setLocal('172.22.23.4')
addLocal('[::1]:5300')setACL({
'127.0.0.1',
'10.0.0.0/8',
'172.16.0.0/12',
'192.168.0.0/16'
})newServer({address="1.1.1.1", pool="dnsServers2"})
newServer({address="8.8.8.8", pool="dnsServers1"})
newServer({address="9.9.9.9", tcpOnly=true})
newServer({address="8.8.4.4"})
newServer({address="8.8.4.4" useClientSubnet=true})setServerPolicy()
leastOutstanding - Send query to the server with the lowest number of active query processesfirstAvailable - Send query to first server that hasn't exceeded its QPS limitwrandom - Question are distributed randomly. Weight can be applied with parameter in newServer()whashed - Questions with identical hashes are sent to the same serverchashed - Identical questions with identical hashes sent to the same serverroundrobin - Send questions to the next server in line.defaultCache = newPacketCache(10000, {maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false})
getPool(""):setCache(defaultCache)
defaultCache → Variable defining a new cachenewPacketCache → Create a new cache with the following parameters10000 → The maximum entries the cache will store. Only required value.maxTTL → Max lifetime of an entry in the cacheminTTL → The minimum TTL a record should have to be considered for cachingtemporaryFailureTTL → TTL used for Server Failure or Refused responsesstaleTTL → TTL used when a stale entry is returneddontAge → If True, cached record's TTL will no be reduced (Sticky records)getPool("") → Selects the default server pool (empty string)setCache → Selects the predefined cache to use with the latter defined server poolTo weed out queries that you may not want to try to answer
Per IP/Client, drop queries that overflow a 1000 QPS bucket. If a client has a QPS of 1001, 1 query will be completely discarded, the other 1000 will be processed.
addAction( MaxQPSIPRule(1000, 32, 64, 1500, 10, 30), DropAction() )Building dynamic block rules to put clients in timeout for…
setRCodeRate: Querying names that result in more than 30 NXDOMAIN RCodes in 10 secondssetQueryRate: Exceeding 400 QPS for at least 10 secondslocal dbrg = dynBlockRulesGroup() --Instanciate a new Dynamic Block Rules Group object
dbrg:setRCodeRate(DNSRCode.NXDOMAIN, 30, 10, "NXDOMAIN Flood", 30) --Timeout/block clients who's queries result in more than '30' NXDOMAIN RCodes in '60' seconds for a duration of '60' seconds
dbrg:setQueryRate(400, 10, "Exceeded QPS limit", 15) --Timeout/block clients that exceed '400' QPS for a duration of '10' seconds for '15' seconds
function maintenance() --Apply any matching rules from the prior definitions, runs once a second
dbrg:apply()
endEDNS Client Subnet
This will pass the source address of the query to the backend server.
setECSSourcePrefixV4(32) <-- Default is 24
setECSSourcePrefixV6(128) <-- Default is 56When creating a new server
newServer({address="1.1.1.1", useClientSubnet=true})To override an existing ECS tag on an incoming query
setECSOverride(true)Use double hyphen to add a comment in dnsdist config
--