Re: [dnsdist] dnsdist and powerdns on same machine

2022-02-04 Thread frank+pdns--- via dnsdist 


> On 4 Feb 2022, at 10:50, Remi Gacogne via dnsdist 
> mailto:dnsdist@mailman.powerdns.com>> wrote:
> 
> Hi Stephan,
> 
> On 04/02/2022 10:47, De Webmakers (Stephan) via dnsdist wrote:
> 
>> I’ve been struggling with this for far to long now…
>> Is it possible to run dnsdist and pdns on the same server and accept dns 
>> request from everyone (just as it would be without dnsdist).
>> The problem is that I just can’t seem to find a good dnsdist.conf example to 
>> work with and that’s working.
>> In my mind it should be as simple as changing the port for pdns to let’s say 
>> 5300 and then adding a 127.0.0.1:5300 as server to dnsdist..
>> However the nameserver becomes instantly unreachable after this.
>> Can anyone point me in the right direction?
> 
> Well it is, usually, as simple as that, so if that's not working for you I'm 
> afraid you will have to tell us more about your exact setup. Sharing the 
> configurations of both dnsdist and pdns would be a good start.

Don't forget to set the ACL on dnsdist. See 
https://dnsdist.org/advanced/acl.html 

Frank

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] DNS views using DNSDIST

2021-01-27 Thread frank+pdns--- via dnsdist 
Hi,

You would have a few options to do that.

I wrote a blogpost about implementing BIND views using dnsdist and two 
instances of powerdns-auth. See 
https://www.frank.be/implementing-bind-views-with-powerdns/ 
 for details.

If you want to keep a single BIND as a backend, you could investigate EDNS 
client subnet support.

There are other options, but the two above would my preferred way...

Kind Regards,

Frank


> On 27 Jan 2021, at 10:23, Jahanzeb Arshad via dnsdist 
> mailto:dnsdist@mailman.powerdns.com>> wrote:
> 
> Greetings,
> 
> We have been using BIND DNS server with views to return different A records 
> for different source networks. Now we have put DNSDIST as frontend to the 
> BIND DNS servers. Now BIND DNS is seeing the dnsdist as the client IP and the 
> views are no more valid. We are unable to figure out how we can we create 
> same type of views on the dnsdist application. Any help would be appreciated. 
> 
> For example following different A records to be returned for different client 
> IPs for a specific application/domain name.
> 
> web.domain.com    -> 192.168.10.10 for client IPs 
> 10.10.10.0/24
> web.domain.com    -> 192.168.20.20 for client IPs 
> 10.10.20.0/24
> 
> Regards
> 
> Jahanzeb
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com 
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] ERROR RUNNING ZVELODB c-api-tool LOOKUP COMMAND INSIDE LUA's preresolve()

2021-01-14 Thread frank+pdns--- via dnsdist 
Hi Pius,

Have you checked the permissions on the database and the path? 

Frank


> On 14 Jan 2021, at 05:07, Pius Nganga via dnsdist 
> mailto:dnsdist@mailman.powerdns.com>> wrote:
> 
> We are using zvelodb to do an url lookup inside pdns recursor's preresolve 
> function. We are executing a terminal command using  io.popen as follows;
> 
> f = io.popen("c-api-tool -l "..dq.qname:toString()) -- runs command
>l = f:read("*a") -- read output of command
>f:close()
>print(l)
> 
> Running the above command outside of the preresolve function prints the 
> expected outcome which is 'domainname category'.
> 
> When the command is inside the preresolve function it prints 'url_init: 
> unable to open database'
> Has anyone encountered this before and how do we solve this?
> 
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com 
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Minor webinterface issue - not showing the DoT/DoH IPs in the 'Listening on' section

2019-09-02 Thread frank+pdns 
Hi Andrew,

That would be a perfect candidate to raise an issue on GitHub indeed.

Thanks!

Frank


Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be 





> On 31 Aug 2019, at 23:21, Andrew Hearn  > wrote:
> 
> Hi all,
> 
> I'm using dnsdist as a DoT/DoH proxy - just running it in a test lab at
> the moment, but we're looking to put it in to production at some point.
> 
> It's working great!
> 
> Just a minor thing with the web interface on dnsdist 1.4.0-rc1, in the
> header it lists the addresses it's 'Listening on', but it seems to only
> list the port 53 ones and not DoT or DoH ones.
> 
> Shall I raise an issue on github?
> 
> Thanks!
> 
> Andrew.
> 
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com 
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Define out-of-band IP to reach carbon server

2019-08-14 Thread frank+pdns 
Hi Leo,

By quickly glancing at the code, I don’t think there’s a way to set the source 
ip right now. However, you can probably solve this using the ip routing (and/or 
firewalling) table(s) on the node itself: set the source ip for all connections 
to that particular destination ip.

Regards,

Frank Louwers
Certified PowerDNS Consultant @ Kiwazo.be

> On 13 Aug 2019, at 17:40, Leo Vandewoestijne  wrote:
> 
> Hi,
> 
> 
> I'm running dnsdist inside a virtualized host, which has anycasted IP's and 
> out-of-band IP's.
> Using nc I can reach my carbon server BUT have to define the source IP.
> 
> Now I wish to have dnsdist sent data to metronome.
> So I assumed using "setLocal" would define the main IP, and so set the 
> out-of-band IP.
> Whatever I do; put it before or after addLocal, or use addLocal (first and 
> last), dnsdist can't reach the carbon server.
> 
> What information am I missing to get more success?
> 
> 
> -- 
> 
> Met vriendelijke groet,
> With kind regards,
> 
> 
> Leo Vandewoestijne
> <***@dns.company>
> 
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist