Provided by: gdnsd_3.8.2-1build2_amd64 
NAME
gdnsd - An authoritative DNS daemon
SYNOPSIS
Usage: gdnsd [-c /etc/gdnsd] [-D] [-l] [-S] [-R | -i] <action>
-c - Configuration directory (default /etc/gdnsd)
-D - Enable verbose debug output
-l - Send logs to syslog rather than stderr
-S - Force 'zones_strict_data = true' for this invocation
-R - Attempt downtimeless replacement of another instance
-i - Idempotent mode for start/daemonize: exit 0 if already running
(-R and -i cannot be used together)
Actions:
checkconf - Checks validity of config and zone files
start - Start as a regular foreground process
daemonize - Start as a background daemon (implies -l)
DESCRIPTION
gdnsd is very fast, light, and pluggable authoritative DNS daemon.
BASIC CONFIGURATION
The primary configuration file is the file named config in the configuration directory.
Note that the configuration file does not have to exist for successful startup. Without a configuration
file, gdnsd will load all of the zones in the zones directory (default "/etc/gdnsd/zones/") and listen on
port 53 of 0.0.0.0 and "::" using default settings.
COMMANDLINE OPTION FLAGS
-c Set the configuration directory, defaults to /etc/gdnsd. The zones directory is the zones/
subdirectory of the configuration directory.
-D Enables additional debug-level log output as appropriate.
-l Sends log output to syslog rather than the default stderr. This is implicitly turned on by the
"daemonize" action, and is recommended when running as a systemd service as well, to capture priority
information.
-S Forces the "zones_strict_data" configuration option to true for this invocation, regardless of the
setting in the config file. This is mostly useful for validation during the "checkconf" option.
-R Replace mode for "start" and "daemonize":
Normally, if another server instance has the server control socket locked, a "start" or "daemonize"
attempt will fail. With this flag set, the new server will connect to the old over its control
socket and attempt a downtime-less, graceful takeover of operations. This allows for both code and
configuration changes to happen without losing requests in most cases and is in general fairly
seamless. See the gdnsdctl(8) documentation for "replace" for more information, as that is the
preferred interface to this functionality.
-i Idempotent mode for "start" and "daemonize":
Normally, if another server instance has the server control socket locked, a "start" or "daemonize"
attempt will fail. With this flag set, if another instance is already running, this instance will
report success and exit with status zero immediately.
ACTIONS
checkconf
Checks the validity of the configuration file and zonefiles, setting the exit status appropriately (0
for success). The same code executes implicitly during startup; checkconf just exits at the last
point before real runtime actions need to be taken, such as acquiring sockets.
start
Starts gdnsd as a runtime DNS server foreground process, emitting log output to stderr.
daemonize
Starts gdnsd as a detached background daemonize process in a new session, parented to PID 1 (init),
emitting log output to directly to syslog. The initial foreground process will emit no terminal
output on success, but will wait for the background daemon to complete startup operations
successfully before exiting with status zero (or not, in which case it will exit non-zero and emit
some kind of failure output to either stderr or syslog).
Any other commandline option will be treated as invalid, which will result in displaying a short help
text to STDERR and exiting with a non-zero exit status. This includes things like the ubiquitous --help
and --version.
PRIVILEGES
This service pays no attention to, nor does it attempt to check or modify, anything about the runtime
security environment or privilege set, or whether or not it happens to be running as "root", or attempt
any actions that would commonly require "root" privileges, such as altering its own memlock rlimits or
raising its own process priority. The lone exception is that the code blindly assumes that binding its
DNS listening ports, which default to being in the privileged range, will Just Work.
It expects all such things to be managed managed by external mechanisms: either a systemd-like init
system which can do it all declaratively, or a combination of tooling in an initscript for a traditional
init system to take care of the necessary privileged settings and/or security-jailing / ACLs, etc,
SYSTEMD COMPATIBILITY
When run as a systemd service, "start" should be used rather than "daemonize", the "-l" flag should be
used, and the type should be set to "Type=notify" with "NotifyAccess=all". The latter bits will cause
systemd to set $NOTIFY_SOCKET for the daemon, and the daemon in turn will use this to send a readiness
notification when it's done with initial startup tasks and ready to service requests. "gdnsdctl -l stop"
should be used for the "ExecStop=" command.
