Installing dnsdist

dnsdist only runs on UNIX-like systems and there are several ways to install dnsdist. The fastest way is using packages, either from your own operating system vendor or supplied by the PowerDNS project. Building from source is also supported.

Installing from Packages

If dnsdist is available in your operating system’s software repositories, install it from there. However, the version of dnsdist in the repositories might be an older version that might not have a feature that was added in a later version. Or you might want to be brave and try a development snapshot from the master branch. PowerDNS provides software repositories for the most popular distributions. Visit https://repo.powerdns.com for more information and installation instructions.

Debian

For Debian and its derivatives (like Ubuntu) installing the dnsdist package should do it:

apt-get install -y dnsdist

Red Hat

For Red Hat, CentOS and its derivatives, dnsdist is available in EPEL:

yum install -y epel-release
yum install -y dnsdist

FreeBSD

dnsdist is also available in FreeBSD ports.

Installing from Source

In order to compile dnsdist, a modern compiler with C++ 2017 support and GNU make are required. dnsdist depends on the following libraries:

  • Boost
  • Lua 5.1+ or LuaJit
  • Editline (libedit)
  • libfstrm (optional, dnstap support)
  • GnuTLS (optional, DoT and outgoing DoH support)
  • libh2o (optional, incoming DoH support)
  • libcap (optional, capabilities support)
  • libsodium (optional, DNSCrypt and console encryption support)
  • LMDB (optional, LMDB support)
  • net-snmp (optional, SNMP support)
  • nghttp2 (optional, outgoing DoH support)
  • OpenSSL (optional, DoT and DoH support)
  • protobuf (optional, not needed as of 1.6.0)
  • re2 (optional)
  • TinyCDB <https://www.corpit.ru/mjt/tinycdb.html> (optional, CDB support)

Should dnsdist be run on a system with systemd, it is highly recommended to have the systemd header files (libsystemd-dev on Debian and systemd-devel on CentOS) installed to have dnsdist support systemd-notify.

From tarball

Release tarballs are available from the downloads site, snapshot and pre-release tarballs can be found as well.

The release tarballs have detached PGP signatures, signed by one of these PGP keys:

There is a PGP keyblock with these keys available on https://dnsdist.org/_static/dnsdist-keyblock.asc.

  • Untar the tarball and cd into the source directory
  • Run ./configure
  • Run make or gmake (on BSD)

From git

To compile from git, these additional dependencies are required:

dnsdist source code lives in the PowerDNS git repository but is independent of PowerDNS.

git clone https://github.com/PowerDNS/pdns.git
cd pdns/pdns/dnsdistdist
autoreconf -i
./configure
make

OS Specific Instructions

None, really.

Build options

Our configure script provides a fair number of options with regard to which features should be enabled, as well as which libraries should be used. In addition to these options, more features can be disabled at compile-time by defining the following symbols:

  • DISABLE_BUILTIN_HTML removes the built-in web pages
  • DISABLE_CARBON for carbon support
  • DISABLE_COMPLETION for completion support in the console
  • DISABLE_DEPRECATED_DYNBLOCK for legacy dynamic blocks not using the new DynBlockRulesGroup interface
  • DISABLE_ECS_ACTIONS to disable actions altering EDNS Client Subnet
  • DISABLE_FALSE_SHARING_PADDING to disable the padding of atomic counters, which is inserted to prevent false sharing but increases the memory use significantly
  • DISABLE_HASHED_CREDENTIALS to disable password-hashing support
  • DISABLE_LUA_WEB_HANDLERS for custom Lua web handlers support
  • DISABLE_OCSP_STAPLING for OCSP stapling
  • DISABLE_NPN for Next Protocol Negotiation, superseded by ALPN
  • DISABLE_PROMETHEUS for prometheus
  • DISABLE_PROTOBUF for protocol-buffer support, including dnstap
  • DISABLE_RECVMMSG for recvmmsg support
  • DISABLE_RULES_ALTERING_QUERIES to remove rules altering the content of queries
  • DISABLE_SECPOLL for security polling
  • DISABLE_WEB_CONFIG to disable accessing the configuration via the web interface

Additionally several Lua bindings can be removed when they are not needed, as they increase the memory required during compilation and the size of the final binary:

  • DISABLE_CLIENT_STATE_BINDINGS
  • DISABLE_COMBO_ADDR_BINDINGS
  • DISABLE_DNSHEADER_BINDINGS
  • DISABLE_DNSNAME_BINDINGS
  • DISABLE_DOWNSTREAM_BINDINGS
  • DISABLE_NETMASK_BINDINGS
  • DISABLE_NON_FFI_DQ_BINDINGS
  • DISABLE_PACKETCACHE_BINDINGS
  • DISABLE_POLICIES_BINDINGS
  • DISABLE_QPS_LIMITER_BINDINGS
  • DISABLE_SUFFIX_MATCH_BINDINGS
  • DISABLE_TOP_N_BINDINGS