Re: [dnsdist] dnsdist NOTIFY distribution to several slaves

2021-03-18 Thread Winfried Angele via dnsdist 

On 18.03.21 15:25, stefan.bec...@t-systems.com wrote:
> Does that mean TeeAction is an additional action that is processed 
additionally to the "normal" distribution of a query? Say dnsdist is 
configured with one pool of servers. When using TeeAction does that mean 
an incoming Notify is send to the pool and also to the IPs configured 
within the TeeAction?


Yes, "Subsequent rules are processed after this action"

> In addition to being able to use TeeActions, I had in mind to define 
a dedicated pool to which notifications are sent (based on checking the 
OpCode). To do this, you would most likely have to write a few lines of 
Lua code. Would this be an alternative solution? What do you think?


I don't know, sorry. I'm also not sure I understood the question 
correctly. Apart from TeeAction, a query can only be forwarded to one 
server of a pool. This is possible out-of-the-box with a Rule and a 
PoolAction. What would be the purpose of the mentioned Lua script? Do 
you mean send multiple Notifies from a LuaAction? Then I don't know.


Winfried
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist NOTIFY distribution to several slaves

2021-03-18 Thread Kai via dnsdist 

Hello Stefan,

You could choose to configure your master with the 2 real IP's of the 
slaves; Adding a second slave (or third) is relatively easy in most (if 
not all) authoritative dns software.


Regards
Kai

On 18-03-2021 14:42, Stefan via dnsdist wrote:

Hi there,

I’ve got the following setup: I am running dnsdist in front of two 
slaves. My master nameserver sends notify messages to the (service) IP 
of the dnsdist, not directly two the slaves (for several reasons). As I 
know so far dnsdist does not distribute notify messages to all servers 
behind it, but only to one choosen server. Is there any method to get 
notify messages distributed to all servers, e.g. by using a lua script 
or a specific dnsdist configuration? How can this be solved in practice?


Best regards

Stefan Becker


___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist


___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist NOTIFY distribution to several slaves

2021-03-18 Thread Winfried Angele via dnsdist 

Hello Stefan,

It's a bit of a hack, because not meant for that. But TeeAction 
(https://www.dnsdist.org/rules-actions.html#TeeAction) could work maybe.


Example:

addAction(OpcodeRule(DNSOpcode.Notify),TeeAction("192.168.2.1"))
addAction(OpcodeRule(DNSOpcode.Notify),TeeAction("192.168.2.2"))
addAction(OpcodeRule(DNSOpcode.Notify),TeeAction("192.168.2.3"))

Rgards
Winfried


On 18.03.21 14:42, Stefan via dnsdist wrote:

Hi there,

I’ve got the following setup: I am running dnsdist in front of two 
slaves. My master nameserver sends notify messages to the (service) IP 
of the dnsdist, not directly two the slaves (for several reasons). As I 
know so far dnsdist does not distribute notify messages to all servers 
behind it, but only to one choosen server. Is there any method to get 
notify messages distributed to all servers, e.g. by using a lua script 
or a specific dnsdist configuration? How can this be solved in practice?


Best regards

Stefan Becker


___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist


___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist NOTIFY distribution

2019-12-04 Thread Remi Gacogne 
Hi,

On 12/4/19 4:03 PM, Martin wrote:
> can you explain why you don’t advise using TeeAction for NOTIFY-ing backend 
> slave pool?

In theory, if all you want is for the NOTIFY to be sent to all your
slaves, that should work. The obvious drawback is that only one of your
slave will be able to reply to the master so if anything goes wrong for
at least one of the other slaves, they will not get another NOTIFY from
the master.
Please also note that I'm not sure you won't run into the same issue
than the one you had with nproxy.

