[Pdns-users] Some question about DNSDist

Thao Nguyen devilsmile86 at gmail.com
Sat Nov 26 14:28:05 UTC 2016

Hi everybody,

Issue 1:
Thanks Ruben about your link.
I downloaded and re-used rpm from powerdns repo for el7. It is the same
with rpm that I yum from my centOS.
After I installed new dnsdist-1.0.0-1pdns.el7.x86_64.rpm again. I tried to
test encrypt:

> testCrypto()
Crypto not available.

All rpms suggested from Oli:

I tried to read code from powerdns github, I guess "ifdef HAVE_LIBSODIUM"
returned "false".
I uninstalled dnsdist-1.0 rpm then I installed
"dnsdist-1.1.0-0.1.beta1.1pdns.el7.x86_64.rpm". It returned result:

> testCrypto()
Everything is ok!

Is it a bug of DNSDist with Redhat 7.2? I hope new dnsdist-1.1 will be
release soon.

Issue 2:

Thanks Winfried and Theodore !!

After I applied your suggestion, It works properly (as my expectation).
I'm still not clearly. If my DNS server manage multi zone such as: zone1.com,
zone2.com, zone3.com, Will I add as below ?

newServer{address="", qps=10, order=1, checkName="
newServer{address="", qps=10, order=1, checkName="
newServer{address="", qps=10, order=1, checkName="
newServer{address="", qps=10, order=2, checkName="zone1.com"}
newServer{address="", qps=10, order=2, checkName="zone2.com"}
newServer{address="", qps=10, order=2, checkName="zone2.com"}

Some example from dnsdist README, newServer are always "up" without
checkName. I tried to install DNSDist in a system no DNS and one newserver,
downstream still "down". Can you help me clarify about it?

Kind regards,

Thao Nguyen

2016-11-26 0:51 GMT+07:00 Theodore Baschak <theodore at ciscodude.net>:

> On Fri, Nov 25, 2016 at 11:05 AM, <abang at t-ipnet.net> wrote:
>> > responded to health check with ServFail
>> You have to define a health check which works!
>> From documentation:
>> newServer({address="ip:port", qps=1000, order=1, weight=10, pool="abuse",
>> retries=5, tcpSendTimeout=30, tcpRecvTimeout=30, checkName="
>> a.root-servers.net.", checkType="A", setCD=false, maxCheckFailures=1,
>> mustResolve=false, useClientSubnet=true, source="address|interface
>> name|address at interface"}): instantiate a server with additional
>> parameters
>> See
>> http://dnsdist.org/README/
>> Winfried
> To expand on this a little, the default check is to do an A lookup for
> a.root-servers.net which is ok for a recursive DNS server, but if you're
> putting dnsdist in front of an authoritative DNS server (if you're hosting
> your own zone you are) then you'll need to adjust your check to fit your
> environment.
> Example:
> newServer{address="", qps=10, order=1, checkName="
> myzone.com"}
> newServer{address="", qps=10, order=2, checkName="myzone.com"}
> Theodore Baschak - AS395089 - Hextet Systems
> https://ciscodude.net/ - https://hextet.systems/
> http://mbix.ca/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20161126/2d61e84b/attachment.html>

More information about the Pdns-users mailing list