Re: [dnsdist] Define out-of-band IP to reach carbon server

2019-08-14 Thread frank+pdns 
Hi Leo,

By quickly glancing at the code, I don’t think there’s a way to set the source 
ip right now. However, you can probably solve this using the ip routing (and/or 
firewalling) table(s) on the node itself: set the source ip for all connections 
to that particular destination ip.

Regards,

Frank Louwers
Certified PowerDNS Consultant @ Kiwazo.be

> On 13 Aug 2019, at 17:40, Leo Vandewoestijne  wrote:
> 
> Hi,
> 
> 
> I'm running dnsdist inside a virtualized host, which has anycasted IP's and 
> out-of-band IP's.
> Using nc I can reach my carbon server BUT have to define the source IP.
> 
> Now I wish to have dnsdist sent data to metronome.
> So I assumed using "setLocal" would define the main IP, and so set the 
> out-of-band IP.
> Whatever I do; put it before or after addLocal, or use addLocal (first and 
> last), dnsdist can't reach the carbon server.
> 
> What information am I missing to get more success?
> 
> 
> -- 
> 
> Met vriendelijke groet,
> With kind regards,
> 
> 
> Leo Vandewoestijne
> <***@dns.company>
> 
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Minor webinterface issue - not showing the DoT/DoH IPs in the 'Listening on' section

2019-09-02 Thread frank+pdns 
Hi Andrew,

That would be a perfect candidate to raise an issue on GitHub indeed.

Thanks!

Frank


Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be 





> On 31 Aug 2019, at 23:21, Andrew Hearn  > wrote:
> 
> Hi all,
> 
> I'm using dnsdist as a DoT/DoH proxy - just running it in a test lab at
> the moment, but we're looking to put it in to production at some point.
> 
> It's working great!
> 
> Just a minor thing with the web interface on dnsdist 1.4.0-rc1, in the
> header it lists the addresses it's 'Listening on', but it seems to only
> list the port 53 ones and not DoT or DoH ones.
> 
> Shall I raise an issue on github?
> 
> Thanks!
> 
> Andrew.
> 
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com 
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] ERROR RUNNING ZVELODB c-api-tool LOOKUP COMMAND INSIDE LUA's preresolve()

2021-01-14 Thread frank+pdns--- via dnsdist 
Hi Pius,

Have you checked the permissions on the database and the path? 

Frank


> On 14 Jan 2021, at 05:07, Pius Nganga via dnsdist 
> mailto:dnsdist@mailman.powerdns.com>> wrote:
> 
> We are using zvelodb to do an url lookup inside pdns recursor's preresolve 
> function. We are executing a terminal command using  io.popen as follows;
> 
> f = io.popen("c-api-tool -l "..dq.qname:toString()) -- runs command
>l = f:read("*a") -- read output of command
>f:close()
>print(l)
> 
> Running the above command outside of the preresolve function prints the 
> expected outcome which is 'domainname category'.
> 
> When the command is inside the preresolve function it prints 'url_init: 
> unable to open database'
> Has anyone encountered this before and how do we solve this?
> 
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com 
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] DNS views using DNSDIST

2021-01-27 Thread frank+pdns--- via dnsdist 
Hi,

You would have a few options to do that.

I wrote a blogpost about implementing BIND views using dnsdist and two 
instances of powerdns-auth. See 
https://www.frank.be/implementing-bind-views-with-powerdns/ 
 for details.

If you want to keep a single BIND as a backend, you could investigate EDNS 
client subnet support.

There are other options, but the two above would my preferred way...

Kind Regards,

Frank


> On 27 Jan 2021, at 10:23, Jahanzeb Arshad via dnsdist 
> mailto:dnsdist@mailman.powerdns.com>> wrote:
> 
> Greetings,
> 
> We have been using BIND DNS server with views to return different A records 
> for different source networks. Now we have put DNSDIST as frontend to the 
> BIND DNS servers. Now BIND DNS is seeing the dnsdist as the client IP and the 
> views are no more valid. We are unable to figure out how we can we create 
> same type of views on the dnsdist application. Any help would be appreciated. 
> 
> For example following different A records to be returned for different client 
> IPs for a specific application/domain name.
> 
> web.domain.com    -> 192.168.10.10 for client IPs 
> 10.10.10.0/24
> web.domain.com    -> 192.168.20.20 for client IPs 
> 10.10.20.0/24
> 
> Regards
> 
> Jahanzeb
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com 
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] CPU Usage Dnsdist

2021-03-24 Thread frank+pdns--- via dnsdist 
Hi,

> On 24 Mar 2021, at 18:35, SAMI RAHAL via dnsdist 
> mailto:dnsdist@mailman.powerdns.com>> wrote:
> 
> Average response time: 4.35 ms, CPU Usage: 750.60%, Cache hitrate: 93.45%, 
> Server selection policy: leastOutstanding
> I ask are these values in the norms?
> my config:
> OS: CentOS 7
> -RAM 16 G
> -grep -c ^ processor / proc / cpuinfo
> 16
> -RAM used:
> 949 M

You would increase the cache size, as you're only using about 1GB of ram and 
have 16GB available. You also have 16 (v)cpus, but the CPU usage is under 800%. 
If I am not mistake, the CPU usage reported by dnsdist is "% of full 
utilisation of 1 cpu", so it should theoretically go up to 1600%.

If you do want to reduce the CPU usage, you might want to experiment with 
simplifying your lua rules and see if that improves or not.

Kind Regards,

Frank

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist and powerdns on same machine

2022-02-04 Thread frank+pdns--- via dnsdist 


> On 4 Feb 2022, at 10:50, Remi Gacogne via dnsdist 
> mailto:dnsdist@mailman.powerdns.com>> wrote:
> 
> Hi Stephan,
> 
> On 04/02/2022 10:47, De Webmakers (Stephan) via dnsdist wrote:
> 
>> I’ve been struggling with this for far to long now…
>> Is it possible to run dnsdist and pdns on the same server and accept dns 
>> request from everyone (just as it would be without dnsdist).
>> The problem is that I just can’t seem to find a good dnsdist.conf example to 
>> work with and that’s working.
>> In my mind it should be as simple as changing the port for pdns to let’s say 
>> 5300 and then adding a 127.0.0.1:5300 as server to dnsdist..
>> However the nameserver becomes instantly unreachable after this.
>> Can anyone point me in the right direction?
> 
> Well it is, usually, as simple as that, so if that's not working for you I'm 
> afraid you will have to tell us more about your exact setup. Sharing the 
> configurations of both dnsdist and pdns would be a good start.

Don't forget to set the ACL on dnsdist. See 
https://dnsdist.org/advanced/acl.html 

Frank

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist