[dnsdist] [EXT] Re: First alpha release of dnsdist 1.5.0

Remi Gacogne remi.gacogne at powerdns.com
Mon Mar 23 08:41:45 UTC 2020 

Hi Frederikn

On 3/21/20 2:16 PM, Frederik Pettai wrote:
>> On 20 Mar 2020, at 14:32, Remi Gacogne via dnsdist
>> <dnsdist at mailman.powerdns.com> wrote:
>> 
>> […] The most exciting new feature is the implementation of the
>> Proxy Protocol between dnsdist and its backends. Aimed to replace
>> the use of EDNS Client Subnet and our own XPF, the Proxy Protocol
>> is an existing standard where a small header is prepended to the
>> query, passing not only the source and destination addresses and
>> ports along to the backend, but also custom values. Support for
>> parsing the Proxy Protocol is already available in the development
>> tree of the PowerDNS Recursor.
> 
> From the text above, It’s not clear what the supported scope is, but
> I interpret that it’s supported for all DNS services.

It is supported for UDP and TCP communications between dnsdist and its
backend.

> This existing standard that text is referring to, which one is it?
> The Github pull request (https://github.com/PowerDNS/pdns/pull/8874)
> in the release notes for this work doesn’t reference that either.
> Only IETF dns proxy search results that I found was on XPF
> (https://tools.ietf.org/id/draft-bellis-dnsop-xpf-02.html) which the
> text above says is going to be replaced...
> 
> But going back to previous work on Github, this reference comes up: 
> https://www.haproxy.org/download/1.9/doc/proxy-protocol.txt

That's the one. It's also documented there [1], although I now realize
that I have not documented that we support only the binary (v2) version,
not the plain-text one. I'll update the documentation.

> Have you or anyone else been discussing support for this with other
> DNS software vendors too? If yes, was the reactions good? (Good like
> "we’re going to consider adopting that too” ?)

Yes, we discussed that we other DNS software vendors and the feedback
was positive, in the sense that it is a better solution than every other
ones we considered. We can't promise that they will implement it, but
they are certainly considering it.

[1]: https://dnsdist.org/advanced/proxyprotocol.html

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20200323/cc80cd65/attachment.sig>

More information about the dnsdist mailing list