[Pdns-users] pdns & nproxy (solution v2)

Fred Wittekind rom at twister.dyndns.org
Mon Jul 23 19:23:08 UTC 2012 

On 7/17/2012 1:41 PM, Fred Wittekind wrote:
> Using PDNS 3.1
>
> Need patches from:
> http://wiki.powerdns.com/trac/ticket/532
> http://wiki.powerdns.com/trac/ticket/534
>
> IP Address place holders:
> MySQL Master Server / Hidden PDNS Master: a.a.a.a
> Public Facing name server IP: b.b.b.b
>
> This config is for public facing name server:
> iptables -A INPUT -d b.b.b.b -p udp --dport 5353 -j ACCEPT
> iptables -A INPUT -d b.b.b.b -p udp --dport 53 -j ACCEPT
> iptables -t nat -A PREROUTING ! --fragment -m u32 --u32
> "0>>22&0x3C at 8>>11&0xF=4" -d b.b.b.b -p udp --dport 53 -j DNAT
> --to-destination :5353
> iptables -t nat -A PREROUTING -s a.a.a.a -d b.b.b.b -p udp --dport 53 -j
> DNAT --to-destination :5353
> nproxy --powerdns-address a.a.a.a --listen-address b.b.b.b --listen-port
> 5353
>
> I'm going to refine the rules a little more so that it includes NOTRACK
> rules, but, as it sits, it does work with connection tracking turned on.
>

Same placeholders as above.

iptables -A INPUT -d b.b.b.b -p udp --dport 5353 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -t nat -A PREROUTING ! --fragment -m u32 --u32
"0>>22&0x3C at 8>>11&0xF=4" -d b.b.b.b -p udp --dport 53 -j DNAT
--to-destination :5353
iptables -t nat -A POSTROUTING -s b.b.b.b -p udp -j SNAT --to-source :53
iptables -t nat -A PREROUTING -s a.a.a.a -d b.b.b.b -p udp --dport 53 -j
DNAT --to-destination :5353
iptables -t raw -A OUTPUT -p tcp --sport 53 -j NOTRACK
iptables -t raw -A PREROUTING -p tcp --dport 53 -j NOTRACK
iptables -t raw -A OUTPUT ! --fragment -m u32 --u32
"0>>22&0x3C at 8>>11&0xF=0" -p udp --sport 53 -j NOTRACK
iptables -t raw -A PREROUTING ! --fragment -m u32 --u32
"0>>22&0x3C at 8>>11&0xF=0" -p udp --dport 53 -j NOTRACK
nproxy --powerdns-address a.a.a.a --listen-address b.b.b.b --listen-port
5353

pdns.conf changes (This makes the MySQL slave pdns instance see all
zones as NATIVE replication)
gmysql-master-zone-query=select master from domains where name='%s' and
type='NATIVESLAVE'
gmysql-info-all-slaves-query=select id,name,master,last_check,type from
domains where type='NATIVESLAVE'
gmysql-info-zone-query=select id,name,NULL AS
master,last_check,notified_serial,'NATIVE' AS type from domains where
name='%s'

More information about the Pdns-users mailing list