[dnsdist] Question on configuration which I can not make work
Alexis Berthillier
alexis at berthillier.net
Tue Nov 11 01:41:24 UTC 2025
I want to use DNS as load balancer round robin between 4 servers ( 2 IPv4 and two IPV6), pool = primary
If these fail, I want to use the backup servers (Cloudflare DOT and DOH servers both IPv4 and IPv6), pool = backup, with round robin schema
I think this is a pretty straightforward confguration, but I can not make it work, it always fails when verifying the config file:
-- Set global settings
setSecurityPollSuffix("") -- Disable security status polling via DNS
setMaxUDPOutstanding(10000) -- Increase the number of concurrent outstanding UDP queries for performance
-- Allow queries from all IP addresses (adjust as needed for security)
setACL({"0.0.0.0/0", "::/0"})
-- Add Local interfaces to listen on (UDP/TCP, DoH, DoT are added separately)
addLocal('0.0.0.0:53', {reusePort=true})
addLocal('[::]:53', {reusePort=true})
-- Set up backend server pools
newServer({address="192.168.1.220:53", name=“DNS2v4”, pool=“primary”, maxCheckFailures=3})
newServer({address="192.168.1.221:53", name=“DNS1v4”, pool=“primary”, maxCheckFailures=3})
newServer({address=‘[2603:3024:18dc:f960:a3d3:b206:7280:9f00]:53’, name=“DNS2v6”, pool=“primary”, maxCheckFailures=3})
newServer({address=“[2603:3024:18dc:f960:189c:61ff:fee8:d291]:53”, name=“DNS1v6”, pool=“primary”, maxCheckFailures=3})
newServer({address="1.1.1.1:853", name="cloudflare-dot-1", doTLS=true, tlsServerName="cloudflare-dns.com <http://cloudflare-dns.com/>”, pool=“backup”, maxCheckFailures=3})
newServer({address=“1.0.0.1:853", name="cloudflare-dot-1", doTLS=true, tlsServerName="cloudflare-dns.com <http://cloudflare-dns.com/>”, pool=“backup”, maxCheckFailures=3})
newServer({address="1.1.1.1", protocol="DoH", dohPath="/dns-query", dohHostname="cloudflare-dns.com <http://cloudflare-dns.com/>”, pool=“backup”, maxCheckFailures=3})})
newServer({address="1.0.0.1", protocol="DoH", dohPath="/dns-query", dohHostname="cloudflare-dns.com <http://cloudflare-dns.com/>”, pool=“backup”, maxCheckFailures=3})}
newServer({address='[2606:4700:4700::1111]:853', name=‘cloudflare-DoT-ipv6-1', useTLS=true, tlsAuthName='one.one.one.one’, pool=“backup”, maxCheckFailures=3})
newServer({address='[2606:4700:4700::1001]:853', name='cloudflare—DoT-ipv6-2’, useTLS=true, tlsAuthName='one.one.one.one’, pool=“backup”, maxCheckFailures=3})
newServer({address=‘[2606:4700:4700::1111]’, name=‘cloudflare-DoH-ipv6-1', protocol="DoH", dohPath="/dns-query", dohHostname="cloudflare-dns.com <http://cloudflare-dns.com/>”, pool=“backup”, maxCheckFailures=3})})
newServer({address=‘[2606:4700:4700::1001]’, name=‘cloudflare-DoH-ipv6-1', protocol="DoH", dohPath="/dns-query", dohHostname="cloudflare-dns.com <http://cloudflare-dns.com/>”, pool=“backup”, maxCheckFailures=3})}
-- Use Weighted Random balancing globally
setBalancingPolicy(“roundrobin”)
-- Configure the 'primary' pool to be active first (order=1)
setPoolProperty("primary", "outage-strategy", "failover")
setPoolProperty("primary", "order", 1)
-- Configure the 'backup' pool to be used only when the primary fails (order=2)
setPoolProperty("backup", "outage-strategy", "failover")
setPoolProperty("backup", "order", 2)
-- Configure web server for monitoring/API access
webserver("127.0.0.1:8083")
-- Enable the console for runtime configuration changes (use 'dnsdist -c' to connect)
controlSocket("127.0.0.1:5199")
setKey("SuperSecretConsoleKey")
Any help welcome to make this work.
Thank you
Alexis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20251110/89ae1167/attachment-0001.htm>
More information about the dnsdist
mailing list