DNSPROXY(1) BSD General Commands Manual DNSPROXY(1)NAME
dnsproxy -- DNS proxy
SYNOPSIS
dnsproxy [-dhV] [-c file]
DESCRIPTION
The dnsproxy daemon waits for nameserver queries on a user specified address, dispatches these queries to authoritative and recursive name-
servers and forwards the received answers back to the original client.
The options are as follows:
-c file Read configuration from file.
-d Detach from current terminal and run as background process.
-h Show usage.
-V Show version.
If a client from an internal IP address does a recursive lookup the query is forwarded to a recursive DNS server. Authoritative queries and
queries coming from clients in foreign networks are forwarded to an authoritative DNS server.
CONFIGURATION FILE
At startup dnsproxy reads a configuration file specified via the -c option or at the default location of /etc/dnsproxy.conf.
The following keywords are recognized:
authoritative IP
Address of the authoritative nameserver [required].
recursive IP
Address of the recursive nameserver [required].
listen IP
Local address (defaults to 0.0.0.0).
port number
Local port number (defaults to 53).
chroot path
A path to chroot to before starting to answer queries.
user name
A user to change to before starting to answer queries.
authoritative-timeout seconds
Time in seconds when authoritative queries time out (defaults to 10).
recursive-timeout seconds
Time in seconds when recursive queries time out (defaults to 90).
authoritative-port number
Port number on authoritative nameserver (defaults to 53).
recursive-port number
Port number on recursive nameserver (defaults to 53).
statistics seconds
Period between output of statistics (defaults to 3600). Use 0 to disable output of statistics completely.
internal network
Declare networks recognized as internal and thus eligible to do recursive queries. One network in CIDR notation per keyword.
EXAMPLE
authoritative 10.1.1.1
recursive 127.0.0.1
recursive-port 10053
listen 192.168.1.1
port 53
chroot /var/empty
user nobody
internal 192.168.1.0/24
internal 127.0.0.1
STATISTICS
Every hour (by default) dnsproxy logs the collected statistics about its usage to standard error (or syslog when running detached). Statis-
tics look like
ActiveQr AuthorQr RecursQr AllQuery Answered
0 0 0 0 0
TimeoutQ DroppedQ DroppedA LateAnsw HashColl
0 0 0 0 0
and have the following meaning:
ActiveQr
Number of currently active queries proxied to the servers.
AuthorQr
Accumulated number of authoritative queries.
RecursQr
Accumulated number of recursive queries.
AllQuery
Accumulated number of all queries ever received.
Answered
Accumulated number of answered queries.
TimeoutQ
Accumulated number of queries that did not receive an answer in time.
DroppedQ
Accumulated number of dropped queries (e.g. transmission errors).
DroppedA
Accumulated number of dropped answers.
LateAnsw
Accumulated number of answers received after the timeout period.
HashColl
Accumulated number of hash collisions in the query list.
SEE ALSO named(1)VERSION
This manual page describes dnsproxy version 1.16.
AUTHORS
Armin Wolfermann <armin@wolfermann.org>
The dnsproxy homepage is at http://www.wolfermann.org/dnsproxy.html.
LOCAL November 29, 2003 LOCAL
Check Out this Related Man Page
lwresd(1M)lwresd(1M)NAME
lwresd - lightweight resolver daemon
SYNOPSIS
config-file] debuglevel] pid-file] ncpus] query-port] port] directory] user-id]
DESCRIPTION
The daemon provides name lookup services for clients that use the BIND 9 lightweight resolver library. It is essentially a stripped-down,
caching-only name server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol.
listens for resolver queries on a UDP port on the IPv4 loopback interface, 127.0.0.1. This means that can only be used by processes run-
ning on the local machine. By default, UDP port number 921 is used for lightweight resolver requests and responses.
Incoming lightweight resolver requests are decoded by which then resolves them using the DNS protocol. When the DNS lookup completes,
encodes the answers from the name servers in the lightweight resolver format and returns them to the client that made the original request.
If the configuration file contains any entries, sends recursive DNS queries to those servers. This is similar to the use of forwarders in
a caching name server. If no entries are present, or if forwarding fails, resolves the queries autonomously starting at the root name
servers, using a compiled-in list of root-server hints.
Options
Use config-file as the configuration file. The default is
Set the debug level to
debuglevel. Debugging traces from become more verbose as the debug level increases.
Run in the foreground.
Run in the foreground and force all logging to standard error.
Write the daemon's process ID to
pid-file. The default is
Create ncpus worker threads to take advantage of multiple CPUs. By default, tries to determine the number of CPUs present and creates
one thread per CPU. If it cannot determine the number of CPUs, it creates a single worker thread.
Send DNS lookups to port number
query-port when querying name servers. This provides a way of testing the lightweight resolver daemon with a name server that
listens for queries on a nonstandard port number.
Listen for lightweight resolver queries on the
loopback interface using UDP port number port. The default is port 921.
Write memory usage statistics to standard output on exit.
This option is only of interest to BIND 9 developers and may be removed or changed in a future release.
Change root to
directory immediately after reading the configuration file (see chroot(2)).
Run as user-id, which is a user name or numeric ID that must be present in the password file. changes its user-id after it has carried
out any privileged operations, such as writing the process-ID file or binding a socket to a privileged port (typically any port
less than 1024).
Note
is a daemon for lightweight resolvers, not a lightweight daemon for resolvers.
AUTHOR
was developed by the Internet Systems Consortium (ISC).
FILES
Default resolver configuration file
Default process-id file
SEE ALSO named(1M), chroot(2).
available online at
available from the Internet Systems Consortium at
BIND 9.3 lwresd(1M)