[Pdns-users] pdns & nproxy
Gary Shaver
gshaver at he.net
Fri Jul 6 14:04:45 UTC 2012
Hi Bert, Fred, List,
An anycasted nameserver cluster could benefit from this. Initiating an
axfr from from a nameserver that is not topologically closest to the
master just results in a
failed axfr attempt since the answer does not come back to the slave
making the initial request.
Gary Shaver
Hurricane Electric
> bert hubert <mailto:bert.hubert at netherlabs.nl>
> July 5, 2012 3:00 PM
>
> Interesting. The original use case was where the outside world would
> never be talking to that master, or at least not taking the initiative
> to do so. So the outside world would think the nproxy IP address was
> the slave, and nproxy would then relay that to the real slave, which
> would reach out over TCP to make it happen. I think some NAT trick is
> used to make sure that the outgoing traffic appears as the address
> that was notified.
>
> If you want to have this integrated, what exactly is your use case?
> Better protection for the hidden master?
>
> Please don't get me wrong, I get the impression what you want is
> reasonable, but I can't quite wrap my head around your exact requirements.
>
> Please let us know!
>
> Bert
> PowerDNS
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
> !DSPAM:4ff60e6d270271029916480!
>
> Fred Wittekind <mailto:rom at twister.dyndns.org>
> July 5, 2012 11:18 AM
> I'm working on deploying pdns, and we had intended to use native
> replication (mysql-replication).
>
> Our idea was to have one master dns server that sits behind a
> firewall, and our public facing servers replicate from it. This works
> well for 90%+ of the domains we host. We do have a few we have to
> slave from our clients though.
>
> My original plan was to have nproxy sit on the public facing name
> servers to forward the notify to the master dns server behind the
> firewall, the master then does the axfr from our client's server,
> populates mysql with the new zone info, that then replicates out to
> the public facing servers.
>
> Then I got this error when trying to start nproxy (IP address censored):
> nproxy: Fatal: Binding socket for incoming packets to 'a.b.c.d:53':
> Address already in use
>
> Which of course makes sense after seeing it, pdns is already binding
> to the same IP/port.
>
> So, my question is this... Can the functionality of nproxy be rolled
> into pdns so that pdns itself can forward the notify to another
> instance of pdns (on the master server), or can nproxy and pdns be
> made to work on the same IP. I looked into trying to see if I could
> get iptables to split out the notify messages to a different
> destination IP so I could put nproxy on a different IP than pdns, but,
> I didn't figure out a good (reliable) way to do this.
>
> Any help would be appreciated.
>
> Fred Wittekind
> !DSPAM:4ff5da85151923326710967!
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20120706/0dd328e8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gshaver.vcf
Type: text/x-vcard
Size: 276 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20120706/0dd328e8/attachment-0001.vcf>
More information about the Pdns-users
mailing list