Best regards,

Remi

>> On 26 Feb 2019, at 16:59, Remi Gacogne  wrote:
>>
>> Hi Martin,
>>
>> On 2/26/19 3:58 PM, Martin Toth wrote:
>>> I just want to ensure myself how NOTIFY distribution in DNSDIST
>>> exactly works. My setup looks like this - MASTER -> DNSDIST -> SLAVE
>>> PDNSs (pool of 4 nodes)
>>>
>>> My Question is if MASTER will send NOTIFY to DNSDIST, will DNSDIST
>>> redistribute these NOTIFY to all SLAVES in DNSDIST backend? How to I
>>> achieve situation that all slaves in dnsdist backend will be notified
>>> of zone change on MASTER?
>>
>> I'm afraid you can't, dnsdist can route a query only to a single
>> backend, with the exception of the TeeAction, but I would advise against
>> trying to use it for that case.
>> Is there a reason your master doesn't speak to the slaves directly?
>>
>> Best regards,
>> -- 
>> Remi Gacogne
>> PowerDNS.COM BV - https://www.powerdns.com/
>>
>> ___
>> dnsdist mailing list
>> dnsdist@mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/dnsdist
> 


-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/



signature.asc
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist NOTIFY distribution

2019-12-04 Thread Martin 
Hi Remi,

can you explain why you don’t advise using TeeAction for NOTIFY-ing backend 
slave pool?
I could not find solution for my problem.

Thanks, BR!

Martin

> On 26 Feb 2019, at 16:59, Remi Gacogne  wrote:
> 
> Hi Martin,
> 
> On 2/26/19 3:58 PM, Martin Toth wrote:
>> I just want to ensure myself how NOTIFY distribution in DNSDIST
>> exactly works. My setup looks like this - MASTER -> DNSDIST -> SLAVE
>> PDNSs (pool of 4 nodes)
>> 
>> My Question is if MASTER will send NOTIFY to DNSDIST, will DNSDIST
>> redistribute these NOTIFY to all SLAVES in DNSDIST backend? How to I
>> achieve situation that all slaves in dnsdist backend will be notified
>> of zone change on MASTER?
> 
> I'm afraid you can't, dnsdist can route a query only to a single
> backend, with the exception of the TeeAction, but I would advise against
> trying to use it for that case.
> Is there a reason your master doesn't speak to the slaves directly?
> 
> Best regards,
> -- 
> Remi Gacogne
> PowerDNS.COM BV - https://www.powerdns.com/
> 
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist NOTIFY distribution

2019-03-08 Thread Martin Toth 
Hi,

I’ve tested this solution, all works as expected. I have only one problem. 
nproxy is running with these parameters :

nproxy -v --chroot /tmp/ --setuid 108 --setgid 112 --listen-port 55 
--origin-address 10.0.0.1 --listen-address SlaveWANIP1 --listen-address 
SlaveWANIP2 --powerdns-address 10.0.0.11
nproxy -v --chroot /tmp/ --setuid 108 --setgid 112 --listen-port 55 
--origin-address 10.0.0.1 --listen-address SlaveWANIP1 --listen-address 
SlaveWANIP2 --powerdns-address 10.0.0.12
nproxy -v --chroot /tmp/ --setuid 108 --setgid 112 --listen-port 55 
--origin-address 10.0.0.1 --listen-address SlaveWANIP1 --listen-address 
SlaveWANIP2 --powerdns-address 10.0.0.13
nproxy -v --chroot /tmp/ --setuid 108 --setgid 112 --listen-port 55 
--origin-address 10.0.0.1 --listen-address SlaveWANIP1 --listen-address 
SlaveWANIP2 --powerdns-address 10.0.0.14

when I set origin-address with my LB VIP(10.0.0.1) from LAN interface, pdns's 
behind LB thinks this is host from which it should do AXFR but this is LAN LB 
IP not Master IP. So I need master IP here but it could not be assigned because 
it’s in Internet public IP address of another server. Any suggestions how to 
solve this ?

This is my setup :

Master (MasterWANIP1 sends notify) -> Slave (SlaveWANIP1/SlaveWANIP2) LB 
running 4x nproxy (this proxy sends notify requests to LAN nodes) -> SLAVE 
PDNSs (pool of 4 nodes) (LAN IPs from range 10.0.0.0/24)

