[dnsdist] Handling auth and recursive queries

Chris lists at shthead.net
Mon Dec 12 03:42:47 UTC 2016 

Hi all,

I am looking at using dnsdist in my environment.

Currently my environment in each location is:

3 physical servers
Each physical server runs 3 different PowerDNS auth instances (one is 
for our own domains, one is for customers with shared hosting and one is 
for customers with only dns hosting).
Each physical server also runs a PowerDNS recursor instance.

I currently manage distributing traffic using BGP - load balancing is 
taken care of by equal cost multipath and failover is provided by 
running a health check to ensure the servers are up and withdrawing 
routes if they are down.

This all works great but I would like to start using dnsdist. The setup 
I am planning for is:

3 physical servers running esxi
Each physical server running 3 VM's - dnsdist, PowerDNS auth and 
PowerDNS recursor
dnsdist has the public IP's on it, use BGP to manage load 
balancing/failover for traffic destined to dnsdist.
dnsdist to manage the load balancing/failover for traffic destined to 
PowerDNS auth and caching.

What I would like to to do is run an instance of dnsdist with a config 
like this:

newServer({address="10.254.1.10", pool="dnscache"})
newServer({address="10.254.1.11", pool="dnscache"})
newServer({address="10.254.1.12", pool="dnscache"})
newServer({address="10.254.1.20", pool="dnsauth-internal"})
newServer({address="10.254.1.21", pool="dnsauth-internal"})
newServer({address="10.254.1.22", pool="dnsauth-internal"})
newServer({address="10.254.1.30", pool="dnsauth-shared"})
newServer({address="10.254.1.31", pool="dnsauth-shared"})
newServer({address="10.254.1.32", pool="dnsauth-shared"})
newServer({address="10.254.1.40", pool="dnsauth-dnshosting"})
newServer({address="10.254.1.41", pool="dnsauth-dnshosting"})
newServer({address="10.254.1.42", pool="dnsauth-dnshosting"})

The part I am stuck on is it does not appear to be possible to direct 
queries to certain IP's to certain pools. As an example, my caching 
resolver IP's are 10.254.1.1, 10.254.1.2. I use addLocal like this:

addLocal("10.254.1.1:53")
addLocal("10.254.1.2:53")

I want to direct all queries destined to those two IP's to the dnscache 
pool. I want to do the same thing for the other "addLocal" IP's as well, 
queries to the IP's for our own domains should go to pool 
dnsauth-internal, queries for the IP's for shared hosting should go to 
pool dnsauth-shared etc. Is this possible with dnsdist? I can see how I 
can do it based on filtering the domains but at the scale I am using 
this it isn't really possible for me, the dnsauth-shared pool for 
example has over 2M domains, dnsauth-dnshosting has over 4M domains and 
there are very frequent changes to the domains for these.

If not my other option is running 4 seperate dnsdist instances, but I 
wanted to try and avoid that if possible to keep things simple.

Thanks

More information about the dnsdist mailing list