[dnsdist] How to force connect via TCP to downstream server?

Andrew Pogrebennyk andrew.nau.ua at gmail.com
Mon Sep 21 06:43:27 UTC 2020


Hi,
We have some strange behavior with one kind of server which does not
respond to healthcheck and I indeed see in Wireshark trace that
request is formatted as ANSI C12.22, and for whatever reason Wireshark
does not detect protocol DNS for that one. Maybe this is a valid
formatted request, I just didn't see it before. Normally dnsdist would
send the A query to resolve root DNS servers so I am wondering why the
difference.

Anyway I am testing with UDP now, the server appears as UP because
healthcheck is disabled. But it seems that we are again doing the
healthcheck (or whatever it is that appears as ANSI C12.22), before
sending the query to the downstream DNS according to the configured
rule and since dnsdist won't receive response to healthcheck it
doesn't send the actual query. Same behavior on 1.4.0 and 1.5.0
therefore I was wondering if you have any hints to workaround it.
I am happy to share the trace if that helps. Thanks in advance.

Regards,
Andrew


On Fri, Sep 4, 2020 at 4:49 PM Andrew Pogrebennyk
<andrew.nau.ua at gmail.com> wrote:
>
> Hello Remi,
> ok thank you for the very quick response with the hint.
>
> Best regards.
>
> On Fri, Sep 4, 2020 at 3:00 PM Remi Gacogne via dnsdist
> <dnsdist at mailman.powerdns.com> wrote:
> >
> > Hi Andrew,
> >
> > On 9/4/20 2:51 PM, Andrew Pogrebennyk via dnsdist wrote:
> > > I am using dnsdist as load-balancer because I want specific types of
> > > queries to be routed to different downstream servers. I have one
> > > specific server that only responds on TCP (non-standard port) but it is
> > > immediately marked as down because dnsdist is doing the healthcheck over
> > > UDP.
> > >
> > > So in my example below Enum DNS is only reachable via TCP. Is there a
> > > way to disable UDP to this server? I've added type = tcp under server,
> > > but it does not make any difference.
> > >
> > > I can't seem to find any documented switch in newServer() for that
> > > purpose - any ideas why?
> >
> > Unfortunately that feature doesn't exist, and I'm not sure it would make
> > sense to disable UDP in most cases. It would be nice to be able to do
> > the health checks over TCP, though, but that has not been implemented
> > yet either.
> > If you only care about TCP what you could do, however, is to disable the
> > health check for that backend:
> >
> > tcpServ = newServer({
> >     address = "8.8.8.8",
> >     name = "external_dns_1",
> >     pool = "ExternalPool",
> >     type = tcp,
> > })
> > tcpServ:setUp()
> >
> > Queries sent over TCP will then be forwarded over TCP. Queries received
> > over UDP will be sent over UDP, as usual, but if you only want TCP to
> > work that's fine.
> >
> > Hope that helps,
> >
> > --
> > Remi Gacogne
> > PowerDNS.COM BV - https://www.powerdns.com/
> >
> > _______________________________________________
> > dnsdist mailing list
> > dnsdist at mailman.powerdns.com
> > https://mailman.powerdns.com/mailman/listinfo/dnsdist
>
>
>
> --
> Regards,
> Andrew


More information about the dnsdist mailing list