The source tree contains an example systemd unit file with reasonable defaults for a production
deployment.
ZONE FILES - RFC1035
The directory for standard RFC1035 zone files (the default zone data backend) is the subdirectory named
zones/ in the configuration directory, so the default would be /etc/gdnsd/zones/.
RFC1035 zone files are the traditional zone file format that one typically uses with e.g. BIND. For more
information on the internal format and processing of these files, see gdnsd.zonefile(5). This section is
about how the directory itself is managed.
All files in the zones directory are considered zone files. In general there should be exactly one file
per zone, and the filename should match the zone name. Filenames beginning with "." are ignored. All
zone file must be regular files (as opposed to directories, symlinks, sockets, etc).
In order to better support the special case of RFC 2137 -style classless in-addr.arpa delegation zones
(which contain forward slashes), any "@" symbol in the filename will be translated to a forward slash
("/") when transforming a filename into its corresponding zone name.
For similar reasons, if your server is intended to serve the root of the DNS, the filename for the root
zone should be the special filename ROOT_ZONE, rather than the impossible literal filename .. Because
authoritative servers cannot serve two domains which have a parent<->child relationship correctly, a root
server cannot serve any other zone, so this would be the sole zonefile.
The standard DNS zone file escape sequences are recognized within the filenames (e.g. "\." for a dot
within a label, or "\NNN" where NNN is a decimal integer in the range 0 - 255), if for some reason you
need a strange character in your zone name.
Trailing dots on zonefile names are ignored; e.g. example.com and example.com. are functionally
equivalent.
Duplicate zones (e.g. having both of the above representations of "example.com" present in the zones
directory, and/or adding a different case-mapping such as EXample.Com) are illegal.
Subzones (e.g. having zonefiles for both "example.com" and "subz.example.com") are also illegal.
ZONE FILES - RELOADING
"gdnsdctl reload-zones" triggers re-loading all zone data. The reload operation is done in a separate
thread from the main server and doesn't interrupt DNS request flow.
"gdnsdctl" will wait for the server to complete the load operation and report back the success or failure
of the reload transaction via stdout and its process exit status.
If any failure occurs during the reload operation, the entire reload transaction is discarded with no
effect on the previous runtime data still in use to answer ongoing queries.
DIRECTORIES
Important directory paths for the core daemon code:
/etc/gdnsd
Default configuration directory, unless overridden via "-c". The primary configuration file is
always the file config in the configuration directory.
/run/gdnsd
Default run_dir. This is where the daemon's control socket and lock files are created. See the
entry for "run_dir" in the gdnsd.config(5) manpage for more information about this directory.
/var/lib/gdnsd
Default state_dir. The admin_state file is read from this directory for administrative state-
overrides on monitored resources, see below in the FILES section. See the entry for "state_dir" in
the gdnsd.config(5) manpage for more information about this directory.
/usr/libexec/gdnsd
This is the default path for daemon-private executables that users should not run. The only current
case is gdnsd_extmon_helper for the extmon plugin and the path for this can be overridden in that
plugin's configuration, documented in gdnsd-plugin-extmon(8).
ADMIN STATE FILE - /var/lib/gdnsd/admin_state
This file is the input for administrative state overrides affecting plugin resolution decisions. The
intent of this file is to allow explicit, human administrative decisions to temporarily override the
states affecting plugin decision-making on issues of failover and/or geographic distribution. A non-
existent file is treated the same as an empty file. The file is watched at runtime for changes, and any
overridden state found is applied quickly. The file is expected to persist reboots and daemon restarts
in order to preserve the administrator's intent through these events.
