[dnsdist] dnsdist Action dependant on source IP and queried domain
Jochen Demmer
jdemmer at relaix.net
Tue Feb 25 16:37:41 UTC 2020
Hi,
we're trying to make our DNS infrastructure great again. Currently we
use Bind as recursive servers for our clients (we're a small ISP) and
nsd for authoritative domains.
This is what I'm heading to do:
- run 2+ powerdns servers as authoritative for public domains as well as
our internal domains
- run 2+ dnsdist servers as load balancer with regex and ip dependant rules
- run xyz as recursive nameserver for our dialup / fibre clients
We have domains hosted for ourselves but also customers. We would like
to host those with powerdns with replicated postgres. As powerdns does
not have ACL we plan to run dnsdist in front of the powerdns in order to
make better decisions what to do with requests:
requests from the www, recursive: REFUSE
requests from the www, authoritative public domain: forward to powerdns
requests from the www, authoritative private domain: REFUSE
requests from our internal network, recursive: won't happen
requests from our internal network, authoritative public domain: forward
to powerdns
requests from our internal network, authoritative private domain:
forward to powerdns
The plan is to protect our private domains from being resolved from any
public IP. Will such kind of filter have big performance implications?
What is best practice to do so?
Thank you
--
Jochen Demmer
System- und Netzwerkspezialist
RelAix Networks GmbH
Auf der Hüls 172
52068 Aachen
Tel.: 0241 / 990001-206
Fax: 0241 / 990001-149
E-Mail: jdemmer at relaix.net
Internet: http://www.relaix.net/
Geschäftsführer: Thomas Neugebauer
Amtsgericht Aachen, HRB 15108
More information about the dnsdist
mailing list