kilabit.info
| AmA | Build | Email | GitHub | Mastodon | Projects | SourceHut

NAME

rescached.cfg - Configuration for rescached service

SYNOPSIS

/etc/rescached/rescached.cfg

DESCRIPTION

These file configure the behaviour of rescached(1) service. This section will explain more about each option and how they effect rescached.

The configuration is using INI format where each options is grouped by header in square bracket:

  • [rescached]

  • [dns "server"]

OPTIONS

[rescached]

This group of options contain the main configuration that related to rescached.

wui.listen

Format

[host]:port

Default

127.0.0.1:5380

Description

The address to listen for web user interface.

file.resolvconf

Format

/any/path/to/file

Default

/etc/rescached/resolv.conf

Description

A path to dynamically generated resolv.conf(5) by resolvconf(8).

If set, the nameserver values in referenced file will be used as "parent" name server if no "parent" is defined in configuration file.

To use this config, you must set either "dnsmasq_resolv", "pdnsd_resolv", or "unbound_conf" in "/etc/resolvconf.conf" to point to "/etc/rescached/resolv.conf".

For example,

resolv_conf=/etc/resolv.conf
name_servers=127.0.0.1
dnsmasq_resolv=/etc/rescached/resolv.conf
#pdnsd_resolv=/etc/rescached/resolv.conf
#unbound_conf=/etc/rescached/resolv.conf

debug

Value
0

log startup and errors.

1

log startup, errors, request, response, caches, and exit status.

Format

Number (0 or 1).

Default

0

Description

This option only used for debugging program or if user want to monitor what kind of traffic goes in and out of rescached.

[dns "server"]

This group of options related to DNS server.

parent

Format
parent  = "parent = " [ scheme "://"] ( ip-address / domain-name ) [ ":" port ]
scheme  = ( "udp" / "https")
Default

  • Address: udp://1.1.1.1

  • Port: 53

Description

List of parent DNS servers.

When rescached receive a query from client (for example, your browser) and when it does not have a cached answer for that query, it will forward the query to one of the parent name servers.

Using UDP as parent scheme, will automatically assume that the server also capable of handling query in TCP. This is required when client (for example, your browser) re-send the query after receiving truncated UDP answer. Any query received by rescached through TCP will forwarded to the parent name server as TCP too, using the same address and port defined in one of UDP parent.

Please, do not use OpenDNS server. If certain host-name not found (i.e. typo in host-name), OpenDNS will reply with its own address, instead of replying with empty answer. This will make rescached caching a false data and it may make your application open or consume unintended resources.

To check if your parent server reply the unknown host-name with no answer, use resolver(1) tool.

Example
## Using UDP connection to forward request to parent name server.
parent = udp://1.1.1.1

## Using DNS over TLS to forward request to parent name server.
parent = https://1.1.1.1

## Using DNS over HTTPS to forward request to parent name server.
parent = https://kilabit.info/dns-query

listen

Format

<IP-ADDRESS>:<PORT>

Default

127.0.0.1:53

Description

Address in local network where rescached will listening for query from client.

If you want rescached to serve a query from another host in your local network, change this value to 0.0.0.0:53.

http.port

Format

Number

Default

443

Description

Port to serve DNS over HTTP.

tls.port

Format

Number

Default

853

Description

Port to serve DNS over TLS.

tls.certificate

Format

/path/to/file

Default

(empty)

Description

Path to certificate file to serve DNS over TLS and HTTPS.

tls.private_key

Format

/path/to/file

Default

(empty)

Description

Path to certificate private key file to serve DNS over TLS and HTTPS.

tls.allow_insecure

Format

true | false

Default

false

Description

If its true, allow serving DoH and DoT with self-signed certificate.

doh.behind_proxy

Format

true | false

Default

false

Description

If its true, serve DNS over HTTP only, even if certificate files is defined. This allow serving DNS request forwarded by another proxy server.

cache.prune_delay

Format

Duration with time unit. Valid time units are "s", "m", "h".

Default

1h

Description

Delay for pruning caches.

Every N seconds/minutes/hours, rescached will traverse all caches and remove response that has not been accessed less than cache.prune_threshold. Its value must be equal or greater than 1 hour (3600 seconds).

cache.prune_threshold

Format

Duration with time unit. Valid time units are "s", "m", "h".

Default

-1h

Description

The duration when the cache will be considered expired. Its value must be negative and greater or equal than -1 hour (-3600 seconds).

FILES

/etc/rescached/hosts.d

Path to hosts directory where rescached will load all hosts formatted files.

/etc/rescached/zone.d

Path to zone directory where rescached will load all zone files.

EXAMPLE

Simple rescached configuration using dnscrypt-proxy that listen on port 54 as parent resolver, with prune delay set to 60 seconds and threshold also to 60 seconds.

[dns "server"]
parent=udp://127.0.0.1:54
cache.prune_delay=60s
cache.prune_threshold=60s

Save the above script into rescached.cfg and run it,

$ sudo rescached -config rescached.cfg

AUTHOR

rescached is developed by M. Shulhan (m.shulhan@gmail.com).

LICENSE

Copyright 2018, M. Shulhan (m.shulhan@gmail.com). All rights reserved.

Use of this source code is governed by a GPL-3.0 license that can be found in the COPYING file.

SEE ALSO

rescached(1)

Copyright 2007-2025, Shulhan <ms@kilabit.info>. All rights reserved.
Powered by ciigo