BR,
Martin

> On 27 Feb 2019, at 10:55, Martin Toth  wrote:
> 
> This is really cool idea, will test it today and let you know if it works.
> 
> Stay tuned!
> 
> BR. Martin
> 
>> On 27 Feb 2019, at 06:34, ab...@t-ipnet.net  wrote:
>> 
>> 
>> 
>> Hello Martin,
>> 
>> Am 26. Februar 2019 17:07:25 MEZ schrieb Martin Toth > >:
>>> Hi,
>>> 
>>> Thanks for your interest. I am using dnsdist as a loadbalancer and
>>> slave nodes are in DMZ behind dnsdist. Only dnsdist server has public
>>> IPs that can be reached from Master public IP (master is located in
>>> other datacentre).
>>> Is my usecase not designed well? I thought dnsdist was designed to be
>>> used as LB for DNS services. Do you have any suggestions how to solve
>>> this or what workround should I use ?
>> 
>> Did not try it myself, but could be an option: 
>> https://doc.powerdns.com/authoritative/manpages/nproxy.1.html 
>> 
>> 
>>> 
>>> Thanks.
>>> 
>>> BR,
>>> 
 On 26 Feb 2019, at 16:59, Remi Gacogne >>> >
>>> wrote:
 
 Hi Martin,
 
 On 2/26/19 3:58 PM, Martin Toth wrote:
> I just want to ensure myself how NOTIFY distribution in DNSDIST
> exactly works. My setup looks like this - MASTER -> DNSDIST -> SLAVE
> PDNSs (pool of 4 nodes)
> 
> My Question is if MASTER will send NOTIFY to DNSDIST, will DNSDIST
> redistribute these NOTIFY to all SLAVES in DNSDIST backend? How to I
> achieve situation that all slaves in dnsdist backend will be
>>> notified
> of zone change on MASTER?
 
 I'm afraid you can't, dnsdist can route a query only to a single
 backend, with the exception of the TeeAction, but I would advise
>>> against
 trying to use it for that case.
 Is there a reason your master doesn't speak to the slaves directly?
 
 Best regards,
 -- 
 Remi Gacogne
 PowerDNS.COM  BV - https://www.powerdns.com/ 
 
>> 
>> 
>> Winfried 
>> ___
>> dnsdist mailing list
>> dnsdist@mailman.powerdns.com 
>> https://mailman.powerdns.com/mailman/listinfo/dnsdist 
>> 

___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist NOTIFY distribution

2019-02-27 Thread Martin Toth 
This is really cool idea, will test it today and let you know if it works.

Stay tuned!

BR. Martin

> On 27 Feb 2019, at 06:34, ab...@t-ipnet.net wrote:
> 
> 
> 
> Hello Martin,
> 
> Am 26. Februar 2019 17:07:25 MEZ schrieb Martin Toth  >:
>> Hi,
>> 
>> Thanks for your interest. I am using dnsdist as a loadbalancer and
>> slave nodes are in DMZ behind dnsdist. Only dnsdist server has public
>> IPs that can be reached from Master public IP (master is located in
>> other datacentre).
>> Is my usecase not designed well? I thought dnsdist was designed to be
>> used as LB for DNS services. Do you have any suggestions how to solve
>> this or what workround should I use ?
> 
> Did not try it myself, but could be an option: 
> https://doc.powerdns.com/authoritative/manpages/nproxy.1.html 
> 
> 
>> 
>> Thanks.
>> 
>> BR,
>> 
>>> On 26 Feb 2019, at 16:59, Remi Gacogne 
>> wrote:
>>> 
>>> Hi Martin,
>>> 
>>> On 2/26/19 3:58 PM, Martin Toth wrote:
 I just want to ensure myself how NOTIFY distribution in DNSDIST
 exactly works. My setup looks like this - MASTER -> DNSDIST -> SLAVE
 PDNSs (pool of 4 nodes)
 
 My Question is if MASTER will send NOTIFY to DNSDIST, will DNSDIST
 redistribute these NOTIFY to all SLAVES in DNSDIST backend? How to I
 achieve situation that all slaves in dnsdist backend will be
>> notified
 of zone change on MASTER?
>>> 
>>> I'm afraid you can't, dnsdist can route a query only to a single
>>> backend, with the exception of the TeeAction, but I would advise
>> against
>>> trying to use it for that case.
>>> Is there a reason your master doesn't speak to the slaves directly?
>>> 
>>> Best regards,
>>> -- 
>>> Remi Gacogne
>>> PowerDNS.COM BV - https://www.powerdns.com/
> 
> 
> Winfried 
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com 
> https://mailman.powerdns.com/mailman/listinfo/dnsdist 
> 
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist NOTIFY distribution

2019-02-27 Thread Martin Toth 
Yes, this is solution, but not in my setup. I don't have internal connectivity 
between Master na Slaves. I can transfer zones only through the internet, 
because both sites are independent / has own public IP connect.

