[Pdns-users] multi dns server

steffannoord at gmail.com steffannoord at gmail.com
Fri Oct 27 10:00:31 UTC 2023 

Oke thanxs...
I have set it up and running on one of my dns servers with success...
I have to read in on it to see what I can do with it 😊
Now it is just running in front of it 😊

Do you have any experience with Prometheus for logging.
Im using Grafana for otherthings but Prometheus keeps giving me a 401 Unauthorized - There was an error returned querying the Prometheus API.
(password is set correctly)

The webserver is setup, running and I can access it with a browser

Met vriendelijke groet,

Steffan Noord






-----Oorspronkelijk bericht-----
Van: Pdns-users <pdns-users-bounces at mailman.powerdns.com> Namens Andreas Danzer via Pdns-users
Verzonden: maandag 23 oktober 2023 10:32
Aan: Steffan Noord via Pdns-users <pdns-users at mailman.powerdns.com>
CC: Andreas Danzer <andreas at danzer.org>
Onderwerp: Re: [Pdns-users] multi dns server

Hello Steffan,

you can usually run dnsdist and pdns on the same machine without problems (actually this has been our default setup for years now). 
dnsdist performs very well even with complex rulesets and a lot of queries with almost no noticeable impact on performance.

Am 23.10.2023 um 10:05 schrieb Steffan Noord via Pdns-users:
> Thanks.
> 
> I will read-in on dnsdist this week.
> In the past i have treid it but dit something wrong in the config. I 
> had pdns and dnsdig on one server. I think it would be better to use a 
> sepperste vps for it.
> 
> Met vriendelijke groet,
> 
> Steffan Noord
> 
> Op ma 23 okt. 2023 10:00 schreef Andreas Danzer via Pdns-users 
> <pdns-users at mailman.powerdns.com <mailto:pdns-users at mailman.powerdns.com>>:
> 
>     Hello Steffan,
> 
>     that kind of attack is quite common these days. I would recommend
>     putting your authoriative nameservers behind dnsdist. Dnsdist acts as a
>     DNS firewall, proxy and loadbalancer.
> 
>     We're running some rulesets on dnsdist, that e.g. dynamically block IPs
>     that "produce" unusual high numbers of NXDOMAIN answers with their
>     queries (which is usually the case with IPs taking part in PRSD
>     attacks). You can also limit the number of queries per IP or
>     loadbalance
>     queries to more than one backend DNS node. dnsdist is extreme powerfull
>     and versatile and the perfect tool to protect your DNS nodes.
> 
>     To be able to see, which domains are actually attacked, you should not
>     use pdns query logging - it has a big performance impact which makes
>     the
>     situation even worse during an attack. Better use some traffic
>     capturing/sampling tools like pktvisor. It feeds data about the dns
>     queries to prometheus, which can be visualized with grafana. You can
>     use
>     that same setup (prometheus & grafana) to monitor your dndist and pdns
>     installations.
> 
>     Am 20.10.2023 um 15:52 schrieb Steffan via Pdns-users:
>      > Well the problem was a small attack targeting a lot of subdomains
>     of a client.
>      >
>      > Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 117.54.16.252
>     wants 'payments.xxx.com <http://payments.xxx.com>|A', do = 1,
>     bufsize = 1232 (4096): packetcache MISS
>      > Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote
>     2a02:2f0e:5fff:ffff::2 wants 'skyline.xxx.com
>     <http://skyline.xxx.com>|A', do = 1, bufsize = 1232 (4096):
>     packetcache MISS
>      > Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote
>     2a04:c602:409:fe::27 wants 'app3.xxx.com <http://app3.xxx.com>|A',
>     do = 1, bufsize = 1232: packetcache MISS
>      >
>      > I comes from many different ips and only 3 minutes 150mb/s
>      >
>      > I forgot on that time that I had logging on. So it could be that
>     without the logging the dns would be fast enough to handle it
>      >
>      > Average bandwith load is abouth 160k/s so no big deal.
