Brain-friendly dnsdist config generator with Active Directory support.
MIT License
Simple dnsdist config generator made for human.
Prebuilt binaries might be found in releases or from the CI below.
Integrated Docker image: Docker Hub
An example config file is at examples/autoconf.toml. dnsdist-autoconf
will search for a autoconf.toml
file under the config folder.
# generate the config
dnsdist-autoconf -config .
# check the config grammar (important, since the author is not very confident)
dnsdist -C dnsdist.conf --check-config
# run it!
dnsdist -C dnsdist.conf
The docker image will rerun dnsdist-autoconf
every night to update dynamic config.
Set REMOTE_CONFIG
and autoconf.toml
will be updated too.
/etc/dnsdist
jamesits/dnsdist-autoconf:latest
docker pull jamesits/dnsdist-autoconf:latest
docker run --rm --name=dnsdist-autoconf_1 -p=53:53/udp -p=53:53/tcp -p=8083:80/tcp --dns=1.1.1.1 --dns=8.8.8.8 -v=/etc/dnsdist:/etc/dnsdist jamesits/dnsdist-autoconf:latest
dnsdist-autoconf.service
in this repo to /usr/lib/systemd/system
/etc/dnsdist
dnsdist-autoconf.service
systemd unitExample:
mkdir -p /usr/lib/systemd/system
mkdir -p /etc/dnsdist
wget https://github.com/Jamesits/dnsdist-autoconf/raw/master/docker/dnsdist-autoconf.service -O /usr/lib/systemd/system/dnsdist-autoconf.service
wget https://github.com/Jamesits/dnsdist-autoconf/raw/master/examples/autoconf.toml -O /etc/dnsdist/autoconf.toml
systemctl daemon-reload
systemctl enable --now dnsdist-autoconf.service
Use Go 1.10 or higher.
We only support dnsdist version 1.4 and later. Although there are some cases running dnsdist <1.4 with it, these cases will less likely be supported.
systemd-resolved
will take up port 53 on Ubuntu 17.04 onwards. To disable it:
/etc/hosts
/etc/resolv.conf
is a symlink, delete it and recreate it, type in nameserver 8.8.8.8
or any other working DNS serversystemctl disable --now systemd-resolved.service
systemctl mask systemd-resolved.service
dns=default
under [main]
section of /etc/NetworkManager/NetworkManager.conf
.We make a simple assumption that every DC have DNS roles installed, since we can only get LDAP/Kerberos server list from DNS queries, and quering any other config requires much more complex protocols.
The generated config might cause dnsdist to use a lot file descriptors.
Warning, this configuration can use more than 1220 file descriptors, web server and console connections not included, and the current limit is 1024.
You can increase this value by using LimitNOFILE= in the systemd unit file or ulimit.
Quick fix if you are running directly in a shell:
# you might need root privilege
ulimit -u unlimited
dnsdist -C dnsdist.conf
Fix if you are running in systemd:
mkdir -p /etc/systemd/system/dnsdist.service.d
echo -e "[Service]\nLimitNOFILE=16384\n" > /etc/systemd/system/dnsdist.service.d/ulimit.conf
systemctl daemon-reload