SYNOPSISdnsproxy [-dhV ] [-c file ]
DESCRIPTIONThe dnsproxy daemon waits for nameserver queries on a user specified address, dispatches these queries to authoritative and recursive nameservers and forwards the received answers back to the original client.
The options are as follows:
- -c file
- Read configuration from file.
- Detach from current terminal and run as background process.
- Show usage.
- Show version.
If a client from an internal IP address does a recursive lookup the query is forwarded to a recursive DNS server. Authoritative queries and queries coming from clients in foreign networks are forwarded to an authoritative DNS server.
CONFIGURATION FILEAt startup dnsproxy reads a configuration file specified via the -c option or at the default location of /etc/dnsproxy.conf.
The following keywords are recognized:
- authoritative IP
- Address of the authoritative nameserver [required].
- recursive IP
- Address of the recursive nameserver [required].
- listen IP
- Local address (defaults to 0.0.0.0).
- port number
- Local port number (defaults to 53).
- chroot path
- A path to chroot to before starting to answer queries.
- user name
- A user to change to before starting to answer queries.
- authoritative-timeout seconds
- Time in seconds when authoritative queries time out (defaults to 10).
- recursive-timeout seconds
- Time in seconds when recursive queries time out (defaults to 90).
- authoritative-port number
- Port number on authoritative nameserver (defaults to 53).
- recursive-port number
- Port number on recursive nameserver (defaults to 53).
- statistics seconds
- Period between output of statistics (defaults to 3600). Use 0 to disable output of statistics completely.
- internal Fa network
- Declare networks recognized as internal and thus eligible to do recursive queries. One network in CIDR notation per keyword.
authoritative 10.1.1.1 recursive 127.0.0.1 recursive-port 10053 listen 192.168.1.1 port 53 chroot /var/empty user nobody internal 192.168.1.0/24 internal 127.0.0.1
STATISTICSEvery hour (by default) dnsproxy logs the collected statistics about its usage to standard error (or syslog when running detached). Statistics look like
ActiveQr AuthorQr RecursQr AllQuery Answered 0 0 0 0 0 TimeoutQ DroppedQ DroppedA LateAnsw HashColl 0 0 0 0 0
and have the following meaning:
- ActiveQr Number of currently active queries proxied to the servers.
- AuthorQr Accumulated number of authoritative queries.
- RecursQr Accumulated number of recursive queries.
- Accumulated number of all queries ever received.
- Accumulated number of answered queries.
- Accumulated number of queries that did not receive an answer in time.
- Accumulated number of dropped queries (e.g. transmission errors).
- Accumulated number of dropped answers.
- Accumulated number of answers received after the timeout period.
- Accumulated number of hash collisions in the query list.