Hi, > I have a question regarding the posture of dnsdist as authoritative dns > server facing public internet. > How will be the design if you would put the dnsdist (load balancer) > infront the origin DNS servers? > I have two (2) internet facing authoritative DNS translated from my > firewall. Can I also do NAT on dnsdist > while the origin dns servers will be on private IP address?
our authoriative nameservers are built with dnsdist as loadbalancer in front of several powerdns-servers. Some of those backend servers are running on private RFC1918 IP addresses, with only dnsdist having a global routeable IP. Dnsdist also serves as some sort of dns firewall with rate-limiting and special handling of some request types (e.g. ANY). We also use it to handle incoming/outgoing AXFR/IXFR requests and notifications for customers based on an extra database and a hidden dns. Think of dnsdist as the swiss army knife for DNS. ;-) Regards, A. Danzer _______________________________________________ dnsdist mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/dnsdist
