[dnsdist] SpoofAction or SpoofRawAction syntax

2020-07-21 Thread Leo Vandewoestijne via dnsdist 
Hi,



This old syntax, worked fine in 1.4.*, but seems to fail in 1.5.0-rc*

addAction(AndRule({QNameRule('i.amsterdam'), QTypeRule(DNSQType.A)}), 
SpoofAction("10.31.0.20"))

Also I tried to come to the same result using SpoofRawAction but all my syntax 
guesses failed
(and the manual doesn't have an A example).

I'm pretty sure it's possible.
I guess the syntax for SpoofAction was changed (and is not adjusted in the 
manual yet) ...?



-- 


Met vriendelijke groet,
With kind regards,


Leo Vandewoestijne
<***@dns.company>

___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Define out-of-band IP to reach carbon server

2019-08-14 Thread Leo Vandewoestijne 
In reply to frank+p...@tembo.be

> Hi Leo,
> 
> By quickly glancing at the code, I don???t think there???s a way to set the 
> source ip right now. However, you can probably solve this using the ip 
> routing (and/or firewalling) table(s) on the node itself: set the source ip 
> for all connections to that particular destination ip.
> 
> Regards,
> 
> Frank Louwers
> Certified PowerDNS Consultant @ Kiwazo.be
>

Why I didn't thought of that? That did the trick!

Thanks.

--

Met vriendelijke groet,
With kind regards,


Leo Vandewoestijne
<***@dns.company>

___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] metronome on FreeBSD - rc.d script

2019-08-14 Thread Leo Vandewoestijne 
Hi,

> Thanks! If you don't mind it might be useful to submit a pull request to
> the metronome repository instead [1] to add it in, for example, a
> contrib/ directory?
>
> [1]: https://github.com/ahupowerdns/metronome
>

The patch is against the ports (the OS's packaging system), not dnsdist itself.


I'm trying to learn to understand the whole dataformat, and see if I can add or 
improve.
For example I saw I'm not the only one who also wish to use this for monitoring 
the system.

I'm also playing with grafena6 but I find it all a hairy beast.
Storing data is relative simple, but displaying I find complex.

If I cannot contribute on that, then at least I will write another howto 
(already made notes).

Last but not least; my compliments on this "toy", to me it's very useful.


-- 

Met vriendelijke groet,
With kind regards,


Leo Vandewoestijne
<***@dns.company>

___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

[dnsdist] Define out-of-band IP to reach carbon server

2019-08-13 Thread Leo Vandewoestijne 
Hi,


I'm running dnsdist inside a virtualized host, which has anycasted IP's and 
out-of-band IP's.
Using nc I can reach my carbon server BUT have to define the source IP.

Now I wish to have dnsdist sent data to metronome.
So I assumed using "setLocal" would define the main IP, and so set the 
out-of-band IP.
Whatever I do; put it before or after addLocal, or use addLocal (first and 
last), dnsdist can't reach the carbon server.

What information am I missing to get more success?


-- 

Met vriendelijke groet,
With kind regards,


Leo Vandewoestijne
<***@dns.company>

___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

[dnsdist] metronome on FreeBSD - rc.d script

2019-08-13 Thread Leo Vandewoestijne 
Hi,


This message is not dnsdist specifically, but about metronome.
Still I though this channel would be the most appropriate.

I just wrote an rc.d script for the metronome port in FreeBSD.

If you happen to be interrested in both, then please review
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239819


-- 

With kind regards,


Leo Vandewoestijne
<***@dns.company>

___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

[dnsdist] IP_BINDANY warnings in FreeBSD jail

2016-09-08 Thread Leo Vandewoestijne 
Hi,

I'm running dnsdist in a FreeBSD jail, and when I restart I get warnings.
Looks like this (all IP's are figurative):

root@jail: # /usr/local/etc/rc.d/dnsdist restart
Stopping dnsdist.
Waiting for PIDS: 7579, 7579.
Starting dnsdist.
Read configuration from '/usr/local/etc/dnsdist/dnsdist.conf'
Added downstream server 35.225.21.145:54
Added downstream server 35.225.21.144:54
Added downstream server 35.225.21.145:55
Added downstream server 35.225.21.144:55
Added downstream server 35.225.21.145:56
Added downstream server 35.225.21.144:56
Added downstream server 35.225.21.145:52
Added downstream server 35.225.21.144:52
Added downstream server 35.225.21.140:52
Added downstream server 35.225.21.141:52
Added downstream server 35.225.21.142:52
Added downstream server 35.225.21.143:52
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 127.0.0.2:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 125.4.4.1:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 125.4.4.28:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 123.8.71.80:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 123.8.71.81:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 123.8.71.82:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 123.8.71.83:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 123.8.71.84:53


When I run dnsdist on the host -in stead of the jail- then these warnings do 
not occur.

When I allow sockets in the jail it makes no difference:
root@host# sysctl security.jail.allow_raw_sockets=1
security.jail.allow_raw_sockets: 0 -> 1

I anyway expect it's more a packages redirecting thing.
But wether the firewall is running or not makes no difference,
so I suspect it's more a kernel issue.
Now I do have a very customized kernel, but I remember running dnsdist the 
first time
was in a GENERIC kernel, and gave the same warning in a jail.

Also it makes no difference when I bind to physical or virtual interfaces or 
even lo0.

I delved into the source a bit, but can not find what the "setsockopt" is about.


Now it's just a warning, not an error, but I wonder what the impact is.


--

Met vriendelijke groet,
With kind regards,


Leo Vandewoestijne.
www.unicycle.net
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist