it. While dumping, the recursor will not answer ques‐
127 tions. Statistics are kept per thread, and the dumps end up in
128 the same file.
129
130 dump-rpz ZONE NAME FILE NAME
131 Dumps the content of the RPZ zone named ZONE NAME to the FILE‐
132 NAME mentioned. This file should not exist already, PowerDNS
133 will refuse to overwrite it otherwise. While dumping, the recur‐
134 sor will not answer questions.
135
136 dump-throttlemap FILENAME
137 Dump the contents of the throttle map to the FILENAME mentioned.
138 This file should not exist already, PowerDNS will refuse to
139 overwrite it otherwise. While dumping, the recursor will not an‐
140 swer questions.
141
142 get STATISTIC [STATISTIC]...
143 Retrieve a statistic. For items that can be queried, see ../met‐
144 rics
145
146 get-all
147 Retrieve all known statistics.
148
149 get-dont-throttle-names
150 Get the list of names that are not allowed to be throttled.
151
152 get-dont-throttle-netmasks
153 Get the list of netmasks that are not allowed to be throttled.
154
155 get-ntas
156 Get a list of the currently configured Negative Trust Anchors.
157
158 get-tas
159 Get a list of the currently configured Trust Anchors.
160
161 get-parameter KEY [KEY]...
162 Retrieves the specified configuration parameter(s).
163
164 get-qtypelist
165 Retrieves QType statistics. Queries from cache aren't being
166 counted yet.
167
168 hash-password [WORK-FACTOR]
169 Asks for a password then returns the hashed and salted version,
170 to use as a webserver password or API key. This command does not
171 contact the recursor but does the hashing inside rec_control.
172 An optional scrypt work factor can be specified, in power of
173 two. The default is 1024.
174
175 help Shows a list of supported commands understood by the running
176 pdns_recursor
177
178 ping Check if server is alive.
179
180 quit Request shutdown of the recursor, exiting the process while let‐
181 ting the OS clean up resources.
182
183 quit-nicely
184 Request nice shutdown of the recursor. This method allows all
185 threads to finish their current work and releases resources be‐
186 fore exiting. This is the preferred method to stop the recursor.
187
188 reload-acls
189 Reloads ACLs.
190
191 reload-lua-script [FILENAME]
192 (Re)loads Lua script FILENAME. If FILENAME is empty, attempt to
193 reload the currently loaded script. This replaces the script
194 currently loaded.
195
196 reload-lua-config [FILENAME]
197 (Re)loads Lua configuration FILENAME. If FILENAME is empty, at‐
198 tempt to reload the currently loaded file. Note that FILENAME
199 will be fully executed, any settings changed at runtime that are
200 not modified in this file, will still be active. Reloading RPZ,
201 especially by AXFR, can take some time; during which the recur‐
202 sor will not answer questions.
203
204 reload-zones
205 Reload authoritative and forward zones. Retains current configu‐
206 ration in case of errors.
207
208 set-carbon-server CARBON SERVER [CARBON OURNAME]
209 Set the carbon-server setting to CARBON SERVER. If CARBON OUR‐
210 NAME is not empty, also set the carbon-ourname setting to CARBON
211 OURNAME.
212
213 set-dnssec-log-bogus SETTING
214 Set dnssec-log-bogus setting to SETTING. Set to 'on' or 'yes' to
215 log DNSSEC validation failures and to 'no' or 'off' to disable
216 logging these failures.
217
218 set-ecs-minimum-ttl NUM
219 Set ecs-minimum-ttl-override to NUM.
220
221 set-max-cache-entries NUM
222 Change the maximum number of entries in the DNS cache. If re‐
223 duced, the cache size will start shrinking to this number as
224 part of the normal cache purging process, which might take a
225 while.
226
227 set-max-packetcache-entries NUM
228 Change the maximum number of entries in the packet cache. If
229 reduced, the cache size will start shrinking to this number as
230 part of the normal cache purging process, which might take a
231 while.
232
233 set-minimum-ttl NUM
234 Set minimum-ttl-override to NUM.
235
236 set-event-trace-enabled NUM
237 Set logging of event trace messages, 0 = disabled, 1 = protobuf,
238 2 = log file, 3 = both.
