[dnsdist] Trafic redirect via ports

Thibaud Dublé thibaud.duble at wanadoo.fr
Thu Mar 23 15:26:11 UTC 2017 

Hi Bert,
 
Thank you for your answer it helped me to get what I wanted.
 
I think this previous post might help you to understand what I wanted :
https://mailman.powerdns.com/pipermail/dnsdist/2016-December/000247.html
 
To summarize, 
I want queries going to 10.255.0.100 to be treated by the bind1 pool
And I want queries going to 10.255.0.200 to be treated by the bind2 pool
Finally, if all the BIND servers (containers) go down, I send the incoming queries to the other dnsdist on the second host server.
 
I was using the addPoolRule() function the opposite way, so I added the "false' parameter in order to match the destination ip:port.
 
 
This is now how my config and function look like: 
 
bind1NMG = newNMG()
bind1NMG:addMask("10.255.0.100/32")
bind1NMG:addMask("10.255.1.100/32")
bind1NMG:addMask("172.17.0.11/24")
 
addPoolRule(NetmaskGroupRule(bind1NMG , false),"bind")
 
bind2NMG = newNMG()
bind2NMG:addMask("10.255.0.200/32")
bind2NMG:addMask("10.255.1.200/32")
bind2NMG:addMask("172.17.0.11/24")
 
addPoolRule(NetmaskGroupRule(bind2NMG , false),"bind2")
 
function portSelection(dq)
        if(dq.localAddr:getPort()==5353) then
                return DNSAction.Pool, "bind"
        else if(dq.localAddr:getPort()==5354) then
                return DNSAction.Pool, "bind2"
        end
        end
end
 

addLuaAction("172.17.0.10/24", portSelection)
 
I hope it also helps you as much as it helped me.
 
Regards,
Thibaud

 
 
 
 
> Message du 23/03/17 13:29
> De : "bert hubert" 
> A : "Thibaud Dublé" 
> Copie à : dnsdist at mailman.powerdns.com
> Objet : Re: [dnsdist] Trafic redirect via ports
> 
> On Thu, Mar 23, 2017 at 09:51:09AM +0100, Thibaud Dublé wrote:
> > The first idea was to send traffic to the other dnsdist for "pool1" on port 5353 and traffic for "pool2" on port 5354,
> > but it looks like it is impossible to add Pool Rules to a specific IP:port.
> 
> Hi Thibaud,
> 
> I am a bit confused. I think I know what you mean, but perhaps can you
> clarify. 
> 
> > Ideally, the pool rule config would look like this :
> >  
> > bind1NMG = newNMG()
> > bind1NMG:addMask("10.255.0.100/32")
> > bind1NMG:addMask("10.255.1.100/32")
> > bind1NMG:addMask("172.17.0.11:5353")
> 
> So you want to add source port selection to the rule?
> 
> Are you sure traffic will always come in from that source port? Usually that
> is not the case as source ports tend to be dynamic.
> 
> If this is what you want, today you could do that with a Lua selection rule:
> function luarule(dq)
> if(dq.remoteAddr:getPort()==5353) 
> then
> return DNSAction.Pool, "bind" 
> else
> return DNSAction.Pool, "bind2" 
> end
> end
> 
> And then:
> addLuaAction("172.17.0.11/32", luarule)
> 
> You may need to change this a little bit to compensate for typos or errors,
> but this is the idea.
> 
> Good luck - if this really solves your problem we could make a direct rule
> for it. Please let us know.
> 
> Bert
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20170323/4227c314/attachment.html>

More information about the dnsdist mailing list