Re: [dnsdist] High-fidelity timestamp in FrameStream logging

2019-10-11 Thread Remi Gacogne
lt;- opcode: QUERY, rcode: NOERROR, id: 8674 ;; flags: rd ad ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;powerdns.com. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; EDNS: version 0; flags: ; udp: 4096

Re: [dnsdist] increase in drops or changed semantics?

2019-10-08 Thread Remi Gacogne
ng buffer, for example to compute dynamic block rules, takes a bit longer. > (there is no column description in the output, I assume the 3rd column > is number of requests?) Yes. [1]: https://dnsdist.org/reference/config.html?highlight=setring#setRingBuffersSize Best regards, -

Re: [dnsdist] increase in drops or changed semantics?

2019-10-07 Thread Remi Gacogne
ea recently. The drops counter is the number of queries sent to a backend and for which we did not get a response fast enough (or at all). You should be able to use the inspection features of dnsdist to figure out what is causing these drops, like grepq("3000ms") or topSlow(). Best regards,

[dnsdist] Third release candidate for dnsdist 1.4.0

2019-09-30 Thread Remi Gacogne
-1.4.0-rc3 [3]: https://downloads.powerdns.com/releases/dnsdist-1.4.0-rc3.tar.bz2 [4]: https://repo.powerdns.com/ Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist

Re: [dnsdist] LogAction() is ignored?

2019-09-24 Thread Remi Gacogne
On 9/24/19 3:20 PM, Stephane Bortzmeyer wrote: > On Mon, Sep 23, 2019 at 11:20:29AM +0200, > Remi Gacogne wrote > a message of 98 lines which said: > >> If you are using our systemd unit file, note that we do set >> PrivateTmp=true for security reasons, meaning

Re: [dnsdist] LogAction() is ignored?

2019-09-23 Thread Remi Gacogne
log instead of /tmp/dnsdist.log. Regarding the world-readable permissions we rely on the process' umask value, but perhaps we should enforce some stricter mode here. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital sign

Re: [dnsdist] Is dnsdist FIPS 140-2 Compliant?

2019-09-23 Thread Remi Gacogne
ing customers. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] DoH: 302 redirecting / to a help page

2019-09-16 Thread Remi Gacogne
ttps://support.mydoman.com;) } dohFE = getDOHFrontend(0) dohFE:setResponsesMap(supportpagemap) It will only apply the map to the first DoH frontend (based on the '0' index), so if you have more than one you'll have to carefully apply it to all of them. Best regards, -- Remi Gacogne PowerDNS.COM BV - htt

Re: [dnsdist] minTLSVersion Testing

2019-09-14 Thread Remi Gacogne
sion::TLS12, "tls1.2" }, >     { LibsslTLSVersion::TLS13, "tls1.3" } >   }; Nice catch! It should be fixed once [1] has been merged. [1]: https://github.com/PowerDNS/pdns/pull/8297 Best regards, -- Remi Gacogne PowerDNS.COM BV -

[dnsdist] Second release candidate for dnsdist 1.4.0

2019-09-02 Thread Remi Gacogne
://downloads.powerdns.com/releases/dnsdist-1.4.0-rc2.tar.bz2 [4]: https://repo.powerdns.com/ Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist

Re: [dnsdist] Sending additional info from dnsdist to recursor

2019-08-29 Thread Remi Gacogne
ference/dq.html#DNSQuestion:setTrailingData Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Dynamic Rule Block Logs Host Address

2019-08-29 Thread Remi Gacogne
option. Please open a feature request on GH if you would like to have the truncation feature implemented. [1]: https://github.com/PowerDNS/pdns/pull/8252 Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: Open

Re: [dnsdist] ComboAddress truncate function?

