Page MenuHomeMy privacy DNS

Dnsdist
Updated 3 Days AgoPublic

DnsDist Configuration

l /etc/dnsdist/

conf/
dnsdist.conf

l /etc/dnsdist/conf/

acl.lua
downstream_servers.lua
localadress.lua
metronome.lua

cat /etc/dnsdist/dnsdist.conf

pc = newPacketCache(10000000, 86400, 0, 60, 60, false)
getPool(""):setCache(pc)

pc2 = newPacketCache(10000, 86400, 0, 60, 0, false)
getPool("cloudflare"):setCache(pc2)

pc3 = newPacketCache(10000, 86400, 0, 60, 0, false)
getPool("gstatic.com"):setCache(pc3)

dofile('/etc/dnsdist/conf/downstream_servers.lua')
dofile('/etc/dnsdist/conf/localadress.lua')
dofile('/etc/dnsdist/conf/acl.lua')

webserver("0.0.0.0:8083", "PassWord", "2")
controlSocket("0.0.0.0")
setKey("SecretKey")

cat /etc/dnsdist/conf/acl.lua

-- QUERY ACLS
setACL({'0.0.0.0/0', '::/0'})

cat /etc/dnsdist/conf/downstream_servers.lua

-- Downstream Servers

newServer({address="127.0.0.1:5301", name="ns0.dns.matrix.rocks", checkType="A", checkName="domain.tld.", mustResolve=true, tcpRecvTimeout=10, tcpSendTimeout=10, retries=5, useClientSubnet=true, order=2, qps=100000})
newServer({address="1.2.3.4", name="ns1.recursor.matrix.rocks", checkType="AAAA", checkName="domain.tld.", mustResolve=true, tcpRecvTimeout=10, tcpSendTimeout=10, retries=5, useClientSubnet=true, order=1, qps=100000})


newServer({address="162.159.0.33:53", name="ns3.cloudflare.com.", pool="cloudflare", checkType="A", checkName="cdnjs.cloudflare.com.", mustResolve=true, tcpRecvTimeout=10, tcpSendTimeout=10, retries=5, useClientSubnet=true, order=100, qps=200})
newServer({address="162.159.7.226:53", name="ns3.cloudflare.com.", pool="cloudflare", checkType="A", checkName="cdnjs.cloudflare.com.", mustResolve=true, tcpRecvTimeout=10, tcpSendTimeout=10, retries=5, useClientSubnet=true, order=100, qps=200})
addAction("cloudflare.com.", PoolAction("cloudflare"))

newServer({address="216.239.32.10:53", name="ns1.google.com.", pool="gstatic.com", checkType="A", checkName="fonts.gstatic.com.", mustResolve=true, tcpRecvTimeout=10, tcpSendTimeout=10, retries=5, useClientSubnet=true, order=100, qps=200})
newServer({address="216.239.34.10:53", name="ns2.google.com.", pool="gstatic.com", checkType="A", checkName="fonts.googleapis.com.", mustResolve=true, tcpRecvTimeout=10, tcpSendTimeout=10, retries=5, useClientSubnet=true, order=100, qps=200})
addAction({'fonts.googleapis.com.', 'fonts.gstatic.com.'}, PoolAction("gstatic.com"))

cat /etc/dnsdist/conf/localadress.lua

-- Local Addresses to bind to
setLocal('0.0.0.0', { doTCP=true, reusePort=true }) -- Listen on ipv4, port 53
addLocal('[::]', { doTCP=true, reusePort=true }) -- listen on ipv6, port 53

cat /etc/dnsdist/conf/metronome.lua

carbonServer('37.252.122.50', 'dnsdist.ns0-mypdns.main', 30)

cat /etc/dnsdist/conf/qps.lua

-- We have lowered the allowed QPS to 30 from 60 as it could seems like 
-- There have been some abusive usage of our server :(

local dbr = dynBlockRulesGroup()
dbr:setQueryRate(30, 10, "Exceeded query rate", 30)
dbr:setRCodeRate(dnsdist.NXDOMAIN, 20, 10, "Exceeded NXD rate", 30)
dbr:setRCodeRate(dnsdist.SERVFAIL, 20, 10, "Exceeded ServFail rate", 30)
dbr:setQTypeRate(dnsdist.ANY, 5, 10, "Exceeded ANY rate", 30)
dbr:setResponseByteRate(10000, 10, "Exceeded resp BW rate", 30)
-- do not add dynamic blocks for hosts in the 192.0.2.0/24 and 2001:db8::/32 ranges
dbr:excludeRange({"127.0.0.0/8", "::1",
        "1.2.3.4/32","2a02:980:1815:4200::/56",
        "2.3.4.5/32","2a01:4f9:c010:2166::/64",
        "3.4.5.6/32","2a01:4f9:c010:410e::/64",
        "4.5.6.7/32","2a01:4f8:1c0c:5f61::/64",
        "5.6.7.8/32","2a01:4f8:1c1c:abe4::/64"})
-- except for 192.168.1.1
-- dbr:includeRange("192.168.1.1/32")

function maintenance()
  dbr:apply()
end

See also: Dns Setup Ixfrdist Authoritative Server Recursor Server

Last Author
Spirillen
Last Edited
Fri, Mar 27, 6:16 PM

Event Timeline

Spirillen created this object.Fri, Mar 27, 6:16 PM