[dnsdist] automatically forward query from the problematic domain

Thu Feb 29 05:12:40 UTC 2024

Thanks for your response,

May I add that it's not the authoritative DNS, but it's the ccTLD DNS
server (example like server for .com.country_names, .co.country_names, or
.net.country_names)

There was a time when this DNS server was down, all of the traffic from the
country's local ISP (who's using their own DNS server) unable to resolve
the internet banking domain names, however the record usually still cached
on the public DNS server (e.g. Google).

So there's no problem in IP connectivity from client to server, only
problem is DNS cannot be resolved, because ccTLD DNS server is down.

On Thu, Feb 29, 2024 at 12:09 AM Nico Cartron <nicolas at ncartron.org> wrote:

>
> > On 28 Feb 2024, at 14:26, Affan Basalamah via dnsdist <
> dnsdist at mailman.powerdns.com> wrote:
> >
> > 
> > Hi,
> >
> > I'm responsible for managing DNS server for service providers, and they
> request that DNS server usually have some important domain from my country
> ccTLD that usually can't be resolved because of the their authoritative DNS
> was not reliable, and every user usually contacted the service provider,
> and they ask us to forward these domains to public DNS resolver (google,
> CF, etc)
> >
> > Usually it become repetitive & menial effort from our side, and I wonder
> how it's possible these logic can be achieved using DNSDist:
> >
> > - DNSDist is installed in front of provider DNS server, and create
> default pool for provider DNS server
> > - Create another pool for public DNS server (google, CF, Q9, etc)
> > - Can I create list of domain that usually problematic to be redirected
> to the public DNS pool?
> > - Can I create rules for these domains to be forwarded to the public DNS
> pool?
> > - Can I create health check for these rules to be activated (every 1 or
> 5 minutes, to check whether the authoritative DNS server for these domain
> is still alive), and if the authoritative server is down, the rules is
> activated, these domains is forwarded to public DNS pool
> > - After health check find out the authoritative DNS server is alive, the
> rule is disabled, the domain is resolved via the provider DNS
> >
> >
> > Sorry because I don't completely understand the capability of DNSdist,
> but I hope you can shed some light to me about this, and I hope DNSdist can
> solve this kind of problem.
>
> Hi,
>
> I don’t get how forwarding the request to a public DNS such as Cloudflare
> or Google would fix your issue, since you said that was the Authoritative
> servers responsible for those domains that had issues?

-- 
-affan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20240229/f325c4fe/attachment-0001.htm>