rec_control [OPTION]… COMMAND [COMMAND-OPTION]…
rec_control allows the operator to query and control a running instance of the PowerDNS Recursor.
rec_control talks to the recursor via a the ‘controlsocket’. Which
is usually located in /var/run
. The –socket-dir or the –config-dir
and –config-name switches control to which process rec_control
connects.
To see if the Recursor is alive, run:
# rec_control ping
To stop the recursor by hand, run:
# rec_control quit
To dump the caches to disk, execute:
# rec_control dump-cache /tmp/the-cache
Note
Before version 4.5.0, for each command that writes to a file, pdns_recursor would open the file to write to. Starting with 4.5.0, the files are opened by the rec_control command itself using the credentials and the current working directory of the user running rec_control. A single minus - can be used as a filename to write the data to the standard output stream.
--help | provide this helpful message. |
--config-dir=<path> | |
Directory where the recursor.conf lives. | |
--config-name=<name> | |
Name of the virtual configuration. | |
--socket-dir=<path> | |
Where the controlsocket will live, please use –config-dir instead. | |
--socket-pid=<pid> | |
When running in SMP mode, pid of pdns_recursor to control. | |
--timeout=<num> | |
Number of seconds to wait for the remote PowerDNS Recursor to respond. | |
--version | Show the version number of this program. Note that the version command shows the version of the running recursor. |
*
, remove all*
, remove all*
to remove all NTA’s.Dumps caches to FILENAME. This file should not exist already, PowerDNS will refuse to overwrite it. While dumping, the recursor might not answer questions.
If no TYPE is specified the record cache, the negative cache, the packet cache and the aggressive NSEC cache are dumped. To select specific caches specify one or more TYPE*s, separated by spaces. The value of *TYPE can be r, n, p or a.
on
or yes
to log
DNSSEC validation failures and to no
or off
to disable logging these
failures.0
= disabled, 1
= protobuf,
2
= log file, 3
= protobuf and log file.Emit resolution trace for matching queries. No arguments disables tracing.
Before version 4.9.0, there was no FILE argument, traces were always
written to the log. Starting with version 4.9.0, trace information is
written to the file specified, which may be -
for the standard out
stream.
Queries matching this regular expression will generate voluminous tracing output. Be aware that matches from the packet cache will still not generate tracing. To unset the regex, pass trace-regex without a new regex.
The regular expression is matched against domain queries terminated with a
dot. For example the regex 'powerdns.com$'
will not match a query for
'www.powerdns.com'
, since the attempted match will be with
'www.powerdns.com.'
.
In addition, since this is a regular expression, to exclusively match
queries for 'www.powerdns.com'
, one should escape the dots:
'^www\.powerdns\.com\.$'
.
Note that the single quotes prevent
further interpretation of the backslashes by the shell.
Multiple matches can be chained with the |
operator. For example, to
match all queries for Dutch (.nl
) and German (.de
) domain names, use:
'\.nl\.$|\.de\.$'
.
Wipe entries for DOMAIN (exact name match) from the cache. This is useful
if, for example, an important server has a new IP address, but the TTL has
not yet expired. Multiple domain names can be passed.
DOMAIN can be suffixed with a $
. to delete the whole tree from the
cache. i.e. powerdns.com$
will remove all cached entries under and
including the powerdns.com name.
Note: this command also wipes the negative cache.
Warning: Don’t just wipe “www.somedomain.com”, its NS records or CNAME target may still be undesired, so wipe “somedomain.com” as well.
pdns_recursor(1) https://docs.powerdns.com/recursor