2019-08-28 Thread Remi Gacogne
okout.com> > > > > -- > >    > > Brian M. Sullivan > Senior Staff Security Intelligence Engineer > bsulli...@lookout.com <mailto:bsulli...@lookout.com> |  www.lookout.com > <http://www.lookout.com> > > >

Re: [dnsdist] DelayAction with dnsdist 1.4.0-rc1

2019-08-16 Thread Remi Gacogne
block there either. I'm afraid I don't really have a solution to offer if you want to delay the response over TCP, sorry :-/ We should probably fix that since I assume that people might want to delay over DoT or DoH too. Best, -- Remi Gacogne PowerDNS BV - https://www.powerdns.com/ signature

Re: [dnsdist] DelayAction with dnsdist 1.4.0-rc1

2019-08-16 Thread Remi Gacogne
that you are sending your queries over TCP. I'm afraid DelayAction() is UDP-only at the moment. I believe it's mentioned in the documentation but perhaps we should make that clearer :-/ Best regards, -- Remi Gacogne PowerDNS BV - https://www.powerdns.com

Re: [dnsdist] Feature Request?

2019-08-14 Thread Remi Gacogne
something around by tuning the allowed ciphers, but I guess an option to to select the TLS versions allowed, like ssl_protocols in nginx or SSLProtocol in Apache HTTPD, would make sense as well. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description

Re: [dnsdist] DNSDIST 1.3.3-3 from standard debian buster

2019-08-14 Thread Remi Gacogne
I am wondering if there is a plan for official dnsdist 1.4 packages on > Debian Stretch? I am going to need to use that for now as Buster isn't > suitable for production in my environment yet. We already provide 1.4.0 packages for Stretch at https://repo.powerdns.com unless I'm missing som

Re: [dnsdist] DNSDIST 1.3.3-3 from standard debian buster

2019-08-14 Thread Remi Gacogne
that the state was still marked as "in use", meaning that the response never came through. We will then "reuse" that state, and so the corresponding metric is named "reused" even though nowadays we usually notice the timeout by regularly scanning the table. Best r

Re: [dnsdist] dnsdist performance

2019-08-14 Thread Remi Gacogne
ver committed? It certainly looks that way. Best regards, Remi > On Mon, 12 Aug 2019 at 10:16, Remi Gacogne <mailto:remi.gaco...@powerdns.com>> wrote: > > Hi Gentian, > > On 8/12/19 10:12 AM, Gentian Bajraktari wrote: > > I have attached results from

Re: [dnsdist] dnsdist performance

2019-08-14 Thread Remi Gacogne
g buffers. Even if you don't use the packet cache it would be a good idea to shard the ring buffers as soon as you use several threads, with: setRingBuffersSize(1, 16) which keeps the default value for the number of entries to keep in memory but use 16 shards instead of 1, reducing lock conte

Re: [dnsdist] DelayAction with dnsdist 1.4.0-rc1

2019-08-14 Thread Remi Gacogne
without knowing exactly how the client sends the queries, in particular whether it waits for an answer before sending the next query. Perhaps a network capture would help? Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signatu

Re: [dnsdist] metronome on FreeBSD - rc.d script

2019-08-14 Thread Remi Gacogne
tronome Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Feature Request?

2019-08-14 Thread Remi Gacogne
ovides the opportunity for other users to chime in and if the feature makes sense to use it's usually added to the relevant milestone. [1]: https://github.com/PowerDNS/pdns/issues/new -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital sig

Re: [dnsdist] Define out-of-band IP to reach carbon server

2019-08-14 Thread Remi Gacogne
connections to that particular destination ip. Yes, Frank is right. Please open a new feature request on Github to be able to specify the source IP used to reach the carbon server if you think it might be useful to others. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.

Re: [dnsdist] DNSDIST 1.3.3-3 from standard debian buster

2019-08-12 Thread Remi Gacogne
remote logging, since it's looking more and more like a Buster issue than a dnsdist one, especially if the issue also manifests itself with the Auth.. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature

[dnsdist] First release candidate for dnsdist 1.4.0

2019-08-12 Thread Remi Gacogne
#change-1.4.0-rc1 [3]: https://downloads.powerdns.com/releases/dnsdist-1.4.0-rc1.tar.bz2 [4]: https://repo.powerdns.com/ Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature

Re: [dnsdist] dnsdist performance

2019-08-12 Thread Remi Gacogne
n.powerdns.com <mailto:dnsdist@mailman.powerdns.com> > https://mailman.powerdns.com/mailman/listinfo/dnsdist > > > ___ > dnsdist mailing list > dnsdist@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/dnsdist > -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist performance

