[dnsdist] dnsdist NOTIFY distribution

Fri Mar 8 15:28:32 UTC 2019

Hi,

I’ve tested this solution, all works as expected. I have only one problem. nproxy is running with these parameters :

	nproxy -v --chroot /tmp/ --setuid 108 --setgid 112 --listen-port 55 --origin-address 10.0.0.1 --listen-address SlaveWANIP1 --listen-address SlaveWANIP2 --powerdns-address 10.0.0.11
	nproxy -v --chroot /tmp/ --setuid 108 --setgid 112 --listen-port 55 --origin-address 10.0.0.1 --listen-address SlaveWANIP1 --listen-address SlaveWANIP2 --powerdns-address 10.0.0.12
	nproxy -v --chroot /tmp/ --setuid 108 --setgid 112 --listen-port 55 --origin-address 10.0.0.1 --listen-address SlaveWANIP1 --listen-address SlaveWANIP2 --powerdns-address 10.0.0.13
	nproxy -v --chroot /tmp/ --setuid 108 --setgid 112 --listen-port 55 --origin-address 10.0.0.1 --listen-address SlaveWANIP1 --listen-address SlaveWANIP2 --powerdns-address 10.0.0.14

when I set origin-address with my LB VIP(10.0.0.1) from LAN interface, pdns's behind LB thinks this is host from which it should do AXFR but this is LAN LB IP not Master IP. So I need master IP here but it could not be assigned because it’s in Internet public IP address of another server. Any suggestions how to solve this ?

This is my setup :

Master (MasterWANIP1 sends notify) -> Slave (SlaveWANIP1/SlaveWANIP2) LB running 4x nproxy (this proxy sends notify requests to LAN nodes) -> SLAVE PDNSs (pool of 4 nodes) (LAN IPs from range 10.0.0.0/24)

BR,
Martin

> On 27 Feb 2019, at 10:55, Martin Toth <snowmailer at gmail.com> wrote:
> 
> This is really cool idea, will test it today and let you know if it works.
> 
> Stay tuned!
> 
> BR. Martin
> 
>> On 27 Feb 2019, at 06:34, abang at t-ipnet.net <mailto:abang at t-ipnet.net> wrote:
>> 
>> 
>> 
>> Hello Martin,
>> 
>> Am 26. Februar 2019 17:07:25 MEZ schrieb Martin Toth <snowmailer at gmail.com <mailto:snowmailer at gmail.com>>:
>>> Hi,
>>> 
>>> Thanks for your interest. I am using dnsdist as a loadbalancer and
>>> slave nodes are in DMZ behind dnsdist. Only dnsdist server has public
>>> IPs that can be reached from Master public IP (master is located in
>>> other datacentre).
>>> Is my usecase not designed well? I thought dnsdist was designed to be
>>> used as LB for DNS services. Do you have any suggestions how to solve
>>> this or what workround should I use ?
>> 
>> Did not try it myself, but could be an option: https://doc.powerdns.com/authoritative/manpages/nproxy.1.html <https://doc.powerdns.com/authoritative/manpages/nproxy.1.html>
>> 
>>> 
>>> Thanks.
>>> 
>>> BR,
>>> 
>>>> On 26 Feb 2019, at 16:59, Remi Gacogne <remi.gacogne at powerdns.com <mailto:remi.gacogne at powerdns.com>>
>>> wrote:
>>>> 
>>>> Hi Martin,
>>>> 
>>>> On 2/26/19 3:58 PM, Martin Toth wrote:
>>>>> I just want to ensure myself how NOTIFY distribution in DNSDIST
>>>>> exactly works. My setup looks like this - MASTER -> DNSDIST -> SLAVE
>>>>> PDNSs (pool of 4 nodes)
>>>>> 
>>>>> My Question is if MASTER will send NOTIFY to DNSDIST, will DNSDIST
>>>>> redistribute these NOTIFY to all SLAVES in DNSDIST backend? How to I
>>>>> achieve situation that all slaves in dnsdist backend will be
>>> notified
>>>>> of zone change on MASTER?
>>>> 
>>>> I'm afraid you can't, dnsdist can route a query only to a single
>>>> backend, with the exception of the TeeAction, but I would advise
>>> against
>>>> trying to use it for that case.
>>>> Is there a reason your master doesn't speak to the slaves directly?
>>>> 
>>>> Best regards,
>>>> -- 
>>>> Remi Gacogne
>>>> PowerDNS.COM <http://powerdns.com/> BV - https://www.powerdns.com/ <https://www.powerdns.com/>
>> 
>> 
>> Winfried 
>> _______________________________________________
>> dnsdist mailing list
>> dnsdist at mailman.powerdns.com <mailto:dnsdist at mailman.powerdns.com>
>> https://mailman.powerdns.com/mailman/listinfo/dnsdist <https://mailman.powerdns.com/mailman/listinfo/dnsdist>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190308/0dd89955/attachment.html>