239
240 top-queries
241 Shows the top-20 queries. Statistics are over the last
242 'stats-ringbuffer-entries' queries.
243
244 top-pub-queries
245 Shows the top-20 queries grouped by public suffix list. Statis‐
246 tics are over the last 'stats-ringbuffer-entries' queries.
247
248 top-largeanswer-remotes
249 Shows the top-20 remote hosts causing large answers. Statistics
250 are over the last 'stats-ringbuffer-entries' queries.
251
252 top-remotes
253 Shows the top-20 most active remote hosts. Statistics are over
254 the last 'stats-ringbuffer-entries' queries.
255
256 top-servfail-queries
257 Shows the top-20 queries causing servfail responses. Statistics
258 are over the last 'stats-ringbuffer-entries' queries.
259
260 top-bogus-queries
261 Shows the top-20 queries causing bogus responses. Statistics are
262 over the last 'stats-ringbuffer-entries' queries.
263
264 top-pub-servfail-queries
265 Shows the top-20 queries causing servfail responses grouped by
266 public suffix list. Statistics are over the last 'stats-ring‐
267 buffer-entries' queries.
268
269 top-pub-bogus-queries
270 Shows the top-20 queries causing bogus responses grouped by pub‐
271 lic suffix list. Statistics are over the last 'stats-ring‐
272 buffer-entries' queries.
273
274 top-servfail-remotes
275 Shows the top-20 most active remote hosts causing servfail re‐
276 sponses. Statistics are over the last 'stats-ringbuffer-en‐
277 tries' queries.
278
279 top-bogus-remotes
280 Shows the top-20 most active remote hosts causing bogus re‐
281 sponses. Statistics are over the last 'stats-ringbuffer-en‐
282 tries' queries.
283
284 top-timeouts
285 Shows the top-20 most active downstream timeout destinations.
286 Statistics are over the last 'stats-ringbuffer-entries' queries.
287
288 trace-regex REGEX
289 Emit resolution trace for matching queries. Empty regex to dis‐
290 able trace.
291
292 Queries matching this regular expression will generate volumi‐
293 nous tracing output. Be aware that matches from the packet cache
294 will still not generate tracing. To unset the regex, pass
295 trace-regex without a new regex.
296
297 The regular expression is matched against domain queries termi‐
298 nated with a dot. For example the regex 'powerdns.com$' will not
299 match a query for 'www.powerdns.com', since the attempted match
300 will be with 'www.powerdns.com.'.
301
302 In addition, since this is a regular expression, to exclusively
303 match queries for 'www.powerdns.com', one should escape the
304 dots: '^www\.powerdns\.com\.$'. Note that the single quotes
305 prevent further interpretation of the backslashes by the shell.
306
307 Multiple matches can be chained with the | operator. For exam‐
308 ple, to match all queries for Dutch (.nl) and German (.de) do‐
309 main names, use: '\.nl\.$|\.de\.$'.
310
311 unload-lua-script
312 Unloads Lua script if one was loaded.
313
314 version
315 Report running version.
316
317 wipe-cache DOMAIN [DOMAIN] [...]
318 Wipe entries for DOMAIN (exact name match) from the cache. This
319 is useful if, for example, an important server has a new IP ad‐
320 dress, but the TTL has not yet expired. Multiple domain names
321 can be passed. DOMAIN can be suffixed with a '$'. to delete the
322 whole tree from the cache. i.e. 'powerdns.com$' will remove all
323 cached entries under and including the powerdns.com name.
324
325 Note: this command also wipes the negative cache.
326
327 Warning: Don't just wipe "www.somedomain.com", its NS records or
328 CNAME target may still be undesired, so wipe "somedomain.com" as
329 well.
330
331 wipe-cache-typed qtype DOMAIN [DOMAIN] [...]
332 Same as wipe-cache, but only wipe records of type qtype.
333
335 pdns_recursor(1)
336
338 PowerDNS.COM BV
339
341 2001-2022, PowerDNS.COM BV
342
343
344
345
346 Mar 30, 2022 REC_CONTROL(1)