[dnsdist] MAC addresses being grouped downstream

Larry Wapnitsky larry at wapnitsky.com
Sat Jun 3 07:00:02 UTC 2023 

I'm using dnsdist to route my clients based on subnet as to whether or not
they should be using my pihole server for adblocking. Overall, this works
great, but I"m noticing that pihole groups all queries by client to a
single MAC address, that of the dnsdist server. Is there a way to break
this out before it goes to the pihole server?

My dnsdist config:

setLocal('10.150.33.102')
addLocal('[2001:470:e1eb:33::102]:53')


webserver("10.150.33.102:8083")
setWebserverConfig({acl="10.150.0.0/8"})
setWebserverConfig({password='$scrypt$ln=10,p=1,r=***='})

addACL('10.150.0.0/8')
addACL('2001:470:e1eb::0/48')

setECSOverride(true)
setECSSourcePrefixV4(32)

newServer({address="10.150.33.5", name="ns1", pool="default", qps=1,
useClientSubnet=true})
newServer({address="10.150.33.6", name="ns2", qps=1, pool="default",
useClientSubnet=true})
newServer({address="10.150.33.7", name="ns3", pool="default", qps=1,
useClientSubnet=true})


newServer({address="10.150.33.15", name="ns1_auth", pool="auth",
checkName="wapnet.local.lan"})
newServer({address="2001:470:#", name="ns1_auth", pool="auth",
checkName="wapnet.local.lan"})
newServer({address="10.150.33.16", name="ns2_auth", pool="auth",
checkName="wapnet.local.lan"})

newServer({address="2001:470:#", name="ns1_auth", pool="auth",
checkName="wapnet.local.lan"})
newServer({address="10.150.33.17", name="ns3_auth", pool="auth",
checkName="wapnet.local.lan"})
newServer({address="2001:470:#", name="ns1_auth", pool="auth",
checkName="wapnet.local.lan"})

newServer({address="10.150.33.3:53", name="pihole", pool="pihole",
useClientSubnet=true,checkInterval=3600})

adblock_ips=newNMG()
adblock_ips:addMask('10.150.222.0/24')
adblock_ips:addMask('10.150.12.0/24')
adblock_ips:addMask('10.150.11.0/24')
adblock_ips:addMask('10.150.66.0/24')
adblock_ips:addMask('2001:470:e1eb:66::/64')
adblock_ips:addMask('10.150.100.0/24')
adblock_ips:addMask('2001:470:e1eb:100::/64')
adblock_ips:addMask('10.150.99.0/24')
adblock_ips:addMask('10.150.33.1/32')
adblock_ips:addMask('10.150.33.211/32')
adblock_ips:addMask('10.150.33.212/32')
addAction(NetmaskGroupRule(adblock_ips), PoolAction('pihole'))



addAction({'wapnet.local.lan'}, PoolAction("auth"))


addAction(AllRule(), PoolAction('default'))

-- setServerPolicy(firstAvailable)
setServerPolicy(whashed)



*Larry G. Wapnitsky*


*E: Larry at Wapnitsky.com*
*Web: Larry.Wapnitsky.com <http://larry.wapnitsky.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20230603/9faa7f57/attachment.htm>

More information about the dnsdist mailing list