[dnsdist] DNS use cases as authoritative dns server facing public internet
Andreas Danzer
andreas at danzer.org
Thu Jan 23 10:07:24 UTC 2020
Hi,
> I have a question regarding the posture of dnsdist as authoritative dns
> server facing public internet.
> How will be the design if you would put the dnsdist (load balancer)
> infront the origin DNS servers?
> I have two (2) internet facing authoritative DNS translated from my
> firewall. Can I also do NAT on dnsdist
> while the origin dns servers will be on private IP address?
our authoriative nameservers are built with dnsdist as loadbalancer in
front of several powerdns-servers. Some of those backend servers are
running on private RFC1918 IP addresses, with only dnsdist having a
global routeable IP. Dnsdist also serves as some sort of dns firewall
with rate-limiting and special handling of some request types (e.g.
ANY). We also use it to handle incoming/outgoing AXFR/IXFR requests and
notifications for customers based on an extra database and a hidden dns.
Think of dnsdist as the swiss army knife for DNS. ;-)
Regards,
A. Danzer
More information about the dnsdist
mailing list