[dnsdist] Implementing RFC7706 - Decreasing Access Time to Root Servers by Running One on Loopback

bert hubert bert.hubert at powerdns.com
Tue Apr 18 18:18:59 UTC 2017

On Tue, Apr 18, 2017 at 07:33:33PM +0200, Maciej Soltysiak wrote:
> I'm playing and exploring dnsdist. I thought I setup RFC7706 for exercise.


> I have nsd hosting the root zones as per the rfc on and
> I want the rest of the queries to go to google in this instance.
> Here's what I attempted:
> newServer({address="", pool="primary"})
> newServer({address="", pool="root"})
> addPoolRule(".", "root")
> But when I dig a domain I see it says recursion requested but not available.
> What am I doing wrong?

Two things. First, because you put in pool 'primary' it will never
get any traffic. Traffic that is not matched by addPoolRule() will go to the
default pool, not primary. And you defined no servers in the default pool
(called ""). 

Secondly, when you send a recursion desired request with your configuration
it will get forwarded straight to NSD, which does not want to resolve for
you since it is an authoritative only server. So what dig reports is

The reason it forwards everything is that addPoolRule() actually means
"forward everything within this zone". And everything is in the root zone.

If you actually only want to send queries for the exact root to your root
pool, this oddly enough has to be written like this today:

addAction(RegexRule("^$"), PoolAction("root"))

Does this help? Please let us know.


More information about the dnsdist mailing list