[dnsdist] Implementing RFC7706 - Decreasing Access Time to Root Servers by Running One on Loopback
bert hubert
bert.hubert at powerdns.com
Tue Apr 18 18:18:59 UTC 2017
On Tue, Apr 18, 2017 at 07:33:33PM +0200, Maciej Soltysiak wrote:
> I'm playing and exploring dnsdist. I thought I setup RFC7706 for exercise.
Cool!
> I have nsd hosting the root zones as per the rfc on 127.12.12.12:53530 and
> I want the rest of the queries to go to google in this instance.
>
> Here's what I attempted:
> newServer({address="8.8.8.8", pool="primary"})
> newServer({address="127.12.12.12:53530", pool="root"})
> addPoolRule(".", "root")
>
> But when I dig a domain I see it says recursion requested but not available.
> What am I doing wrong?
Two things. First, because you put 8.8.8.8 in pool 'primary' it will never
get any traffic. Traffic that is not matched by addPoolRule() will go to the
default pool, not primary. And you defined no servers in the default pool
(called "").
Secondly, when you send a recursion desired request with your configuration
it will get forwarded straight to NSD, which does not want to resolve for
you since it is an authoritative only server. So what dig reports is
correct.
The reason it forwards everything is that addPoolRule() actually means
"forward everything within this zone". And everything is in the root zone.
If you actually only want to send queries for the exact root to your root
pool, this oddly enough has to be written like this today:
addAction(RegexRule("^$"), PoolAction("root"))
Does this help? Please let us know.
Bert
More information about the dnsdist
mailing list