[Pdns-users] Some question about DNSDist

Sat Nov 26 14:28:05 UTC 2016

Hi everybody,

Issue 1:
Thanks Ruben about your link.
I downloaded and re-used rpm from powerdns repo for el7. It is the same
with rpm that I yum from my centOS.
After I installed new dnsdist-1.0.0-1pdns.el7.x86_64.rpm again. I tried to
test encrypt:

> testCrypto()
Crypto not available.

All rpms suggested from Oli:
dnsdist-1.0.0-1pdns.el7.x86_64.rpm
dnscrypt-proxy-1.6.1-3.el7.x86_64.rpm
libedit-3.0-12.20121213cvs.el7.x86_64
libsodium-1.0.5-1.el7.x86_64.rpm
luajit-2.0.4-3.el7.x86_64.rpm
protobuf-2.5.0-7.el7.x86_64.rpm
re2-20160401-2.el7.x86_64.rpm
systemd-219-19.el7_2.13.x86_64
systemd-libs-219-19.el7_2.13.x86_64

I tried to read code from powerdns github, I guess "ifdef HAVE_LIBSODIUM"
returned "false".
I uninstalled dnsdist-1.0 rpm then I installed
"dnsdist-1.1.0-0.1.beta1.1pdns.el7.x86_64.rpm". It returned result:

> testCrypto()
Everything is ok!

Is it a bug of DNSDist with Redhat 7.2? I hope new dnsdist-1.1 will be
release soon.

Issue 2:

Thanks Winfried and Theodore !!

After I applied your suggestion, It works properly (as my expectation).
I'm still not clearly. If my DNS server manage multi zone such as: zone1.com,
zone2.com, zone3.com, Will I add as below ?

newServer{address="192.168.88.27:5353", qps=10, order=1, checkName="
zone1.com"}
newServer{address="192.168.88.27:5353", qps=10, order=1, checkName="
zone2.com"}
newServer{address="192.168.88.27:5353", qps=10, order=1, checkName="
zone3.com"}
newServer{address="192.168.88.33", qps=10, order=2, checkName="zone1.com"}
newServer{address="192.168.88.33", qps=10, order=2, checkName="zone2.com"}
newServer{address="192.168.88.33", qps=10, order=2, checkName="zone2.com"}

Some example from dnsdist README, newServer are always "up" without
checkName. I tried to install DNSDist in a system no DNS and one newserver,
downstream still "down". Can you help me clarify about it?

Kind regards,

Thao Nguyen

2016-11-26 0:51 GMT+07:00 Theodore Baschak <theodore at ciscodude.net>:

>
> On Fri, Nov 25, 2016 at 11:05 AM, <abang at t-ipnet.net> wrote:
>
>> > responded to health check with ServFail
>>
>> You have to define a health check which works!
>>
>> From documentation:
>>
>> newServer({address="ip:port", qps=1000, order=1, weight=10, pool="abuse",
>> retries=5, tcpSendTimeout=30, tcpRecvTimeout=30, checkName="
>> a.root-servers.net.", checkType="A", setCD=false, maxCheckFailures=1,
>> mustResolve=false, useClientSubnet=true, source="address|interface
>> name|address at interface"}): instantiate a server with additional
>> parameters
>>
>> See
>> http://dnsdist.org/README/
>>
>> Winfried
>>
>>
> To expand on this a little, the default check is to do an A lookup for
> a.root-servers.net which is ok for a recursive DNS server, but if you're
> putting dnsdist in front of an authoritative DNS server (if you're hosting
> your own zone you are) then you'll need to adjust your check to fit your
> environment.
>
> Example:
> newServer{address="192.168.3.3:5353", qps=10, order=1, checkName="
> myzone.com"}
> newServer{address="192.168.3.4", qps=10, order=2, checkName="myzone.com"}
>
> Theodore Baschak - AS395089 - Hextet Systems
> https://ciscodude.net/ - https://hextet.systems/
> http://mbix.ca/
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20161126/2d61e84b/attachment.html>