2019-08-11 Thread Remi Gacogne
s, so I'm pretty sure disabling the meltdown/spectre mitigations would do a big difference, but it's already pretty far from 5-15K QPS. If you increase the number of threads you'll need to use ring buffers sharding to limit contention, by the way. Best regards -- Remi Gacogne PowerDNS.COM B

Re: [dnsdist] format logAction Rows

2019-08-09 Thread Remi Gacogne
lob/master/contrib/ProtobufLogger.py Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist performance

2019-08-08 Thread Remi Gacogne
without any private information and is very useful to understand where the bottleneck may be. [1]: https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/ [2]: https://metronome1.powerdns.com/ Best regards, Remi > On Thu, 8 Aug 2019 at 10:52, Remi Gacogne <mailto:remi.ga

Re: [dnsdist] dnsdist 1.4 and Debian Buster

2019-08-08 Thread Remi Gacogne
n for load balancing. Now I am using > poolAvailable with rules so I can use a built in method. > - The rules were tidied up a bit, previously each dnsdist instance had > left over rules that were no longer required > - The cache sizes were adjusted Right, that doesn't seem

Re: [dnsdist] dnsdist performance

2019-08-08 Thread Remi Gacogne
[1]: https://dnsdist.org/advanced/tuning.html Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.power

Re: [dnsdist] dnsdist 1.4 and Debian Buster

2019-08-08 Thread Remi Gacogne
onome server [1] for a while, just from one box, we might some spot something there. Also, apart from Debian being upgraded from Stretch to Buster and dnsdist from 1.3.x to 1.4.0-beta2, did anything else change in your setup? [1]: https://metronome1.powerdns.com Best regards -- Remi Gac

Re: [dnsdist] dnsdist 1.4 and Debian Buster

2019-08-07 Thread Remi Gacogne
he metrics that you have some rules. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist 1.4 and Debian Buster

2019-08-07 Thread Remi Gacogne
s feet, see [1]. [1]: https://github.com/PowerDNS/pdns/issues/4853 Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com

Re: [dnsdist] EDNSOptionRule not triggering?

2019-08-05 Thread Remi Gacogne
/PowerDNS/pdns/pull/8158 Best regards, Remi On 7/31/19 10:03 PM, Remi Gacogne wrote: > On 7/31/19 9:47 PM, Brian Sullivan wrote: >> Sure let me put something together with some generic data and send you the >> trace. By the way, could you send me the rule you used? I tried a fe

Re: [dnsdist] EDNSOptionRule not triggering?

2019-07-31 Thread Remi Gacogne
tood, thank you! Remi > On Wed, Jul 31, 2019 at 3:36 PM Remi Gacogne > wrote: > >> Hi Brian, >> >> On 7/31/19 6:57 PM, Brian Sullivan wrote: >>> I am using dnsdist 1.4.0-beta1 and am trying to detect queries that are >>> using a local/experimental optcod

Re: [dnsdist] EDNSOptionRule not triggering?

2019-07-31 Thread Remi Gacogne
tput > *** Special Code = BLAH > > Any idea on what is going on? Would you be able to share a capture of the query, or at least some way we can reproduce the issue? I did a quick test -albeit with a different option- and it worked correctly so I'm assumin

Re: [dnsdist] pool selection without implicit accept

2019-07-12 Thread Remi Gacogne
quot;))) I don't think it would be too complicated to implement and since it would be self-contained we could even consider it for 1.4.0. Any thoughts? Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Descri

Re: [dnsdist] identical metrics

2019-07-12 Thread Remi Gacogne
rate a single > metric with the sum of all submetrics? It will rename the metrics so that they are unique. In the future I would like to provide both per-thread metrics and also aggregated ones, but I'm afraid that will have to wait for 1.5.0. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://

Re: [dnsdist] identical metrics

2019-07-12 Thread Remi Gacogne
ind for the next refactoring of this code. In the meantime this exact issue should have been fixed by [1] on master. [1]: https://github.com/PowerDNS/pdns/pull/7934 Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP d

Re: [dnsdist] expected file descriptor usage

2019-07-06 Thread Remi Gacogne
fail to properly handle a case you might see dnsdist restarting after an unhandled exception. [1]: https://github.com/PowerDNS/pdns/pull/7927 Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: O