> On 26 Feb 2019, at 17:12, Rasto Rickardt  wrote:
> 
> Martin,
> 
> for example, i am using dnsdist with hidden master scenario.
> 
> I have master for a zone that is not publicly acccessible and is
> speaking directly to slaves, in your case for NOTIFY`s as well.
> 
> Slaves are used as pool for dnsdist frontend.
> 
> r.
> 
> 
> On 2/26/19 17:07, Martin Toth wrote:
>> Hi,
>> 
>> Thanks for your interest. I am using dnsdist as a loadbalancer and slave 
>> nodes are in DMZ behind dnsdist. Only dnsdist server has public IPs that can 
>> be reached from Master public IP (master is located in other datacentre).
>> Is my usecase not designed well? I thought dnsdist was designed to be used 
>> as LB for DNS services. Do you have any suggestions how to solve this or 
>> what workround should I use ?
>> 
>> Thanks.
>> 
>> BR,
>> 
>>> On 26 Feb 2019, at 16:59, Remi Gacogne  wrote:
>>> 
>>> Hi Martin,
>>> 
>>> On 2/26/19 3:58 PM, Martin Toth wrote:
 I just want to ensure myself how NOTIFY distribution in DNSDIST
 exactly works. My setup looks like this - MASTER -> DNSDIST -> SLAVE
 PDNSs (pool of 4 nodes)
 
 My Question is if MASTER will send NOTIFY to DNSDIST, will DNSDIST
 redistribute these NOTIFY to all SLAVES in DNSDIST backend? How to I
 achieve situation that all slaves in dnsdist backend will be notified
 of zone change on MASTER?
>>> 
>>> I'm afraid you can't, dnsdist can route a query only to a single
>>> backend, with the exception of the TeeAction, but I would advise against
>>> trying to use it for that case.
>>> Is there a reason your master doesn't speak to the slaves directly?
>>> 
>>> Best regards,
>>> -- 
>>> Remi Gacogne
>>> PowerDNS.COM BV - https://www.powerdns.com/
>>> 
>>> ___
>>> dnsdist mailing list
>>> dnsdist@mailman.powerdns.com
>>> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>> 
>> ___
>> dnsdist mailing list
>> dnsdist@mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>> 
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist NOTIFY distribution

2019-02-26 Thread abang 


Hello Martin,

Am 26. Februar 2019 17:07:25 MEZ schrieb Martin Toth :
>Hi,
>
>Thanks for your interest. I am using dnsdist as a loadbalancer and
>slave nodes are in DMZ behind dnsdist. Only dnsdist server has public
>IPs that can be reached from Master public IP (master is located in
>other datacentre).
>Is my usecase not designed well? I thought dnsdist was designed to be
>used as LB for DNS services. Do you have any suggestions how to solve
>this or what workround should I use ?

Did not try it myself, but could be an option: 
https://doc.powerdns.com/authoritative/manpages/nproxy.1.html

>
>Thanks.
>
>BR,
>
>> On 26 Feb 2019, at 16:59, Remi Gacogne 
>wrote:
>> 
>> Hi Martin,
>> 
>> On 2/26/19 3:58 PM, Martin Toth wrote:
>>> I just want to ensure myself how NOTIFY distribution in DNSDIST
>>> exactly works. My setup looks like this - MASTER -> DNSDIST -> SLAVE
>>> PDNSs (pool of 4 nodes)
>>> 
>>> My Question is if MASTER will send NOTIFY to DNSDIST, will DNSDIST
>>> redistribute these NOTIFY to all SLAVES in DNSDIST backend? How to I
>>> achieve situation that all slaves in dnsdist backend will be
>notified
>>> of zone change on MASTER?
>> 
>> I'm afraid you can't, dnsdist can route a query only to a single
>> backend, with the exception of the TeeAction, but I would advise
>against
>> trying to use it for that case.
>> Is there a reason your master doesn't speak to the slaves directly?
>> 
>> Best regards,
>> -- 
>> Remi Gacogne
>> PowerDNS.COM BV - https://www.powerdns.com/


Winfried 
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist NOTIFY distribution

2019-02-26 Thread Rasto Rickardt 
Martin,

for example, i am using dnsdist with hidden master scenario.

