Configuration
To configure atomdns you need to write a Conffile. In this example we’ll start with the most basic one and build it up from there.
When starting atomdns without any configuration it will use its builtin Conffile:
The “blocks” in this configuration are called “handler blocks”, you may recognize this format, as this is the
format from Caddy. The order of the handlers is significant, here for
example.org, it is: log, whoami. This means the request if first logged and then handed over to the
whoami handler. If this was
reversed, i.e. whoami, log, it would mean the request would not get logged, because
whoami handles it, and does
not call the next handler.
So just run it: ./atomdns, it will output something along these lines:
The banner (line 8 and down) shows some information about atomdns. For the rest we have:
Lines:
- Show that we have
example.orgas the only zones, it has the handlers log and whoami configured and in that order. - There are 3 startup functions defined, these functions show their logging in the next lines.
- This shows the configuration of the global handler (lines 1-5 in the figure at the start of this page). It shows the addresses and port atomdns runs on, here all adddresses and on port 1053.
- Another startup function from global: the HUP signal can be used to reload atomdns.
- Here the log handler outputs that the USR1 signal is used. This allows for run-time toggling of the query logging.
- Shows the build info for this binary.
- More information about the process, the config “file” loads, versions, number of zones configured and which roles the process has, in this case plain old DNS and again the addresses and ports.
The whoami handlers echos back your source port and IP address, so if we query this:
Meanwhile, because the log handler, logs we see
Which, of course, shows the same information.
When you shut down atomdns by sending it the INT signal (i.e. ^C), it shows
Which is showing the tear down function(s), in this case shows the log handler stopping with listening for the USR1 signal, and finally atomdns saying good bye.
More Complex Example
The Conffile-example that is included in the source is more complex and defines 3 zones, plus various additions in the global block See the global on what is defined here. In that configuration we define 3 roles for this server, namely:
- dns
- plain old DNS, this is done in the
dnssection, this listens on port 1053. - doh:
- this defines DNS over HTTPS (and thus requires a
tlssection as well). - dot
- defines a DNS over TLS server, which also requires a
tlssection.
The limits section in each:
Tells after how many request over TCP the connection should be severed, in this case (-1) never. And run
tells how many servers should be started and listen on the port, here: 3 times the number of CPUs in the
system. This uses Go’s NumCPU to get that number. More details can be
found in the global manual page.
For the actual TLS setup and configuration see the TLS Certificates section, here we suffice by saying we we manual certificates management.
Further more 3 zones are defined:
This is like the example above, except the zone is a reverse one, this is translated in a zone named
0.0.10.in-addr.arpa, the handlers are the same as above.
This handler block defines a handler chain for the example.org zone, it has log
and dbfile
the latter is used to serve zone data from file(s). Here we read from
handlers/dbfile/zone/testdata/db.example.org. The “handlers” prefix comes from the root-directive in the
global block - root handlers. The transfer property tells atomdns that zone transfers (AXFRs) are allowed.
This is the most complex example in this file. We see dbfile
, that serves
db.miek.nl.signed. This zone is created via the sign
that used the defined keyset
to DNSSEC sign the input file: sign/testdata/db.miek.nl. With zonemd we tell that we also want the
ZONEMD record to be added.
There are many handlers, so you can pick and choose what to run for your server, atomdns.miek.nl has the following configuration:
The import directive is explained in the Conffile manual.