Re: [dnsdist] Add ECS to response

2019-07-04 Thread Remi Gacogne
tion('0.0.0.0/0', '::/0')) > > But SetECSAction() is only for queries, not responses. I'm afraid there currently is no way to add ECS to a response in dnsdist. I'm not sure it would be a good idea, though, I believe it's something that only the backend should do. Best regards, -- Remi Ga

Re: [dnsdist] documentation for "showDOHFrontends()" output

2019-06-12 Thread Remi Gacogne
spond with > 500 Internal Server Error > in all these "Error" cases? (which would be surprising, at least to me) Yes, that's indeed the case with our current code and I agree we need to handle that differently. I just opened [1] which I hope is a step in the right direction. Comments

Re: [dnsdist] documentation for "showDOHFrontends()" output

2019-06-11 Thread Remi Gacogne
dErrors' counter of the corresponding backend). For that last one it looks like we don't display the value of the 'sendErrors' counters in the console, we do export it via carbon and the API though. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Descri

Re: [dnsdist] DoH and DoT on the same IP:port via different SNIs? (was: dnsdist 1.4.0-beta1 released)

2019-06-11 Thread Remi Gacogne
uld be hard to mix them. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dynblock rules AND

2019-06-11 Thread Remi Gacogne
ture request on github if you care enough :-) Best regards, Remi > On Mon, Jun 3, 2019 at 10:02 AM Remi Gacogne <mailto:remi.gaco...@powerdns.com>> wrote: > > Hi Nico, > > On 6/1/19 5:39 AM, Nico wrote: > > Hi! > > Small question about dyna

[dnsdist] dnsdist 1.4.0-beta1 released

2019-06-06 Thread Remi Gacogne
regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dynblock rules AND

2019-06-03 Thread Remi Gacogne
gt; dbr:setResponseByteRate(1, 10, "Exceeded resp BW rate", 60) > > If I want to limit TXT byte rate for example There is indeed no way to combine rules for the dynamic blocking feature. You should be able to do the kind of rate-limiting you have in mind with regular rules, th

[dnsdist] dnsdist 1.4.0-alpha2 with DNS over HTTPS support released

2019-04-26 Thread Remi Gacogne
repository [4]. [1]: https://dnsdist.org [2]: https://dnsdist.org/changelog.html#change-1.4.0-alpha2 [3]: https://downloads.powerdns.com/releases/dnsdist-1.4.0-alpha2.tar.bz2 [4]: https://repo.powerdns.com/ Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc

Re: [dnsdist] Question about dnsdist, pdns, pdns-recursor problem with AXFR

2019-04-04 Thread Remi Gacogne
ossos.com>', zone committed with serial number 2019040302 > pdns_server[12784]: Done launching threads, ready to distribute questions > > But I have got information, when I test DNS on > website https://mxtoolbox.com: > "dns angelikarossos.com <http://angelikarossos.com> Open Zone Tr

[dnsdist] Plans for dnsdist 1.4.0

2019-04-04 Thread Remi Gacogne
/pull/6911 Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Modifying requests

2019-03-15 Thread Remi Gacogne
uggest another way or, if it makes sense, turn that into a feature request. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdn

Re: [dnsdist] non-fatal error while writing to TLS connection: Resource temporarily unavailable

2019-03-12 Thread Remi Gacogne
Hi, On 3/9/19 10:54 PM, Remi Gacogne wrote: > This might be a bug in the way we handle EAGAIN error with the GnuTLS > DoT provider. I might have an idea about the issue and the way to fix it. This should be fixed by https://github.com/PowerDNS/pdns/pull/7560 Thanks for reporting the

Re: [dnsdist] non-fatal error while writing to TLS connection: Resource temporarily unavailable

2019-03-09 Thread Remi Gacogne
"openssl" in the options of addTLSLocal(), ie something like: addTLSLocal("192.0.2.1", "/path/to/cert", "/path/to/key", { provider="openssl"} ) Best regards, -- Remi Gacogne PowerDNS.COM BV - https:/

Re: [dnsdist] reqresp.cpp:265:13: warning: duplicated 'if' condition [-Wduplicated-cond]

2019-01-30 Thread Remi Gacogne
t regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Dnsdist with dnscrypt

2019-01-02 Thread Remi Gacogne
r looking like /tmp/systemd-private-*-dnsdist.service-*/tmp/ [1]: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp= Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature _

