DNSPROXY(1) BSD General Commands Manual DNSPROXY(1)NAME
dnsproxy -- DNS proxy
SYNOPSIS
dnsproxy [-dhV] [-c file]
DESCRIPTION
The dnsproxy daemon waits for nameserver queries on a user specified address, dispatches these queries to authoritative and recursive name-
servers and forwards the received answers back to the original client.
The options are as follows:
-c file Read configuration from file.
-d Detach from current terminal and run as background process.
-h Show usage.
-V Show version.
If a client from an internal IP address does a recursive lookup the query is forwarded to a recursive DNS server. Authoritative queries and
queries coming from clients in foreign networks are forwarded to an authoritative DNS server.
CONFIGURATION FILE
At startup dnsproxy reads a configuration file specified via the -c option or at the default location of /etc/dnsproxy.conf.
The following keywords are recognized:
authoritative IP
Address of the authoritative nameserver [required].
recursive IP
Address of the recursive nameserver [required].
listen IP
Local address (defaults to 0.0.0.0).
port number
Local port number (defaults to 53).
chroot path
A path to chroot to before starting to answer queries.
user name
A user to change to before starting to answer queries.
authoritative-timeout seconds
Time in seconds when authoritative queries time out (defaults to 10).
recursive-timeout seconds
Time in seconds when recursive queries time out (defaults to 90).
authoritative-port number
Port number on authoritative nameserver (defaults to 53).
recursive-port number
Port number on recursive nameserver (defaults to 53).
statistics seconds
Period between output of statistics (defaults to 3600). Use 0 to disable output of statistics completely.
internal network
Declare networks recognized as internal and thus eligible to do recursive queries. One network in CIDR notation per keyword.
EXAMPLE
authoritative 10.1.1.1
recursive 127.0.0.1
recursive-port 10053
listen 192.168.1.1
port 53
chroot /var/empty
user nobody
internal 192.168.1.0/24
internal 127.0.0.1
STATISTICS
Every hour (by default) dnsproxy logs the collected statistics about its usage to standard error (or syslog when running detached). Statis-
tics look like
ActiveQr AuthorQr RecursQr AllQuery Answered
0 0 0 0 0
TimeoutQ DroppedQ DroppedA LateAnsw HashColl
0 0 0 0 0
and have the following meaning:
ActiveQr
Number of currently active queries proxied to the servers.
AuthorQr
Accumulated number of authoritative queries.
RecursQr
Accumulated number of recursive queries.
AllQuery
Accumulated number of all queries ever received.
Answered
Accumulated number of answered queries.
TimeoutQ
Accumulated number of queries that did not receive an answer in time.
DroppedQ
Accumulated number of dropped queries (e.g. transmission errors).
DroppedA
Accumulated number of dropped answers.
LateAnsw
Accumulated number of answers received after the timeout period.
HashColl
Accumulated number of hash collisions in the query list.
SEE ALSO named(1)VERSION
This manual page describes dnsproxy version 1.16.
AUTHORS
Armin Wolfermann <armin@wolfermann.org>
The dnsproxy homepage is at http://www.wolfermann.org/dnsproxy.html.
LOCAL November 29, 2003 LOCAL
Check Out this Related Man Page
NSD(8) NSD 3.2.12 NSD(8)NAME
nsd - Name Server Daemon (NSD) version 3.2.12.
SYNOPSIS
nsd [-4] [-6] [-a ip-address[@port]] [-c configfile] [-d] [-f database] [-h] [-i identity] [-I nsid] [-l logfile] [-N server-count] [-n
noncurrent-tcp-count] [-P pidfile] [-p port] [-s seconds] [-t chrootdir] [-u username] [-V level] [-v]
DESCRIPTION
NSD is a complete implementation of an authoritative DNS nameserver. Upon startup, NSD will read the database specified with -f database
argument and put itself into background and answers queries on port 53 or a different port specified with -p port option. The database must
be generated beforehand with zonec(8). By default, NSD will bind to all local interfaces available. Use the -a ip-address[@port] option to
specify a single particular interface address to be bound. If this option is given more than once, NSD will bind its UDP and TCP sockets to
all the specified ip-addresses separately. If IPv6 is enabled when NSD is compiled an IPv6 address can also be specified.
OPTIONS
All the options can be specified in the configfile ( -c argument), except for the -v and -h options. If options are specified on the com-
mandline, the options on the commandline take precedence over the options in the configfile.
Normally NSD should be started with the `nsdc(8) start` command invoked from a /etc/rc.d/nsd.sh script or similar at the operating system
startup.
-4 Only listen to IPv4 connections.
-6 Only listen to IPv6 connections.
-a ip-address[@port]
Listen to the specified ip-address. The ip-address must be specified in numeric format (using the standard IPv4 or IPv6 notation).
Optionally, a port number can be given. This flag can be specified multiple times to listen to multiple IP addresses. If this flag
is not specified, NSD listens to the wildcard interface.
-c configfile
Read specified configfile instead of the default /etc/nsd3/nsd.conf. For format description see nsd.conf(5).
-d Turn on debugging mode, do not fork, stay in the foreground.
-f database
Use the specified database instead of the default of /var/lib/nsd3/nsd.db. If a zonesdir: is specified in the config file this path
can be relative to that directory.
-h Print help information and exit.
-i identity
Return the specified identity when asked for CH TXT ID.SERVER (This option is used to determine which server is answering the
queries when they are multicast). The default is the name returned by gethostname(3).
-I nsid
Add the specified nsid to the EDNS section of the answer when queried with an NSID EDNS enabled packet.
-l logfile
Log messages to the specified logfile. The default is to log to stderr and syslog. If a zonesdir: is specified in the config file
this path can be relative to that directory.
-N count
Start count NSD servers. The default is 1. Starting more than a single server is only useful on machines with multiple CPUs and/or
network adapters.
-n number
The maximum number of concurrent TCP connection that can be handled by each server. The default is 10.
-P pidfile
Use the specified pidfile instead of the platform specific default, which is mostly /var/run/nsd3/nsd.pid. If a zonesdir: is speci-
fied in the config file, this path can be relative to that directory.
-p port
Answer the queries on the specified port. Normally this is port 53.
-s seconds
Produce statistics dump every seconds seconds. This is equal to sending SIGUSR1 to the daemon periodically.
-t chroot
Specifies a directory to chroot to upon startup. This option requires you to ensure that appropriate syslogd(8) socket (e.g.
chrootdir /dev/log) is available, otherwise NSD won't produce any log output.
-u username
Drop user and group privileges to those of username after binding the socket. The username must be one of: username, id, or id.gid.
For example: nsd, 80, or 80.80.
-V level
This value specifies the verbosity level for (non-debug) logging. Default is 0.
-v Print the version number of NSD to standard error and exit.
NSD reacts to the following signals:
SIGTERM
Stop answering queries, shutdown, and exit normally.
SIGHUP Reload the database.
SIGUSR1
Dump BIND8-style statistics into the log. Ignored otherwise.
FILES
/var/lib/nsd3/nsd.db
default NSD database
/var/run/nsd3/nsd.pid
the process id of the name server.
/etc/nsd3/nsd.conf
default NSD configuration file
DIAGNOSTICS
will log all the problems via the standard syslog(8) daemon facility, unless the -d option is specified.
SEE ALSO nsdc(8), nsd.conf(5), nsd-checkconf(8), nsd-notify(8), nsd-patch(8), nsd-xfer(8), zonec(8)AUTHORS
NSD was written by NLnet Labs and RIPE NCC joint team. Please see CREDITS file in the distribution for further details.
BUGS
NSD will answer the queries erroneously if the database was not properly compiled with zonec(8). Therefore problems with misconfigured mas-
ter zone files or zonec(8) bugs may not be visible until the queries are actually answered with NSD.
NLnet Labs jul 19, 2012 NSD(8)