[dnsdist] R: Split horizon and forward zone

Simone Beccato s.beccato at it.net
Thu Feb 4 12:27:06 UTC 2021


Hi,
do you have any suggestions?

Is there a way to re-route an incoming request to another backend server if the default one reply with an NXDOMAIN?

Best
Simone

----------------------------------------------
Simone Beccato

Cloud Architect

[cid:image001.png at 01D6FAF9.6C998750]
Via del Bosco Rinnovato, 8
20090 Assago (MI)
ITnet<http://www.it.net/> | LinkedIn<https://www.linkedin.com/company/itnet-srl> | Group<http://www.otmtinvestments.com/ITnet.html>

Da: dnsdist <dnsdist-bounces at mailman.powerdns.com> Per conto di Simone Beccato via dnsdist
Inviato: lunedì 1 febbraio 2021 15:42
A: dnsdist at mailman.powerdns.com
Oggetto: [dnsdist] Split horizon and forward zone

Hi all,

I setup my environment with "split horizon" logic, using two Auth servers, one for public zones and another one for private zones, all works correctly.

Now I want internal clients resolve some public zones with private ips, I know that I can duplicate the zone from public auth server to private auth server changing ip addresses but this way I need to maintain the same zone on both server with different resolution, example:

www.mycompany.net<http://www.mycompany.net> -> 1.1.1.1  (public resolution)
www.mycompany.net<http://www.mycompany.net> -> 192.168.1.1  (private resolution)

I have the zone mycompany.net on both auth servers (public and private) and the record "www" is resolved with "1.1.1.1" on public auth server and "192.168.1.1" on the private one.
Assuming I need to add a record "ftp.mycompany.net<ftp://ftp.mycompany.net>"  only with public resolution i need to configure the record also on the internal auth with the same public ip, otherwise internal client will receive an NXDOMAIN.

Here my question:
Can I manage on dnsdist or pdnsRecursor this issue? I think something like that:

1. Private client ask private dns to resolve ftp.mycompany.net<ftp://ftp.mycompany.net>
2. Private dns try to resolve it but the record is not present and generate an NXDOMAIN
3. "someone?" intercept this NXDOMAIN and forward the same request to the public dns
4. private client get the answer

If this is possible, maybe with lua, I can add to the zone in the private dns only records that overrides the public ones, without to manage full zone on both dns.

Someone have some suggestions?

Hope my request is clear!

Thanks to all
Simone

----------------------------------------------
Simone Beccato

Cloud Architect

[cid:image001.png at 01D6FAF9.6C998750]
Via del Bosco Rinnovato, 8
20090 Assago (MI)
ITnet<http://www.it.net/> | LinkedIn<https://www.linkedin.com/company/itnet-srl> | Group<http://www.otmtinvestments.com/ITnet.html>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20210204/add9c4cb/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2178 bytes
Desc: image001.png
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20210204/add9c4cb/attachment.png>


More information about the dnsdist mailing list