Re: [dnsdist] dnsdist capacity

2018-11-14 Thread Remi Gacogne
Remi > > *От:* dnsdist от имени Remi > Gacogne > *Отправлено:* 9 ноября 2018 г. 19:41 > *Кому:* dnsdist@mailman.powerdns.com > *Тема:* Re: [dnsdist] dnsdist capacity >   > Hi Alexey, > > On 11/9/1

Re: [dnsdist] dnsdist capacity

2018-11-09 Thread Remi Gacogne
://dnsdist.org/guides/carbon.html [3]: https://github.com/ahupowerdns/metronome Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailm

[dnsdist] dnsdist 1.3.3 released

2018-11-08 Thread Remi Gacogne
cies were available. [1]: https://dnsdist.org [2]: https://dnsdist.org/changelog.html [3]: https://downloads.powerdns.com/releases/dnsdist-1.3.3.tar.bz2 [4]: https://repo.powerdns.com/ Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ si

Re: [dnsdist] drop reverse lookups

2018-08-03 Thread Remi Gacogne
ant. If you had be looking to match only the exact 10.in-addr.arpa name, you would have needed to use QNameRule("10.in-addr.arpa") instead. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature _

[dnsdist] dnsdist 1.3.2 released

2018-07-10 Thread Remi Gacogne
are also available on our repository [4]. [1]: https://dnsdist.org [2]: https://dnsdist.org/changelog.html [3]: https://downloads.powerdns.com/releases/dnsdist-1.3.2.tar.bz2 [4]: https://repo.powerdns.com/ Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc

Re: [dnsdist] Dns over TLS, and certificates that expire

2018-06-29 Thread Remi Gacogne
ets? In theory it would not, but this PR will generate new ticket keys when the certificates are reloaded unless the ticket keys are loaded from a file. [1]: https://github.com/PowerDNS/pdns/pull/6764 Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Descripti

Re: [dnsdist] dnsdist and protobuf support for DnstapLogAction

2018-06-27 Thread Remi Gacogne
you let us know which specific version of which distribution you are planning to use, I should be able to check. Bets regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsd

Re: [dnsdist] dnsdist performance

2018-06-26 Thread Remi Gacogne
all our queries are cached > (98% hit rate) Did you consider grouping all those 60 rules into a single one using SuffixMatchNodeRule()? The cost should be much lighter. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP d

Re: [dnsdist] NoneAction()

2018-06-14 Thread Remi Gacogne
the meantime you could get the same result using another rule that doesn't stop the processing, like TagAction() [1]. [1]: https://dnsdist.org/rules-actions.html?highlight=tagaction#TagAction Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description

Re: [dnsdist] can dns responses be changed or suppressed ( E.g. suppress A records for all internal IPs) ?

2018-06-11 Thread Remi Gacogne
might be able to get away with generating answers directly from dnsdist, but you won't be able to selectively remove part of an existing answer. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature __

Re: [dnsdist] dnsdist - Bad file descriptor

2018-05-22 Thread Remi Gacogne
our configuration? I'm wondering why kind of error caused the disconnection, although it might be a transient network issue. [1]: https://github.com/PowerDNS/pdns/pull/6317 -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist - choosing CPU for a new server

2018-05-03 Thread Remi Gacogne
especially true if you use Lua policies or rules, but also holds when you don't, to a lesser extent. Kind regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist maili

Re: [dnsdist] dnsdist 1.3.0 - counters in Web GUI

2018-04-03 Thread Remi Gacogne
his, I opened a new issue so we don't forget: https://github.com/PowerDNS/pdns/issues/6442 Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list d

[dnsdist] dnsdist 1.3.0 released

2018-03-30 Thread Remi Gacogne
://dnsdist.org/changelog.html [7]: https://downloads.powerdns.com/releases/dnsdist-1.3.0.tar.bz2 [8]: https://repo.powerdns.com/ Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature

Re: [dnsdist] Packetcache expiring

2018-03-14 Thread Remi Gacogne
ld then restore the cache cleaning after at least one backend comes back in the same way. -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Packetcache expiring

