DNS Resolver
Built-in DNS resolver component providing cached DNS queries to all Ze components.
Uses github.com/miekg/dns (the library CoreDNS is built on).
| Feature | Description |
|---|---|
| Static name servers | system { name-server [8.8.8.8 1.1.1.1]; } sets upstream DNS servers |
| resolv.conf writer | Writes configured servers to resolv-conf-path at startup |
| DHCP integration | Static servers take priority over DHCP-discovered DNS |
| Query types | A, AAAA, TXT, PTR, CNAME, MX, NS, SRV |
| LRU cache | O(1) operations, configurable size and max TTL |
| TTL-aware | Respects response TTL, caps at configured maximum, honors TTL=0 (do not cache) |
| Concurrent safe | Mutex-protected cache, safe for multi-goroutine use |
| System fallback | β |
| Timeout control | Per-resolver configurable timeout (1-60 seconds) |
| Cache management | List entries, inspect by name, selective delete by name/type, flush all, reset counters |
\| resolve pipe |
Reverse DNS enrichment for IP addresses in any command's JSON output |
\| origin pipe |
ASN/network enrichment for IP addresses via Team Cymru DNS queries |
Configuration
system {
name-server [8.8.8.8 1.1.1.1]
dns {
resolv-conf-path /tmp/resolv.conf
timeout 5
cache-size 10000
cache-ttl 86400
}
}
| Option | Default | Description |
|---|---|---|
name-server |
(none) | Static DNS servers. First server used by ze internal resolver. All written to resolv.conf. |
resolv-conf-path |
/tmp/resolv.conf |
Path for resolv.conf. Default suits gokrazy (read-only rootfs). Empty disables writing. |
timeout |
5 | Query timeout in seconds (1-60) |
cache-size |
10000 | Maximum cached entries (0 disables caching) |
cache-ttl |
86400 | Maximum cache TTL in seconds (0 uses response TTL only) |
DHCP interaction
When name-server is configured, DHCP-discovered DNS servers do not overwrite
resolv.conf. When no static servers are configured, DHCP writes DNS servers to
resolv-conf-path as before (last-writer-wins across interfaces).
Cache management
The DNS cache can be inspected and managed at runtime via CLI commands.
Inspection:
show dns cache stats # Hit/miss/eviction counters + rates
show dns cache list # All non-expired entries (sorted by TTL)
show dns cache record example.com # Entries for a specific name
Clearing:
clear dns cache # Flush all entries and reset counters
clear dns cache stats # Zero counters without removing entries
clear dns cache record example.com # Delete entries for a name (all types)
clear dns cache record example.com type AAAA # Delete a single name+type entry
Pipe operators
Two pipe operators enrich JSON output from any command with DNS-based lookups:
| Pipe | Description |
|---|---|
\| resolve |
Adds a <key>-name field with the PTR (reverse DNS) hostname for each IP address value in the JSON output. Uses the system DNS resolver with cache. 500ms timeout per lookup. |
\| origin |
Adds <key>-asn, <key>-as-name, and <key>-prefix fields for each IP address value via Team Cymru DNS queries. 2s timeout. |
Both pipes walk JSON values, detect IP addresses, and add sibling fields.
They work on any command output, including show traceroute, show bgp summary, etc.
In monitor traceroute | log mode, they enrich the hop legend.
Reload behavior
DNS resolver settings and resolv.conf are applied at startup. Changing
name-server or dns settings via config reload requires a process restart
to take effect.