Re: [Pdns-users] Multiple masters

[Brian Candler]

On 15/12/2018 08:48, Don Stokes wrote:


This is with the latest Centos 7 RPMs on the 4.1 branch.
For the benefit of anyone looking at the list archive in future: I 
*think* the OP is talking about version 4.1.5.

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Spoof MX records

[Bit World Computing - Michael Mertel]

> Am 15.12.2018 um 09:50 schrieb bert hubert :
> 
> On Sat, Dec 15, 2018 at 09:42:21AM +0100, Bit World Computing - Michael 
> Mertel wrote:
>> Hi Aleksandr,
>> 
>> I’am somewhat lost, I’am able to set a rule to have the Lua function called 
>> for MX requests, but how do I return a response? Spoof ist just for 
>> A-records, but not for MX.
>> addLuaAction(QTypeRule(dnsdist.MX), luarule)
> 
> Hi Michael,
> 
> As far as I know, dnsdist can't generate MX records, so you'll have to do
> this in the PowerDNS Recursor. Sorry!
> 
> In the Recursor it is not very hard to do though, use postResolve to
> override all MX records you see in responses.
> 
> This makes sure you don't invent MX records for domains that don't have
> them.
> 
> Also be aware that if there is no MX record for a domain, a mail server
> might decide to send email directly to the A record.
> 
> Good luck!
> 
>   Bert

Thanks Bert you saved my day, will switch over to recursor.

—Michael___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Spoof MX records

[bert hubert]

On Sat, Dec 15, 2018 at 09:42:21AM +0100, Bit World Computing - Michael Mertel 
wrote:
> Hi Aleksandr,
> 
> I’am somewhat lost, I’am able to set a rule to have the Lua function called 
> for MX requests, but how do I return a response? Spoof ist just for 
> A-records, but not for MX.
> addLuaAction(QTypeRule(dnsdist.MX), luarule)

Hi Michael,

As far as I know, dnsdist can't generate MX records, so you'll have to do
this in the PowerDNS Recursor. Sorry!

In the Recursor it is not very hard to do though, use postResolve to
override all MX records you see in responses.

This makes sure you don't invent MX records for domains that don't have
them.

Also be aware that if there is no MX record for a domain, a mail server
might decide to send email directly to the A record.

Good luck!

Bert
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Multiple masters

[Don Stokes]

Hi Brian,

Yes, that's exactly what I've done. It does try both masters, 
eventually, but seems to get stuck on the "missing" one, and (from the 
log messages) seems to back off from doing anything due to the errors. 
I'd have expected it to query both masters in quick succession on 
receipt of a NOTIFY, and treat an unresponsive master independently of a 
responsive one.


This is with the latest Centos 7 RPMs on the 4.1 branch. Also note that 
I'm using TSIG and IXFR (I saw the same behaviour with AXFR).


-- don



On 15/12/18 8:03 PM, Brian Candler wrote:

On 15/12/2018 06:29, Don Stokes wrote:
I'm looking to deploy PowerDNS in a slave configuration that has 
multiple (BIND) masters. In a test rig I'm finding that if I have 
dual masters configured on a PDNS slave, and one of the two masters 
is unavailable, the slave is querying the absent master and not 
failing over to the other.


And even if it receives and accepts a NOTIFY from the functional 
master, it still sends the SOA  query to the non-functional master.


The first question is: what version of PDNS Authoritative are you using?

The second is just to confirm how you have configured each zone with 
multiple masters in SQL: is it a single row with a comma-separated 
list of masters?


INSERT  INTO  domains  (name,  master,  type)  VALUES  ('example.com',  
'192.0.2.1, 192.0.2.2',  'SLAVE');



--
Don Stokes, d...@nz.net , 021 796 072
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Spoof MX records

[Bit World Computing - Michael Mertel]

Hi Aleksandr,

I’am somewhat lost, I’am able to set a rule to have the Lua function called for 
MX requests, but how do I return a response? Spoof ist just for A-records, but 
not for MX.
addLuaAction(QTypeRule(dnsdist.MX), luarule)

Do I have to generate an Answer, but how? Is it possible to use 
dq::addAnswer(), which I have found in the recursor documentation, is this 
valid for dnsdist too?

