DNS
This reference covers all of Pomerium's DNS Settings:
- Failure Refresh Rate
- Lookup Family
- Query Timeout
- Query Tries
- Refresh Rate
- Resolvers
- UDP Max Queries
- Use TCP
Failure Refresh Rate
Failure Refresh Rate sets the DNS refresh rate when requests are failing.
How to Configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
dns_failure_refresh_rate | DNS_FAILURE_REFRESH_RATE | string (Go Duration formatting) | 5s |
Examples
dns_failure_refresh_rate: 10s
Set Failure Refresh Rate in the Console:
dns:
failureRefreshRate: 10s
Lookup Family
Lookup Family sets the DNS IP address resolution policy.
How to Configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
dns_lookup_family | DNS_LOOKUP_FAMILY | string | V4_PREFERRED |
Examples
default_lookup_family: AUTO
DEFAULT_LOOKUP_FAMILY=V6_ONLY
Set Lookup Family in the Console:
dns:
lookupFamily: V6_ONLY
Options
| Options | Description |
|---|---|
DEFAULT (Enterprise only) | Defers to configuration settings or default if none specified |
AUTO | DNS resolver will first perform a lookup for addresses in the IPv6 family and fallback to a lookup for addresses in the IPv4 family |
V4_ONLY | DNS resolver will only perform a lookup for addresses in the IPv4 family |
V6_ONLY | DNS resolver will only perform a lookup for addresses in the IPv6 family |
V4_PREFERRED | DNS resolver will first perform a lookup for addresses in the IPv4 family and fallback to a lookup for addresses in the IPv6 family |
ALL | DNS resolver will perform a lookup for both IPv4 and IPv6 families, and return all resolved addresses |
See the Envoy docs for more information about these options.
Query Timeout
Query Timeout sets the timeout for DNS queries.
How to Configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
dns_query_timeout | DNS_QUERY_TIMEOUT | string (Go Duration formatting) | 5s |
Examples
dns_query_timeout: 10s
Set Query Timeout in the Console:
dns:
queryTimeout: 10s
Query Tries
Query Tries sets the number of times a DNS query will be re-tried.
How to Configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
dns_query_tries | DNS_QUERY_TRIES | integer | 4 |
Examples
dns_query_tries: 7
Set Query Tries in the Console:
dns:
queryTries: 7
Refresh Rate
Refresh Rate sets the DNS refresh rate.
How to Configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
dns_refresh_rate | DNS_REFRESH_RATE | string (Go Duration formatting) | DNS record TTL, or 5s if not set |
Examples
dns_refresh_rate: 10s
Set Refresh Rate in the Console:
dns:
refreshRate: 10s
Resolvers
Resolvers allows you to specify a list of custom DNS resolvers for Pomerium to use instead of the system default. Each resolver should be specified as a URL in the format udp://<ip>:<port> or tcp://<ip>:<port>.
How to Configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
dns_resolvers | DNS_RESOLVERS | array of strings | System DNS resolvers |
Examples
dns_resolvers:
- udp://1.1.1.1:53
- udp://8.8.8.8:53
dns_resolvers:
- tcp://1.1.1.1:53
dns_resolvers is a bootstrap configuration setting and is not configurable in the Console.
dns:
resolvers:
- udp://1.1.1.1:53
- udp://8.8.8.8:53
UDP Max Queries
UDP Max Queries sets the maximum number of queries before a new UDP port is opened.
How to Configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
dns_udp_max_queries | DNS_UDP_MAX_QUERIES | integer | 100 |
Examples
dns_udp_max_queries: 100
Set UDP Max Queries in the Console:
dns:
udpMaxQueries: 100
Use TCP
Use TCP configures Pomerium to use TCP instead of UDP for DNS queries.
How to Configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
dns_use_tcp | DNS_USE_TCP | boolean | false |
Examples
dns_use_tcp: true
Set Use TCP in the Console:
dns:
useTcp: true