dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life
is to route traffic to the best server, delivering top performance to
legitimate users while shunting or blocking abusive traffic.

dnsdist is dynamic, its configuration language is Lua and it can be can be
changed at runtime, and its statistics can be queried from a console-like
interface or an HTTP API.

dnsdist is used to protect and optimize the DNS traffic of hundreds of millions
of internet subscribers.

 * IPv4, UDP/TCP
 * IPv6, UDP/TCP, 100% compliant
 * Remotely pollable statistics for real time graphing
 * High performance
 * SNMP statistics bridge (read only)
 * Dynamically route queries to backend servers
 * Advanced anti-spoofing measures
 * Reconfiguration without downtime
 * Kernel based filtering of harmful traffic, rejecting packets at 'line speed'
 * Internal Lua-based scripted answer generation
 * Question interception, answer reconditioning, NXDOMAIN redirection
   - Including 'block lists' and security measures
 * Built-in memory efficient cache for increased performance
 * Ability to continue serving data from cache for non-responsive backends
 * Smart rate limiting per user, per subnet, per domain
 * Capable of writing dynamic rules to block harmful traffic

WWW: https://dnsdist.org/