I have master for a zone that is not publicly acccessible and is
speaking directly to slaves, in your case for NOTIFY`s as well.

Slaves are used as pool for dnsdist frontend.

r.


On 2/26/19 17:07, Martin Toth wrote:
> Hi,
> 
> Thanks for your interest. I am using dnsdist as a loadbalancer and slave 
> nodes are in DMZ behind dnsdist. Only dnsdist server has public IPs that can 
> be reached from Master public IP (master is located in other datacentre).
> Is my usecase not designed well? I thought dnsdist was designed to be used as 
> LB for DNS services. Do you have any suggestions how to solve this or what 
> workround should I use ?
> 
> Thanks.
> 
> BR,
> 
>> On 26 Feb 2019, at 16:59, Remi Gacogne  wrote:
>>
>> Hi Martin,
>>
>> On 2/26/19 3:58 PM, Martin Toth wrote:
>>> I just want to ensure myself how NOTIFY distribution in DNSDIST
>>> exactly works. My setup looks like this - MASTER -> DNSDIST -> SLAVE
>>> PDNSs (pool of 4 nodes)
>>>
>>> My Question is if MASTER will send NOTIFY to DNSDIST, will DNSDIST
>>> redistribute these NOTIFY to all SLAVES in DNSDIST backend? How to I
>>> achieve situation that all slaves in dnsdist backend will be notified
>>> of zone change on MASTER?
>>
>> I'm afraid you can't, dnsdist can route a query only to a single
>> backend, with the exception of the TeeAction, but I would advise against
>> trying to use it for that case.
>> Is there a reason your master doesn't speak to the slaves directly?
>>
>> Best regards,
>> -- 
>> Remi Gacogne
>> PowerDNS.COM BV - https://www.powerdns.com/
>>
>> ___
>> dnsdist mailing list
>> dnsdist@mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/dnsdist
> 
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
> 
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist NOTIFY distribution

2019-02-26 Thread Martin Toth 
Hi,

Thanks for your interest. I am using dnsdist as a loadbalancer and slave nodes 
are in DMZ behind dnsdist. Only dnsdist server has public IPs that can be 
reached from Master public IP (master is located in other datacentre).
Is my usecase not designed well? I thought dnsdist was designed to be used as 
LB for DNS services. Do you have any suggestions how to solve this or what 
workround should I use ?

Thanks.

BR,

> On 26 Feb 2019, at 16:59, Remi Gacogne  wrote:
> 
> Hi Martin,
> 
> On 2/26/19 3:58 PM, Martin Toth wrote:
>> I just want to ensure myself how NOTIFY distribution in DNSDIST
>> exactly works. My setup looks like this - MASTER -> DNSDIST -> SLAVE
>> PDNSs (pool of 4 nodes)
>> 
>> My Question is if MASTER will send NOTIFY to DNSDIST, will DNSDIST
>> redistribute these NOTIFY to all SLAVES in DNSDIST backend? How to I
>> achieve situation that all slaves in dnsdist backend will be notified
>> of zone change on MASTER?
> 
> I'm afraid you can't, dnsdist can route a query only to a single
> backend, with the exception of the TeeAction, but I would advise against
> trying to use it for that case.
> Is there a reason your master doesn't speak to the slaves directly?
> 
> Best regards,
> -- 
> Remi Gacogne
> PowerDNS.COM BV - https://www.powerdns.com/
> 
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist NOTIFY distribution

2019-02-26 Thread Remi Gacogne 
Hi Martin,

On 2/26/19 3:58 PM, Martin Toth wrote:
> I just want to ensure myself how NOTIFY distribution in DNSDIST
> exactly works. My setup looks like this - MASTER -> DNSDIST -> SLAVE
> PDNSs (pool of 4 nodes)
> 
> My Question is if MASTER will send NOTIFY to DNSDIST, will DNSDIST
> redistribute these NOTIFY to all SLAVES in DNSDIST backend? How to I
> achieve situation that all slaves in dnsdist backend will be notified
> of zone change on MASTER?

I'm afraid you can't, dnsdist can route a query only to a single
backend, with the exception of the TeeAction, but I would advise against
trying to use it for that case.
Is there a reason your master doesn't speak to the slaves directly?

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/



signature.asc
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist