README.rst
1.. SPDX-License-Identifier: GPL-3.0-or-later
2
3.. _mod-prefill:
4
5Cache prefilling
6================
7
8This module provides ability to periodically prefill the DNS cache by importing root zone data obtained over HTTPS.
9
10Intended users of this module are big resolver operators which will benefit from decreased latencies and smaller amount of traffic towards DNS root servers.
11
12Example configuration is:
13
14.. code-block:: lua
15
16 modules.load('prefill')
17 prefill.config({
18 ['.'] = {
19 url = 'https://www.internic.net/domain/root.zone',
20 interval = 86400, -- seconds
21 ca_file = '/etc/pki/tls/certs/ca-bundle.crt', -- optional
22 }
23 })
24
25This configuration downloads the zone file from URL `https://www.internic.net/domain/root.zone` and imports it into the cache every 86400 seconds (1 day). The HTTPS connection is authenticated using a CA certificate from file `/etc/pki/tls/certs/ca-bundle.crt` and signed zone content is validated using DNSSEC.
26
27The root zone to be imported must be signed using DNSSEC and the resolver must have a valid DNSSEC configuration.
28
29.. csv-table::
30 :header: "Parameter", "Description"
31
32 "ca_file", "path to CA certificate bundle used to authenticate the HTTPS connection (optional, system-wide store will be used if not specified)"
33 "interval", "number of seconds between zone data refresh attempts"
34 "url", "URL of a file in :rfc:`1035` zone file format"
35
36Only root zone import is supported at the moment.
37
38Dependencies
39------------
40
41Prefilling depends on the lua-http_ library.
42
43.. _lua-http: https://luarocks.org/modules/daurnimator/http
44