A basic understanding of how both monitoring and resolution plugins in gdnsd work is assumed (see
gdnsd.config(5)). This file is parsed as a vscf hash data structure (again, see gdnsd.config(5) for
deeper details of that format). The keys are the names of monitored or virtual resources, and the values
are forced state values (optionally with monitored-TTL values as well). Keys can also be wildcards using
the shell glob syntax which affect multiple resources.
For normal monitored resources, the typical form of a key would be "THING/service_type", where "THING" is
the monitored address or CNAME value and "service_type" is the service_type configured to monitor that
address or CNAME value by one or more resolver plugins. The value portion takes the form of
"STATE[/TTL]", where "STATE" is "UP" or "DOWN" and the TTL portion is an optional override of the
monitored TTL.
The order of the lines in the file is important; they are processed and applied in-order such that later
lines can override the actions of earlier lines. This is especially handy for making exceptions to glob-
matches.
Example:
/var/lib/gdnsd/admin_state:
2001:db8::2:123/my_http_check => DOWN # down a specific res+stype
foo.example.com./extmon_ping => UP # up a specific res+stype
192.0.2.1/* => DOWN # down all service_types for this address
*/xmpp => UP/30 # up all resources monitored by xmpp w/ TTL 30 ...
192.0.2.2/xmpp => DOWN # ... except this one
Some resolution plugins can also register virtual resources (which are not monitored by any
"service_type") solely for the purpose of administrative override of decision-making. Currently the
geoip and metafo plugins do this for their "datacenters", and the keys they create take the form of
"plugin_name/resname/dcname" to force a datacenter's state at the per-resource level. The geoip plugin
also supports keys of the form "plugin_name/mapname/dcname" to force a datacenter's state at the per-map
level. These forcings override the aggregate state passed up to geoip/metafo from per-datacenter plugins
(e.g. multifo or weighted monitoring several addresses in a datacenter), and in the geoip case the more-
specific per-resource forced state will override any per-map forced state.
Example:
/var/lib/gdnsd/admin_state:
geoip/map3/dc-us => DOWN # down dc-us in geoip map3
*/dc-jp => DOWN # down all datacenters named dc-jp for geoip and metafo
metafo/res_www/dc-jp => UP # exception to above
All of the available monitored and virtual keys that can be matched in this file, as well as their
current monitored and/or forced states, are visible in the output of "gdnsdctl states" in JSON format.
SIGNALS
Any signal not explicitly mentioned is not explicitly handled. That is to say, they will have their
default actions, which often include aborting execution.
SIGTERM, SIGINT
Causes the daemon to exit gracefully with accompanying log output. The exit status will reflect the
terminating signal appropriately.
SIGPIPE
Ignored.
SIGHUP
If started via "daemonize", "SIGHUP" is explicitly ignored by the background daemon, but not by the
temporary foreground process during initialization. When started via "start", "SIGHUP" handling is
left at defaults, which will normally result in unclean process termination on reception.
SIGUSR1
This signal is "handled" by the main daemon for compatibility reasons, as previous versions used it
to request asynchronous zone data reloads. It merely logs an error now which notes the new
"gdnsdctl" mechanism, and has no real effect. This compatibility handling may be removed in a future
major version update.
SIGUSR2
Used internally as an inter-thread signal, no documented use from the outside. Do not send this
signal to any thread of the daemon.
EXIT STATUS
An exit status of zero indicates success, anything else indicates failure.
For "daemonize", the exit status of the initial foreground process will indicate whether the background
daemon launched successfully.
For "start", the initial foreground process is the daemon, and exit status will reflect the terminating
signal appropriately even in a clean shutdown case, or be zero if cleanly shut down by non-signal
mechanisms.
SEE ALSO
gdnsd.config(5), gdnsd.zonefile(5)
The gdnsd manual.
COPYRIGHT AND LICENSE
Copyright (c) 2012 Brandon L Black <blblack@gmail.com>
This file is part of gdnsd.
gdnsd is free software: you can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
gdnsd is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License along with gdnsd. If not, see
<http://www.gnu.org/licenses/>.
gdnsd 3.8.2 2024-03-31 GDNSD(8)