I have pdns authoritative server configured on three servers and pdns recursor configured on two other servers. dnsdist is configure on a sixth server with the following configuration:
*setLocal("10.240.70.91:53 <http://10.240.70.91:53>")newServer({address="10.240.70.81:53 <http://10.240.70.81:53>",pool="auth"})newServer({address="10.240.70.82:53 <http://10.240.70.82:53>",pool="auth"})newServer({address="10.240.70.83:53 <http://10.240.70.83:53>",pool="auth"})newServer({address="10.240.70.84:53 <http://10.240.70.84:53>",pool="rec"})newServer({address="10.240.70.85:53 <http://10.240.70.85:53>",pool="rec"})addAction("homelab.test.", PoolAction("auth"))addAction(RDRule(), PoolAction("rec"))* Querying the pdns-auth servers directly yields the following result: *dig +trace homelab.test @10.240.70.81 <http://10.240.70.81>; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> +trace homelab.test @10.240.70.81 <http://10.240.70.81>;; global options: +cmd;; Received 28 bytes from 10.240.70.81#53(10.240.70.81) in 3 ms* Similarly for the pdns-recursor servers: *dig www.yahoo.com <http://www.yahoo.com> @10.240.70.84 <http://10.240.70.84>* *; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> www.yahoo.com <http://www.yahoo.com> @10.240.70.84 <http://10.240.70.84>;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14602;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 512;; QUESTION SECTION:;www.yahoo.com <http://www.yahoo.com>. IN A;; ANSWER SECTION:www.yahoo.com <http://www.yahoo.com>. 253 IN CNAME atsv2-fp-shed.wg1.b.yahoo.com <http://atsv2-fp-shed.wg1.b.yahoo.com>.atsv2-fp-shed.wg1.b.yahoo.com <http://atsv2-fp-shed.wg1.b.yahoo.com>. 9 IN A 72.30.35.9atsv2-fp-shed.wg1.b.yahoo.com <http://atsv2-fp-shed.wg1.b.yahoo.com>. 9 IN A 98.138.219.231atsv2-fp-shed.wg1.b.yahoo.com <http://atsv2-fp-shed.wg1.b.yahoo.com>. 9 IN A 98.138.219.232atsv2-fp-shed.wg1.b.yahoo.com <http://atsv2-fp-shed.wg1.b.yahoo.com>. 9 IN A 72.30.35.10;; Query time: 71 msec;; SERVER: 10.240.70.84#53(10.240.70.84);; WHEN: Sun May 12 15:29:37 EDT 2019;; MSG SIZE rcvd: 140* When I point the query to the dnsdist server however, I get replies for the recursive query but the local domain does not provide the expected result: *dig www.yahoo.com <http://www.yahoo.com> @10.240.70.91 <http://10.240.70.91>; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> www.yahoo.com <http://www.yahoo.com> @10.240.70.91 <http://10.240.70.91>;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11278;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 512;; QUESTION SECTION:;www.yahoo.com <http://www.yahoo.com>. IN A;; ANSWER SECTION:www.yahoo.com <http://www.yahoo.com>. 119 IN CNAME atsv2-fp-shed.wg1.b.yahoo.com <http://atsv2-fp-shed.wg1.b.yahoo.com>.atsv2-fp-shed.wg1.b.yahoo.com <http://atsv2-fp-shed.wg1.b.yahoo.com>. 13 IN A 98.138.219.231atsv2-fp-shed.wg1.b.yahoo.com <http://atsv2-fp-shed.wg1.b.yahoo.com>. 13 IN A 72.30.35.9atsv2-fp-shed.wg1.b.yahoo.com <http://atsv2-fp-shed.wg1.b.yahoo.com>. 13 IN A 72.30.35.10atsv2-fp-shed.wg1.b.yahoo.com <http://atsv2-fp-shed.wg1.b.yahoo.com>. 13 IN A 98.138.219.232;; Query time: 72 msec;; SERVER: 10.240.70.91#53(10.240.70.91);; WHEN: Sun May 12 15:31:52 EDT 2019;; MSG SIZE rcvd: 140* I get the following result when querying dnsdist server: *dig powerdns-1.homelab.test @10.240.70.91 <http://10.240.70.91>; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> powerdns-1.homelab.test @10.240.70.91 <http://10.240.70.91>;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 50992;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1;; WARNING: recursion requested but not available;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1232;; QUESTION SECTION:;powerdns-1.homelab.test. IN A;; Query time: 4 msec;; SERVER: 10.240.70.91#53(10.240.70.91);; WHEN: Sun May 12 15:35:41 EDT 2019;; MSG SIZE rcvd: 52* But querying pdns-auth directly yields the following: *dig powerdns-1.homelab.test @10.240.70.81 <http://10.240.70.81>; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> powerdns-1.homelab.test @10.240.70.81 <http://10.240.70.81>;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58541;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; WARNING: recursion requested but not available;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1232;; QUESTION SECTION:;powerdns-1.homelab.test. IN A;; ANSWER SECTION:powerdns-1.homelab.test. 3600 IN A 10.240.70.81;; Query time: 6 msec;; SERVER: 10.240.70.81#53(10.240.70.81);; WHEN: Sun May 12 15:36:52 EDT 2019;; MSG SIZE rcvd: 68* How do I get a similar result from dnsdist? *dnsdist -Vdnsdist 1.4.0-alpha1 (Lua 5.1.4 [LuaJIT 2.0.4])Enabled features: dns-over-tls(openssl) dnscrypt ebpf ipcipher libsodium protobuf re2 recvmmsg/sendmmsg systemd*
_______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist