Am 12.11.24 um 16:09 schrieb Marki via dnsdist:
Hello,
I have an issue here with a (potential) cyclic dependency that I'd like
to solve.
So our clients are pointed at dnsdist, obviously.
Based on the query, dnsdist sends the query to internal NSes, or
external recursive resolvers.
Now the issue is the healthcheck of internal NSes at startup (resolution
of DNS Root A): When starting up the entire thing (both named and
dnsdist), sometimes dnsdist shows one of the local resolvers - namely
the one running on the same node as dnsdist as down.
This is because the internal resolvers have a forwarder to dnsdist to be
able to resolve anything external (necessary in case a stub resolver
would ask to resolve e.g. a local CNAME pointing to an external domain).
So probably dnsdist is not entirely ready yet (external NS healtcheck
not ready at that millisecond or sth else).
I'd like that initial healthcheck to preferably succeed immediately. Is
there a way to maybe define some backends as dependencies of others? Or
any spontaneous design thoughts.... ;)
I'm doing the following to avoid this problem. This solution requires an
OS which allow non-local binds and has BGP which you may not (yet) be using.
Setup the system to allow non-local binds.
Do not bind the service ips to interfaces on system start.
start all processes. recursor and dnsdist also listen on service check ips.
watchdog checks service check ips and if service is ok, service ips are
bound to interfaces. local bgpd is instructed to announce the service ip
to the network.
Why does it work? In the startup phase the OS routes requests to the
service ip to the network, because the service ip is not locally bound.
Cheers Thomas
_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