2018-03-09 Thread Remi Gacogne
On 03/08/2018 07:08 PM, Nemanja Zeljkovic wrote: > I think I narrowed this down to cache cleanup. Specifically: > https://github.com/PowerDNS/pdns/blob/master/pdns/dnsdist.cc#L1713 > > default is 60, my TTL was 60 so that’s why I got about two minutes of > “availability”. Setting

Re: [dnsdist] Packetcache expiring

2018-03-08 Thread Remi Gacogne
rom and quickly searching > trough source doesn't seem to indicate any such value. (120) The cache respects the TTLs present in the DNS response, so my assumption is that the response you are looking for has a TTL of 120s. Cheers, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signatu

Re: [dnsdist] NetmaskGroup

2018-03-07 Thread Remi Gacogne
NMG:size() 2 > if myNMG:match(newCA("192.0.2.1")) then return 1 else return 0 end 1 > if myNMG:match(newCA("192.0.2.3")) then return 1 else return 0 end 0 > Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital s

Re: [dnsdist] disable web interface login requirement?

2018-01-02 Thread Remi Gacogne
On 01/02/2018 06:30 PM, Brooks Bridges wrote: > Is there a way to turn this off?  The system is purely internal and we’d > like to put the overview screen on a monitor. There is no way to disable it, no. You could pass the username and password in the URL though. -- Remi Gacogne PowerD

Re: [dnsdist] dnsdist firstAvailable order - apparent bug

2017-12-04 Thread Remi Gacogne
down 0.0 >> 0 0 1 35 1 0.0 1.4 0 >> 110.3.5.13:53 down 0.0 >> 0 5 1 31 2 0.0 0.6 0 >> 210.3.5.14

Re: [dnsdist] server policy to failover to another pool

2017-10-06 Thread Remi Gacogne
On 10/06/2017 04:19 PM, Justin Valentini wrote: > Looks like it's a signed int, so 2147483647. Yes, it's a signed int, although it probably should be an unsigned one. That means the maximum value is INT_MAX, for which the exact value varies according to your platform. -- Remi Gaco

[dnsdist] dnsdist 1.2.0 released

2017-08-21 Thread Remi Gacogne
.html [2]: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html [3]: https://dnsdist.org/ [4]: https://dnsdist.org/changelog.html [5]: https://downloads.powerdns.com/releases/dnsdist-1.2.0.tar.bz2 [6]: https://repo.powerdns.com/ -- Remi Gacogne PowerDNS.COM BV - https

Re: [dnsdist] Match CAA queries

2017-08-18 Thread Remi Gacogne
related — is it be possible to rewrite tcp queries coming > into dnsdist to udp queries to the backend? It doesn’t appear to be. > (I am trying to make rbldnsd look like it’s behaving a little > nicer). No, it's not. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.power

Re: [dnsdist] setAuto() healthchecks

2017-08-18 Thread Remi Gacogne
On 08/17/2017 05:20 PM, Remi Gacogne wrote: > Perhaps we should add an optional parameter to setAuto() to be able to > set the initial state. No parameter would be the current behavior (ie, > previous state), "false" would mean the server is marked down until the > next chec

Re: [dnsdist] setAuto() healthchecks

2017-08-17 Thread Remi Gacogne
.com/PowerDNS/pdns/pull/5623 Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Manage dnsdist with ansible

2017-08-03 Thread Remi Gacogne
never found the time to actually implement it. You can manage them via the console over TCP, though. -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list d

Re: [dnsdist] Clarification on weight in newServer option

2017-07-31 Thread Remi Gacogne
e sense to add a new one in dnsdist, open a feature request. Policies written in Lua are not a lot slower than those written in C++ given that they are written carefully. They do increase lock contention between threads a bit however, but that's only relevant if you serve a huge number of QPS. -- R

Re: [dnsdist] Clarification on weight in newServer option

2017-07-28 Thread Remi Gacogne
uot; the node, and more importantly does dnsdist correctly mark it up when you bring it back? -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.p

Re: [dnsdist] Correct way to ignore alterFunction callback in RemoteLogResponseAction ?

2017-05-30 Thread Remi Gacogne
ed. Passing a nil value is the correct way to say that no callback should be called. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.

Re: [dnsdist] modify (spoof) NS-records ?

2017-05-15 Thread Remi Gacogne
is that correct ? This is indeed not currently possible. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailm

Re: [dnsdist] customize keepalive check timing?

