Working with the dnsdist Console

dnsdist can expose a commandline console over an encrypted tcp connection for controlling it, debugging DNS issues and retrieving statistics.

The console can be enabled with controlSocket():


To enable encryption, first generate a key with makeKey():

$ ./dnsdist -l
> makeKey()

Add the generated setKey() line to you dnsdist configuration file, along with a controlSocket():

controlSocket('') -- Listen on this IP and port for client connections
setKey("ENCODED KEY")            -- Shared secret for the console

Now you can run dnsdist -c to connect to the console. This makes dnsdist read its configuration file and use the controlSocket() and setKey() statements to set up its connection to the server.

If you want to connect over the network, create a configuration file with the same two statements and run dnsdist -C /path/to/configfile -c.

Alternatively, you can specify the address and key on the client commandline:

dnsdist -k "ENCODED KEY" -c


This will leak the key into your shell’s history and is not recommended.