Best regards.


> Am 14.12.2018 um 17:16 schrieb Aleksandr Rogozin :
> 
> Hi Michael,
> 
> You should be able to load the file (if the list of zones is large enough and 
> warrants a file) or initialize array of subzones (if there are few zones you 
> want to test) once, when the process starts and loads the Lua script. Loading 
> the file on every request would definitely become a performance issue.
> 
> Best Regards,
> 
> On Fri, Dec 14, 2018 at 10:50 AM Bit World Computing - Michael Mertel 
> mailto:michael.mer...@bwc.de>> wrote:
> Hi Aleksandr,
> 
> ja Lua was the way I’m planning to go. But just wasn’t sure to use dnsdist or 
> recursor, but probably does not matter in that case.
> 
> Does the file gets loaded for every request with io.open and could this 
> become a performance issue in your opinion? All DNS requests from a fairly 
> good used mail gateway would be sent to this resolver.
> 
> I think I’ll give it a try with dnsdist and see what happens.
> 
> Best regards.
> 
> 
> 
>> Am 14.12.2018 um 12:55 schrieb Aleksandr Rogozin > >:
>> 
>> Hi Michael,
>> 
>> I recommend using Lua to intercept the DNS queries. Both dnsdist and 
>> recursor should be able to support it. In Lua you can check for query type 
>> to be MX and load a list of domains from a file using ‘io.open’. Provide 
>> necessary DNS response if the query matches your list of zones. 
>> Additionally, you might want to limit this operation to specific networks 
>> with NetMask or NetMaskGroup.
>> 
>> 
>> On Fri, Dec 14, 2018 at 01:53 Bit World Computing - Michael Mertel 
>> mailto:michael.mer...@bwc.de>> wrote:
>> Hi,
>> 
>> I’am looking for the most efficent way to spoof the answer of a MX query. I 
>> need to redirect outgoing e-mails (specific domains only) to a smtp gateway 
>> for further processing before it leaves the local network. I cannot use any 
>> kind of transport tables at the MTA, so my approach was to use dns therefore.
>> 
>> The number of zones to spoof is currently not defined, could be dozens if 
>> not hundreds.
>> 
>> I would usually do this kind of stuff with dnsdist (which I love), but would 
>> the recursor a better choice here?
>> 
>> Thanks for any advice.
>> 
>> —Michael
>> 
>> ___
>> Pdns-users mailing list
>> Pdns-users@mailman.powerdns.com 
>> https://mailman.powerdns.com/mailman/listinfo/pdns-users 
>> 
> 
> 
> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com 
> https://mailman.powerdns.com/mailman/listinfo/pdns-users 
> 


—
IT-Security und Infrastruktur-Lösungen optimal für Ihre Umgebung


Befine / bintec elmeg / Deepnet Security / DELL / Hewlett Packard / Microsoft
Mikrotik / NAKIVO / SonicWall / SOPHOS / STARFACE / VMware / ZyXEL
sowie das Beste der Open-Source-Welt (NGiNX, PowerDNS, phpIPAM, Postfix, 
ZABBIX, zimbra)


Michael Mertel
Inhaber / company owner


Bit World Computing e.K.
Wredestr. 18
97082 Wuerzburg
Deutschland / Germany

Fon: +49 (0)931 45335-0
Fax: +49 (0)931 45335-99

E-Mail: michael.mer...@bwc.de 
Skype: bwc.michael
Web: http://www.bwc.de 

Amtsgericht Wuerzburg HRA 4937, Ust-ID DE155288065
Inhaber / company owner: Michael Mertel


BWC ... one bit ahead ... since 1993

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users