[dnsdist] SpoofAction or SpoofRawAction syntax
Hi, This old syntax, worked fine in 1.4.*, but seems to fail in 1.5.0-rc* addAction(AndRule({QNameRule('i.amsterdam'), QTypeRule(DNSQType.A)}), SpoofAction("10.31.0.20")) Also I tried to come to the same result using SpoofRawAction but all my syntax guesses failed (and the manual doesn't have an A example). I'm pretty sure it's possible. I guess the syntax for SpoofAction was changed (and is not adjusted in the manual yet) ...? -- Met vriendelijke groet, With kind regards, Leo Vandewoestijne <***@dns.company> ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] Define out-of-band IP to reach carbon server
In reply to frank+p...@tembo.be > Hi Leo, > > By quickly glancing at the code, I don???t think there???s a way to set the > source ip right now. However, you can probably solve this using the ip > routing (and/or firewalling) table(s) on the node itself: set the source ip > for all connections to that particular destination ip. > > Regards, > > Frank Louwers > Certified PowerDNS Consultant @ Kiwazo.be > Why I didn't thought of that? That did the trick! Thanks. -- Met vriendelijke groet, With kind regards, Leo Vandewoestijne <***@dns.company> ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] metronome on FreeBSD - rc.d script
Hi, > Thanks! If you don't mind it might be useful to submit a pull request to > the metronome repository instead [1] to add it in, for example, a > contrib/ directory? > > [1]: https://github.com/ahupowerdns/metronome > The patch is against the ports (the OS's packaging system), not dnsdist itself. I'm trying to learn to understand the whole dataformat, and see if I can add or improve. For example I saw I'm not the only one who also wish to use this for monitoring the system. I'm also playing with grafena6 but I find it all a hairy beast. Storing data is relative simple, but displaying I find complex. If I cannot contribute on that, then at least I will write another howto (already made notes). Last but not least; my compliments on this "toy", to me it's very useful. -- Met vriendelijke groet, With kind regards, Leo Vandewoestijne <***@dns.company> ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
[dnsdist] Define out-of-band IP to reach carbon server
Hi, I'm running dnsdist inside a virtualized host, which has anycasted IP's and out-of-band IP's. Using nc I can reach my carbon server BUT have to define the source IP. Now I wish to have dnsdist sent data to metronome. So I assumed using "setLocal" would define the main IP, and so set the out-of-band IP. Whatever I do; put it before or after addLocal, or use addLocal (first and last), dnsdist can't reach the carbon server. What information am I missing to get more success? -- Met vriendelijke groet, With kind regards, Leo Vandewoestijne <***@dns.company> ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
[dnsdist] metronome on FreeBSD - rc.d script
Hi, This message is not dnsdist specifically, but about metronome. Still I though this channel would be the most appropriate. I just wrote an rc.d script for the metronome port in FreeBSD. If you happen to be interrested in both, then please review https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239819 -- With kind regards, Leo Vandewoestijne <***@dns.company> ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
[dnsdist] IP_BINDANY warnings in FreeBSD jail
Hi, I'm running dnsdist in a FreeBSD jail, and when I restart I get warnings. Looks like this (all IP's are figurative): root@jail: # /usr/local/etc/rc.d/dnsdist restart Stopping dnsdist. Waiting for PIDS: 7579, 7579. Starting dnsdist. Read configuration from '/usr/local/etc/dnsdist/dnsdist.conf' Added downstream server 35.225.21.145:54 Added downstream server 35.225.21.144:54 Added downstream server 35.225.21.145:55 Added downstream server 35.225.21.144:55 Added downstream server 35.225.21.145:56 Added downstream server 35.225.21.144:56 Added downstream server 35.225.21.145:52 Added downstream server 35.225.21.144:52 Added downstream server 35.225.21.140:52 Added downstream server 35.225.21.141:52 Added downstream server 35.225.21.142:52 Added downstream server 35.225.21.143:52 Warning: IP_BINDANY setsockopt failed: Operation not permitted Warning: IP_BINDANY setsockopt failed: Operation not permitted Warning: IP_BINDANY setsockopt failed: Operation not permitted Warning: IP_BINDANY setsockopt failed: Operation not permitted Warning: IP_BINDANY setsockopt failed: Operation not permitted Warning: IP_BINDANY setsockopt failed: Operation not permitted Warning: IP_BINDANY setsockopt failed: Operation not permitted Warning: IP_BINDANY setsockopt failed: Operation not permitted Warning: IP_BINDANY setsockopt failed: Operation not permitted Listening on 127.0.0.2:53 Warning: IP_BINDANY setsockopt failed: Operation not permitted Listening on 125.4.4.1:53 Warning: IP_BINDANY setsockopt failed: Operation not permitted Listening on 125.4.4.28:53 Warning: IP_BINDANY setsockopt failed: Operation not permitted Listening on 123.8.71.80:53 Warning: IP_BINDANY setsockopt failed: Operation not permitted Listening on 123.8.71.81:53 Warning: IP_BINDANY setsockopt failed: Operation not permitted Listening on 123.8.71.82:53 Warning: IP_BINDANY setsockopt failed: Operation not permitted Listening on 123.8.71.83:53 Warning: IP_BINDANY setsockopt failed: Operation not permitted Listening on 123.8.71.84:53 When I run dnsdist on the host -in stead of the jail- then these warnings do not occur. When I allow sockets in the jail it makes no difference: root@host# sysctl security.jail.allow_raw_sockets=1 security.jail.allow_raw_sockets: 0 -> 1 I anyway expect it's more a packages redirecting thing. But wether the firewall is running or not makes no difference, so I suspect it's more a kernel issue. Now I do have a very customized kernel, but I remember running dnsdist the first time was in a GENERIC kernel, and gave the same warning in a jail. Also it makes no difference when I bind to physical or virtual interfaces or even lo0. I delved into the source a bit, but can not find what the "setsockopt" is about. Now it's just a warning, not an error, but I wonder what the impact is. -- Met vriendelijke groet, With kind regards, Leo Vandewoestijne. www.unicycle.net ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist