{ "generateDNSCryptCertificate", true, "\"/path/to/providerPrivate.key\", \"/path/to/resolver.cert\", \"/path/to/resolver.key\", serial, validFrom, validUntil", "generate a new resolver private key and related certificate, valid from the `validFrom` timestamp until the `validUntil` one, signed with the provider private key" },
{ "generateDNSCryptProviderKeys", true, "\"/path/to/providerPublic.key\", \"/path/to/providerPrivate.key\"", "generate a new provider keypair" },
{ "getDNSCryptBind", true, "n", "return the `DNSCryptContext` object corresponding to the bind `n`" },
+ { "getPool", true, "name", "return the pool named `name`, or \"\" for the default pool" },
{ "getPoolServers", true, "pool", "return servers part of this pool" },
{ "getQueryCounters", true, "[max=10]", "show current buffer of query counters, limited by 'max' if provided" },
{ "getResponseRing", true, "", "return the current content of the response ring" },
{ "showCacheHitResponseRules", true, "", "show all defined cache hit response rules" },
{ "showDNSCryptBinds", true, "", "display the currently configured DNSCrypt binds" },
{ "showDynBlocks", true, "", "show dynamic blocks in force" },
+ { "showPools", true, "", "show the available pools" },
{ "showPoolServerPolicy", true, "pool", "show server selection policy for this pool" },
{ "showResponseLatency", true, "", "show a plot of the response time latency distribution" },
{ "showResponseRules", true, "", "show all defined response rules" },
addAction(OrRule({QTypeRule(dnsdist.SOA), QTypeRule(dnsdist.AXFR), QTypeRule(dnsdist.IXFR)}), PoolAction("master"))
The second one might require allowing AXFR/IXFR from the :program:`dnsdist` source address
-and moving the source address check on :program:`dnsdist`'s side::
+and moving the source address check to :program:`dnsdist`'s side::
addAction(AndRule({OrRule({QTypeRule(dnsdist.AXFR), QTypeRule(dnsdist.IXFR)}), NotRule(makeRule("192.168.1.0/24"))}), RCodeAction(dnsdist.REFUSED))
queries, because the slave will receive a notification coming from the :program:`dnsdist` address,
and not the master's one. One way to fix this issue is to allow NOTIFY from the :program:`dnsdist`
address on the slave side (for example with PowerDNS's `trusted-notification-proxy`) and move the address
-check on :program:`dnsdist`'s side::
+check to :program:`dnsdist`'s side::
addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("192.168.1.0/24"))}), RCodeAction(dnsdist.REFUSED))
The default port is 53.
:param bool do_tcp: Also bind a TCP port on ``address``, defaults to true.
:param bool so_reuseport: Use ``SO_REUSEPORT`` if it is available, defaults to false
- :param int tcp_fast_open_qsize: Set to a number higher than 0 to enable TCP Fast Open
- when available. Default is 0.
+ :param int tcp_fast_open_qsize: The size of the TCP Fast Open queue. Set to a number
+ higher than 0 to enable TCP Fast Open when available.
+ Default is 0.
.. function:: setLocal(address[, options])
The default port is 53.
:param bool do_tcp: Also bind a TCP port on ``address``, defaults to true.
:param bool so_reuseport: Use ``SO_REUSEPORT`` if it is available, defaults to false
- :param int tcp_fast_open_qsize: Set to a number higher than 0 to enable TCP Fast Open
- when available. Default is 0.
+ :param int tcp_fast_open_qsize: The size of the TCP Fast Open queue. Set to a number
+ higher than 0 to enable TCP Fast Open when available.
+ Default is 0.
Control Socket, Console and Webserver
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
qps=NUM, -- Limit the number of queries per second to NUM
order=NUM, -- The order of this server
weight=NUM, -- The weight of this server
- pool=STRING, -- The pool this server belongs to (unset or empty string means default pool)
- retries=NUM, --
- tcpConnectTimeout=NUM, --
- tcpSendTimeout=NUM, --
- tcpRecvTimeout=NUM, --
+ pool=STRING|{STRING}, -- The pools this server belongs to (unset or empty string means default pool) as a string or table of strings
+ retries=NUM, -- The number of TCP connection attempts to the backend, for a given query
+ tcpConnectTimeout=NUM, -- The timeout (in seconds) of a TCP connection attempt
+ tcpSendTimeout=NUM, -- The timeout (in seconds) of a TCP write attempt
+ tcpRecvTimeout=NUM, -- The timeout (in seconds) of a TCP read attempt
+ tcpFastOpen=BOOL, -- Whether to enable TCP Fast Open
+ name=STRING, -- The name associated to this backend, for display purpose
checkName=STRING, -- Use STRING as QNAME in the health-check query, default: "a.root-servers.net."
checkType=STRING, -- Use STRING as QTYPE in the health-check query, default: "A"
setCD=BOOL, -- Set the CD (Checking Disabled) flag in the health-check query, default: false
-----
:class:`Server`\ s can be part of any number of pools.
-Pools are automatically created when a server is added to a pool (with :func:`newServer`).
+Pools are automatically created when a server is added to a pool (with :func:`newServer`), or can be manually created with :func:`addPool`.
+
+.. function:: addPool(name) -> ServerPool
+
+ Returns a :class:`ServerPool`.
+
+ :param string name: The name of the pool to create
.. function:: getPool(name) -> ServerPool
:param string name: The name of the pool
+.. function:: rmPool(name)
+
+ Remove the pool named `name`.
+
+ :param string name: The name of the pool to remove
+
.. function:: getPoolServers(name) -> [ Server ]
Returns a list of :class:`Server`\ s or nil.
projects / pdns / commitdiff