>      >
>      >
>      > Met vriendelijke groet,
>      >
>      > Steffan Noord
>      >
>      >
>      >
>      >
>      >
>      >
>      > -----Oorspronkelijk bericht-----
>      > Van: Victor Hugo dos Santos <listas.vhs at gmail.com
>     <mailto:listas.vhs at gmail.com>>
>      > Verzonden: vrijdag 20 oktober 2023 15:45
>      > Aan: All about using and deploying powerdns
>     <pdns-users at mailman.powerdns.com
>     <mailto:pdns-users at mailman.powerdns.com>>
>      > CC: steffannoord at gmail.com <mailto:steffannoord at gmail.com>
>      > Onderwerp: Re: [Pdns-users] multi dns server
>      >
>      > Hello there,
>      >
>      > The quantity of the domain, not necessarily reflect the quantity
>     of queries/load.
>      > you can have 5.000 domains with 1.000 QPS or you can have 1
>     domain with  15.000 QPS !! :-)
>      >
>      > Anyway, you should monitor your servers and see if this issue is
>     some kind of "normal" stuff or some kind of problem (attack, data
>     leak, misconfiguration, etc). When you detect the problem, then you
>     can decide what to do.
>      >
>      > About NS3, NS4, it is a totally valid option, not only to balance
>     the queries between servers, but to improve your HA too !!!
>     Nevertheless, you still need to detect where the problem is, if not,
>     you are only going to spend time with the new NS server but the
>     problem will still occur.
>      >
>      > Let us know what you find.
>      >
>      > Good luck
>      >
>      >
>      >
>      >
>      >
>      >
>      >
>      > On Fri, 20 Oct 2023 at 12:01, Steffan via Pdns-users
>     <pdns-users at mailman.powerdns.com
>     <mailto:pdns-users at mailman.powerdns.com>> wrote:
>      >>
>      >> Hello,
>      >>
>      >>
>      >>
>      >> 2 days ago my 2 dns servers has 150mbit of data to process and
>     the dns went down.
>      >> After the flood was stopped it came up again.
>      >>
>      >>
>      >>
>      >> Im using pdns 4.8.3 on centos with mysql backends
>      >>
>      >>
>      >> I just wondering what will the best idee to spread the risk
>      >>
>      >> It is handling about 5000 domains so not a very big system.
>      >>
>      >> is it better to use a ns3, ns4 to spread the loads on multi
>     servers Or
>      >> some kind of load balancing or multi ip setup on ns1 and ns2 on
>     multi
>      >> servers
>      >>
>      >>
>      >>
>      >> Any other idees are welcome
>      >>
>      >>
>      >>
>      >> With regard
>      >>
>      >>
>      >>
>      >> Steffan
>      >>
>      >>
>      >>
>      >>
>      >>
>      >>
>      >>
>      >>
>      >>
>      >> _______________________________________________
>      >> Pdns-users mailing list
>      >> Pdns-users at mailman.powerdns.com
>     <mailto:Pdns-users at mailman.powerdns.com>
>      >> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>     <https://mailman.powerdns.com/mailman/listinfo/pdns-users>
>      >
>      >
>      >
>      > --
>      > --
>      > Victor Hugo dos Santos
>      > http://www.vhsantos.net <http://www.vhsantos.net>
>      > Linux Counter #224399
>      >
>      > _______________________________________________
>      > Pdns-users mailing list
>      > Pdns-users at mailman.powerdns.com
>     <mailto:Pdns-users at mailman.powerdns.com>
>      > https://mailman.powerdns.com/mailman/listinfo/pdns-users
>     <https://mailman.powerdns.com/mailman/listinfo/pdns-users>
>     _______________________________________________
>     Pdns-users mailing list
>     Pdns-users at mailman.powerdns.com <mailto:Pdns-users at mailman.powerdns.com>
>     https://mailman.powerdns.com/mailman/listinfo/pdns-users
>     <https://mailman.powerdns.com/mailman/listinfo/pdns-users>
> 
> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
Pdns-users at mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list