[dnsdist] automatically forward query from the problematic domain

Thu Feb 29 09:52:10 UTC 2024

Thanks Mahdi for the reply,

Looking at it, I'll ask my client whether serving the stale data in
recursive DNS will solve the problem.

-affan

On Thu, Feb 29, 2024 at 1:35 PM Mahdi Adnan <mahdi at sysmin.io> wrote:

> Hello,
>
>  If the issue is intermitting and can be mitigated by serving cached data,
> maybe you can configure your recursive servers to serve expired data.
>
> On Thu, Feb 29, 2024 at 8:20 AM Affan Basalamah via dnsdist <
> dnsdist at mailman.powerdns.com> wrote:
>
>> Thanks for your response,
>>
>> May I add that it's not the authoritative DNS, but it's the ccTLD DNS
>> server (example like server for .com.country_names, .co.country_names, or
>> .net.country_names)
>>
>> There was a time when this DNS server was down, all of the traffic from
>> the country's local ISP (who's using their own DNS server) unable to
>> resolve the internet banking domain names, however the record usually still
>> cached on the public DNS server (e.g. Google).
>>
>> So there's no problem in IP connectivity from client to server, only
>> problem is DNS cannot be resolved, because ccTLD DNS server is down.
>>
>> On Thu, Feb 29, 2024 at 12:09 AM Nico Cartron <nicolas at ncartron.org>
>> wrote:
>>
>>>
>>> > On 28 Feb 2024, at 14:26, Affan Basalamah via dnsdist <
>>> dnsdist at mailman.powerdns.com> wrote:
>>> >
>>> > 
>>> > Hi,
>>> >
>>> > I'm responsible for managing DNS server for service providers, and
>>> they request that DNS server usually have some important domain from my
>>> country ccTLD that usually can't be resolved because of the their
>>> authoritative DNS was not reliable, and every user usually contacted the
>>> service provider, and they ask us to forward these domains to public DNS
>>> resolver (google, CF, etc)
>>> >
>>> > Usually it become repetitive & menial effort from our side, and I
>>> wonder how it's possible these logic can be achieved using DNSDist:
>>> >
>>> > - DNSDist is installed in front of provider DNS server, and create
>>> default pool for provider DNS server
>>> > - Create another pool for public DNS server (google, CF, Q9, etc)
>>> > - Can I create list of domain that usually problematic to be
>>> redirected to the public DNS pool?
>>> > - Can I create rules for these domains to be forwarded to the public
>>> DNS pool?
>>> > - Can I create health check for these rules to be activated (every 1
>>> or 5 minutes, to check whether the authoritative DNS server for these
>>> domain is still alive), and if the authoritative server is down, the rules
>>> is activated, these domains is forwarded to public DNS pool
>>> > - After health check find out the authoritative DNS server is alive,
>>> the rule is disabled, the domain is resolved via the provider DNS
>>> >
>>> >
>>> > Sorry because I don't completely understand the capability of DNSdist,
>>> but I hope you can shed some light to me about this, and I hope DNSdist can
>>> solve this kind of problem.
>>>
>>> Hi,
>>>
>>> I don’t get how forwarding the request to a public DNS such as
>>> Cloudflare or Google would fix your issue, since you said that was the
>>> Authoritative servers responsible for those domains that had issues?
>>
>>
>>
>> --
>> -affan
>> _______________________________________________
>> dnsdist mailing list
>> dnsdist at mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>>
>
>
> --
> Respectfully
> Mahdi A.
>

-- 
-affan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20240229/74989d87/attachment.htm>