2017-05-03 Thread Remi Gacogne
> correctly or I'm misinterpreting, or I'm really that slow checking the > state after disabling the other server). Yes, your assumption is correct, so if the server is really marked "down" after the first failure, it's a bug :) Best regards, -- Remi Gacogne PowerDNS.COM BV - https

Re: [dnsdist] dnscrypt

2017-04-16 Thread Remi Gacogne
r name did not match, I believe dnsdist should send a certificate response. Could you look at the output of the "dumpStats()" command to see if any counter increases? Oh, did you configure the ACL properly, because by default queries from non-rfc1918 addresses are dropped? Regards, -

Re: [dnsdist] why do I have to add an \0x13 to the DNS name when using the expungeByName cache command?

2017-04-06 Thread Remi Gacogne
Hi Seth, On 04/06/2017 01:49 AM, Seth Orstein wrote: > I find that to use the expungeByName cache command in dnsdist I have to > end the name with \013, why is this? > > An example that works would be: > > getPool("mainpool"):getCache():expungeByName(newDNSName("google.com > \013")) > > If I

Re: [dnsdist] Using server names for a custom serverPolicy

2017-03-28 Thread Remi Gacogne
tatic configuration I don't advise the use of names there. If you really want to do so, I'd suggest constructing a Lua table using the backend name as key, by iterating through the list passed to your function and using the getName() method on each backend. Best regards, -- Remi Gacogne PowerDNS.

Re: [dnsdist] dnsdist ubuntu

2017-03-14 Thread Remi Gacogne
on enabling remote access to the console. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

[dnsdist] dnsdist 1.1.0 released

2016-12-29 Thread Remi Gacogne
al packages are also available on our repository [4]. Best regards, [1]: http://dnsdist.org/changelog/#110 [2]: http://dnsdist.org/README/ [3]: https://downloads.powerdns.com/releases/dnsdist-1.1.0.tar.bz2 [4]: https://repo.powerdns.com/ -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.co

[dnsdist] dnsdist 1.1.0 Beta 2 released

2016-12-14 Thread Remi Gacogne
packages are also available on our repository [4]. Best regards, [1]: http://dnsdist.org/changelog/#110-beta2 [2]: http://dnsdist.org/README/ [3]: https://downloads.powerdns.com/releases/dnsdist-1.1.0-beta2.tar.bz2 [4]: https://repo.powerdns.com/ -- Remi Gacogne PowerDNS.COM BV - https

Re: [dnsdist] Fwd: dnsdist cache looks empty

2016-11-29 Thread Remi Gacogne
ies to the "private" pool, using for example addPoolRule(), PoolAction(), QPSPoolAction() or setDNSSECPool() ? Otherwise all queries are routed to the default pool, so you need to either route some of them to the "private" pool, or to set a cache on the default pool. -

Re: [dnsdist] Fwd: dnsdist cache looks empty

2016-11-29 Thread Remi Gacogne
ion(), QPSPoolAction(), setDNSSECPool().. Therefore you might want to leave your servers in the default pool and also add them to another one by doing something like this: newServer({address="192.168.99.10", name="DMZ", order=10, pool={"", "private&quo

Re: [dnsdist] dnsdist cache looks empty

2016-11-28 Thread Remi Gacogne
route some queries to it? Do you see an increase of the counters of the servers placed in that pool? -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] udp timeout?

2016-11-23 Thread Remi Gacogne
Hi Brooks, On 11/22/2016 05:34 PM, Brooks Bridges wrote: > As an interim "patch", can you point me towards where this is > configured in the existing code so we can compile our own version > until you guys can get to making a change? I just opened a PR [1] with that change, since it was almost

Re: [dnsdist] udp timeout?

2016-11-22 Thread Remi Gacogne
On 11/22/2016 10:05 AM, abang wrote: > Am 22.11.2016 um 09:49 schrieb Remi Gacogne: >> I am afraid the UDP timeout is not configurable at the moment... > How long is the built-in timeout? Two seconds. -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc

Re: [dnsdist] udp timeout?

2016-11-22 Thread Remi Gacogne
forget to add a setting for this. [1]: https://github.com/PowerDNS/pdns/issues/new -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@ma

  1   2   >