[dnsdist] dnsdist Action dependant on source IP and queried domain

Jochen Demmer jdemmer at relaix.net
Thu Feb 27 09:58:42 UTC 2020


In your example queries from internal network are being redirected to
the pool that can answer those.

> addAction(AndRule({NetmaskGroupRule(internal_dns_ips, false),
> NetmaskGroupRule(internal_network)}), PoolAction('internal_auth_pool'))


But queries from internal network do not neccessarily ask only for
internal zones, they might as well need recursion or maybe even the
public pool.
How can I handle that? Should the DNS server that the clients of the
internal network use make the distinction between where normal recursive
queries shall be sent to and where to send those who are private domains?

Jochen

Am 27.02.20 um 10:33 schrieb Jacob Bunk Nielsen via dnsdist:
> On 27/02/2020 10.15, Jochen Demmer via dnsdist wrote:
>> this makes it very much clear so far where to go, just one more
>> question.
>> What if I want to have only ONE cluster of powerdns auth servers who
>> answer both private and public domains? How can dnsdist distinguish
>> between those, can it?
>
> That was what I was trying to help you achieve with the config
> example. Only my example would not prevent you from asking the public
> auth server about things that should only be served for internal use
> if those two frontends end up asking the same backend.
>
> I'd run two PowerDNS instances in your situation, one for public zones
> and one for private zones.
>
> Best regards,
>
> Jacob
>
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

-- 
Jochen Demmer
System- und Netzwerkspezialist

RelAix Networks GmbH
Auf der Hüls 172
52068 Aachen

Tel.:      0241 / 990001-206
Fax:       0241 / 990001-149
E-Mail:    jdemmer at relaix.net
Internet:  http://www.relaix.net/

Geschäftsführer: Thomas Neugebauer
Amtsgericht Aachen, HRB 15108




More information about the dnsdist mailing list