[dnsdist] DNS use cases as authoritative dns server facing public internet

Andreas Danzer andreas at danzer.org
Thu Jan 23 10:07:24 UTC 2020


> I have a question regarding the posture of dnsdist as authoritative dns
> server facing public internet.
> How will be the design if you would put the dnsdist (load balancer)
> infront the origin DNS servers?
> I have two (2) internet facing authoritative DNS translated from my
> firewall. Can I also do NAT on dnsdist
> while the origin dns servers will be on private IP address?

our authoriative nameservers are built with dnsdist as loadbalancer in
front of several powerdns-servers. Some of those backend servers are
running on private RFC1918 IP addresses, with only dnsdist having a
global routeable IP. Dnsdist also serves as some sort of dns firewall
with rate-limiting and special handling of some request types (e.g.
ANY). We also use it to handle incoming/outgoing AXFR/IXFR requests and
notifications for customers based on an extra database and a hidden dns.
Think of dnsdist as the swiss army knife for DNS. ;-)

A. Danzer

More information about the dnsdist mailing list