Page MenuHomePhabricator
Paste P9846

authdns config
ActivePublic
Actions

Authored by BBlack on Dec 10 2019, 3:30 PM.
Tags
None
Referenced Files
F31465408: raw.txt
Dec 10 2019, 3:30 PM
Subscribers
None
bblack@dns1001:~$ ip -4 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 208.80.154.238/32 scope global lo
valid_lft forever preferred_lft forever
inet 208.80.153.231/32 scope global lo
valid_lft forever preferred_lft forever
inet 91.198.174.239/32 scope global lo
valid_lft forever preferred_lft forever
inet 10.3.0.1/32 scope global lo:anycast
valid_lft forever preferred_lft forever
inet 208.80.154.254/32 scope global lo:LVS
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 208.80.154.10/26 brd 208.80.154.63 scope global eno1
valid_lft forever preferred_lft forever
bblack@dns1001:~$ cat /etc/gdnsd/config-options
# This file is managed by puppet, not the ops/dns repo!
# This whole file becomes contents of the options stanza of the final
# production configuration. The stuff in the operations/dns repo owns the
# top-level config file which includes this!
# The options in this file should be about the runtime behavior of the daemon;
# things like listen addresses, thread/socket tuning, debug options, etc.
# Options that are more in the realm of the interpretation of zone data should
# be in the main config file's options stanza in the ops/dns repo.
listen = {
# Our primary traffic on port 53 comes in here over any of these public
# addresses. Using one thread+socket per physical CPU, per listen address,
# makes handling query-rate spikes even easier.
"208.80.154.238" = {
udp_threads = 8
tcp_threads = 8
}
"208.80.153.231" = {
udp_threads = 8
tcp_threads = 8
}
"91.198.174.239" = {
udp_threads = 8
tcp_threads = 8
}
# PROXY protocol listener on port 535 of IPv4 localhost.
# This is for future experimentation with e.g. DNS-over-TLS.
127.0.0.1:535 = {
tcp_proxy = true
tcp_threads = 8
}
# These are monitor listeners, so they only get one thread per protocol per
# listen address, as they're not expecting "real" traffic.
"0.0.0.0:5353" = {
udp_threads = 1
tcp_threads = 1
}
"[::]:5353" = {
udp_threads = 1
tcp_threads = 1
}
}
# Lock memory against swapout
lock_mem = true
# NSID for debugging the mapping of functional IPs to real servers
nsid_ascii = dns1001
# Secret master key for cookie generation, shared by all the authdns fleet
cookie_key_file = /etc/gdnsd/secrets/dnscookies.key
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL