<div dir="ltr"><div dir="ltr"><div>Dear PowerDNS Users,</div><div><br></div><div>So I have a situation where I have all my servers going through DNSDist for DNS queries. I have my configuration setup so that it routes certain domains to various internal Authoritative DNS servers, and also a route to allow recursion. What I am seeing is that when a request comes in for a record (ie: one of my internal domains) and then gets routed to my Authoritative server that then is a CNAME to say an Amazon ELB address, it isn’t able to then recurse the ELB address to get the IP addresses. I am hoping that there is some Lua code that maybe I can put in the DNSDist to allow the query to first go to the Authoritative server, then take that answer and send to recursion server to get the final answer and then send that back to the client.</div><div><br></div><div>Seems like the one suggestion on the website is to point to the recursion server and have it then point your domains to the Authoritative server for the Internal answer, seems a bit strange to have to do it that way.</div><div><br></div><div>But I would assume with the Power of Lua, that I could write something to let me query Authoritative get that answer, then send to the Recursor for the recursion answer and then send that back?</div><div><br></div><div>My config is something like this currently:</div><div><br></div><div><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">newServer({address="<a href="http://10.0.1.31:53" target="_blank">10.0.1.31:53</a>", pool="auth_internal"})</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">newServer({address="<a href="http://10.0.1.32:53" target="_blank">10.0.1.32:53</a>", pool="auth_internal"})</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">newServer({address="<a href="http://10.0.1.33:53" target="_blank">10.0.1.33:53</a>", pool="resolver_internal"})</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">newServer({address="<a href="http://10.0.1.34:53" target="_blank">10.0.1.34:53</a>", pool="resolver_internal"})</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">newServer({address="<a href="http://10.0.1.253:53" target="_blank">10.0.1.253:53</a>", pool="auth_internal_external"})</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">pc = newPacketCache(100000)</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">getPool("resolver_internal"):setCache(pc)</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">match_clients_internal = newNMG()</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">match_clients_internal:addMask("<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>")</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">match_clients_internal:addMask("::1/0")</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">match_destinations_internal = newNMG()</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">match_destinations_internal:addMask("<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>")</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">match_destinations_internal:addMask("::0/0")</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">allow_query_internal = newNMG()</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">allow_query_internal:addMask("<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>")</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">allow_query_internal:addMask("::0/0")</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">allow_recursion_internal = newNMG()</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">allow_recursion_internal:addMask("<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>")</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">authdomains_internal = newSuffixMatchNode()</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">allow_transfer_internal = {}</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">authdomains_internal:add(newDNSName("linuxstack.cloud."))</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">authdomains_internal:add(newDNSName("in-addr.arpa."))</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">authdomains_internal_external = newSuffixMatchNode()</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">authdomains_internal_external:add(newDNSName("<a href="http://routed-bind-domain.com" target="_blank">routed-bind-domain.com</a>."))</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">addAction((), LogAction("/var/log/dnsdist.log", false, true, false))</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">function xfr_query_internal(dq)</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">        if(dq.qtype == dnsdist.AXFR or dq.qtype == dnsdist.IXFR)</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">        then</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">                a = allow_transfer_internal[string.lower(dq.qname:toString())]</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">                if(match_clients_internal:match(dq.remoteaddr) and a:match(dq.remoteaddr))</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">                then</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">                return DNSAction.Pool, "auth_internal"</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">end</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">        end</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">        return DNSAction.None, ""</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">end</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">addAction(AndRule({NetmaskGroupRule(match_clients_internal), NotRule(NetmaskGroupRule(allow_query_internal))}), RCodeAction(5))</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">addAction(AndRule({NetmaskGroupRule(match_clients_internal), NotRule(QTypeRule(dnsdist.AXFR)), NotRule(QTypeRule(dnsdist.IXFR)), SuffixMatchNodeRule(authdomains_internal)}), PoolAction("auth_internal"))</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">addAction(AndRule({NetmaskGroupRule(match_clients_internal), NotRule(QTypeRule(dnsdist.AXFR)), NotRule(QTypeRule(dnsdist.IXFR)), SuffixMatchNodeRule(authdomains_internal_external)}), PoolAction("auth_internal_external"))</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">addAction(AndRule({NetmaskGroupRule(match_clients_internal), NotRule(QTypeRule(dnsdist.AXFR)), NotRule(QTypeRule(dnsdist.IXFR)), NetmaskGroupRule(allow_recursion_internal)}), PoolAction("resolver_internal"))</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">addLuaAction(".", xfr_query_internal)</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">addAction(NetmaskGroupRule(match_clients_internal), RCodeAction(5))</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">function xfr_query_external(dq)</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">        if(dq.qtype == dnsdist.AXFR or dq.qtype == dnsdist.IXFR)</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">        then</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">                a = allow_transfer_external[string.lower(dq.qname:toString())]</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">                if(match_clients_external:match(dq.remoteaddr) and a:match(dq.remoteaddr))</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">                then</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">                return DNSAction.Pool, "auth_external"</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">end</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">        end</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">        return DNSAction.None, ""</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">end</p></div><div><br></div><div><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">setACL({})</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">addACL("<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>")</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">addACL("::0/0")</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">controlSocket("127.0.0.1")</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">addLocal("<a href="http://0.0.0.0:53" target="_blank">0.0.0.0:53</a>")</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">addLocal("[::]:53”)<br></p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)"><br></p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">Devin Acosta</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)">Red Hat Certified Architect</p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:"Helvetica Neue";color:rgb(38,38,38)"><br></p></div></div></div>