Dnsdist

Highly DNS-, DoS- and abuse-aware loadbalancer

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic.

dnsdist is dynamic, its configuration language is Lua and it can be can be changed at runtime, and its statistics can be queried from a console-like interface or an HTTP API.

dnsdist is used to protect and optimize the DNS traffic of hundreds of millions of internet subscribers.

• IPv4, UDP/TCP
• IPv6, UDP/TCP, 100 compliant
• Remotely pollable statistics for real time graphing
• High performance
• SNMP statistics bridge read only
• Dynamically route queries to backend servers
• Advanced anti-spoofing measures
• Reconfiguration without downtime
• Kernel based filtering of harmful traffic, rejecting packets at ‘line speed’
• Internal Lua-based scripted answer generation
• Question interception, answer reconditioning, NXDOMAIN redirection
  • Including ‘block lists’ and security measures
• Built-in memory efficient cache for increased performance
• Ability to continue serving data from cache for non-responsive backends
• Smart rate limiting per user, per subnet, per domain
• Capable of writing dynamic rules to block harmful traffic