[dnsdist] dnsdist Digest, Vol 85, Issue 4

Александр Масленников alexander.a.maslennikov at gmail.com
Wed Nov 9 13:28:05 UTC 2022 

Hi

In your case, AXFR/IXFR/Notify come to dnsdist and then go to PowerDNS from
the loopback interface. And in the opposite direction along the same chain,
but in reverse order.
You can try something like this configuration, with explicit routing

# On secondary
# pdns.conf
trusted-notification-proxy=127.0.0.1

# dnsdist.conf
setLocal("192.168.1.4:53")
addLocal("127.0.0.1:53")

newServer({address="127.0.0.1:5053", name="auth", pool="auth"})
newServer({address="192.168.1.3:53", name="primary", pool="primary"})

addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("
192.168.1.3/ 32"))}), RCodeAction(DNSRCode.REFUSED))
addAction(AndRule({OpcodeRule(DNSOpcode.Notify), makeRule("192.168.1.3/32")}),
PoolAction("auth"))
addAction(AndRule({OrRule({QTypeRule(DNSQType.SOA), QTypeRule(DNSQType.NS),
QTyp eRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), makeRule("
127.0.0.1/32")} ), Po olAction("primary"))


# On primary
# pdns.conf
allow-axfr-ips=127.0.0.1/8
also-notify=192.168.1.4,127.0.0.1

# dnsdist.conf
setLocal("192.168.1.3:53")
addLocal("127.0.0.1:53")

newServer({address="127.0.0.1:5053", name="auth", pool="auth"})
newServer({address="192.168.1.4:53", name="secondary", pool="secondary"})

addAction(AndRule({OrRule({QTypeRule(DNSQType.AXFR),
QTypeRule(DNSQType.IXFR)}), NotRule(makeRule("192.168.1.4/32"))}),
RCodeAction(DNSRCode.REFUSED))
addAction(AndRule({OrRule({QTypeRule(DNSQType.SOA), QTypeRule(DNSQType.NS),
QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), makeRule("
192.168.1.4/32")}) , PoolAction("auth"))
addAction(AndRule({OpcodeRule(DNSOpcode.Notify), makeRule("127.0.0.1/32")}),
PoolAction("secondary"))

ср, 9 нояб. 2022 г. в 15:00, <dnsdist-request at mailman.powerdns.com>:

> Send dnsdist mailing list submissions to
>         dnsdist at mailman.powerdns.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://mailman.powerdns.com/mailman/listinfo/dnsdist
> or, via email, send a message with subject or body 'help' to
>         dnsdist-request at mailman.powerdns.com
>
> You can reach the person managing the list at
>         dnsdist-owner at mailman.powerdns.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of dnsdist digest..."
>
>
> Today's Topics:
>
>    1. powerdns + dnsdist on docker (Andre Magri)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 9 Nov 2022 12:52:43 +0100
> From: Andre Magri <andremag at gmail.com>
> To: dnsdist at mailman.powerdns.com
> Subject: [dnsdist] powerdns + dnsdist on docker
> Message-ID:
>         <CADO7uLBXA8YYSibwDFj4DA6MMHi=
> ie0GSzgQLXE_LLAzVyZADw at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
> I've been trying to solve a replication issue without success so I'm hoping
> someone can help me.
>
> When the master (docker1.home.local) sends a NOTIFY to the slave (
> docker2.home.local) I get this on the slave:
>
> pdns-auth-1      | Nov 09 11:44:06 Received NOTIFY for home.local from
> 172.18.0.4 for which we are not authoritative, trying supermaster
> pdns-auth-1      | Nov 09 11:44:06 Error resolving SOA or NS for home.local
> at: 172.18.0.4: Query to '172.18.0.4' for SOA of 'home.local' produced no
> answers
>
> I tried adding the following to slave dnsdist.conf but then I get no more
> logs on the slave:
> newServer({address="docker1.home.local", useClientSubnet=true,
> name="supermaster1", pool="supermasters"})
> addAction(OrRule({QTypeRule(DNSQType.SOA), QTypeRule(DNSQType.AXFR),
> QTypeRule(DNSQType.IXFR)}), PoolAction("supermasters"))
>
>
> I figured that the slave is not querying the master for the SOA even though
> the supermasters table is populated with the master ip.
>
> I'm also using *useClientSubnet=true* in all my server declarations.
>
> I'd appreciate any help and thank you in advance.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.powerdns.com/pipermail/dnsdist/attachments/20221109/6dbd4ac4/attachment-0001.htm
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>
>
> ------------------------------
>
> End of dnsdist Digest, Vol 85, Issue 4
> **************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20221109/41091471/attachment.htm>

More information about the dnsdist mailing list