[dnsdist] automatically forward query from the problematic domain

Nico Cartron nicolas at ncartron.org
Wed Feb 28 17:56:39 UTC 2024


> On 28 Feb 2024, at 18:45, Frank Louwers <frank+pdns at tembo.be> wrote:
> 
> My experience: Google tries damn hard (tm) to resolve any domain, regardless of the incorrect settings set by / behaviour of the auth.
> 
> Reality is that quad8 can resolve way more than you typically can, once you start measuring.

Right. I get your point and this has been reported a lot of times during RIPE or OARC meetings. 
Does that also apply to CF and Q9?

The Op mentioned “Google, CF, Q9 and others”, hence my question. 

>> On 28 Feb 2024, at 18:09, Nico Cartron via dnsdist <dnsdist at mailman.powerdns.com> wrote:
>> 
>> 
>>>> On 28 Feb 2024, at 14:26, Affan Basalamah via dnsdist <dnsdist at mailman.powerdns.com> wrote:
>>> 
>>> 
>>> Hi,
>>> 
>>> I'm responsible for managing DNS server for service providers, and they request that DNS server usually have some important domain from my country ccTLD that usually can't be resolved because of the their authoritative DNS was not reliable, and every user usually contacted the service provider, and they ask us to forward these domains to public DNS resolver (google, CF, etc)
>>> 
>>> Usually it become repetitive & menial effort from our side, and I wonder how it's possible these logic can be achieved using DNSDist:
>>> 
>>> - DNSDist is installed in front of provider DNS server, and create default pool for provider DNS server
>>> - Create another pool for public DNS server (google, CF, Q9, etc)
>>> - Can I create list of domain that usually problematic to be redirected to the public DNS pool?
>>> - Can I create rules for these domains to be forwarded to the public DNS pool?
>>> - Can I create health check for these rules to be activated (every 1 or 5 minutes, to check whether the authoritative DNS server for these domain is still alive), and if the authoritative server is down, the rules is activated, these domains is forwarded to public DNS pool
>>> - After health check find out the authoritative DNS server is alive, the rule is disabled, the domain is resolved via the provider DNS
>>> 
>>> 
>>> Sorry because I don't completely understand the capability of DNSdist, but I hope you can shed some light to me about this, and I hope DNSdist can solve this kind of problem.
>> 
>> Hi,
>> 
>> I don’t get how forwarding the request to a public DNS such as Cloudflare or Google would fix your issue, since you said that was the Authoritative servers responsible for those domains that had issues?
>> _______________________________________________
>> dnsdist mailing list
>> dnsdist at mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/dnsdist


More information about the dnsdist mailing list