Re: [Pdns-users] How can I enforce additional TXT records in DNS response?
On 15/01/2020 21:01, Matthias Kruzenski wrote: Since this involves millions of queries every day, overhead like SOA queries are absolutely undesirable because if a SOA query has to be answered first and then an ANY query, then 2 co-processes are necessary in the case of the pipe backend. It could be done with only one co-process if only the parsed NAPTR question would be passed to the backend since only that was requested by the client. Most important is the performance and number of questions answered. It does not matter whether this answer is authoritative or not. I think you are putting the cart before the horse here. First define: how many queries do you need to do per day? (Or per hour in your peak hour, or whatever). Then ask: can powerdns with pipe backend meet that requirement, using a level of hardware you can afford? * If it can, all is good. * If it cannot, then look at other solutions. PowerDNS with a non-pipe backend would be one. Of course there are many other software choices too. Do remember that with PowerDNS you get a robust, battle-tested DNS server, used in extremely high load ISP environments. If you are going to throw all that out in the name of performance, you should at least measure it. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] How can I enforce additional TXT records in DNS response?
No rule without exception, please look here: https://mailman.powerdns.com/pipermail/pdns-users/2020-January/026467.html Am Mi., 15. Jan. 2020 um 21:22 Uhr schrieb Steve Shipway < steve.ship...@smxemail.com>: > On Wed, 2020-01-15 at 19:23 +0100, Matthias Kruzenski wrote: > > Hello, > > I want to use PowerDNS to answer NAPTR queries through the pipe backend. > This works, but if an additional TXT record is returned from the pipe > backend, it is not passed on to the client. > > I want PowerDNS to send exactly the records to the client that the pipe > backend produced. Nothing should be left out. > > > This sounds to me a lot like "I want to avoid the DNS-poisoning protection > in pdns, or to take advantage of clients without them". Any decent client > will drop unsolicited records due to the risk of DNS poisoning, so there's > no real reason to send them. There's a good reason this for this behaviour. > > Steve > > -- > *Steve Shipway | *Senior Email Systems Administrator > *Phone:* +64 9 302 0515 *Fax:* +64 9 302 0518 > *Freephone:* 0800 SMX SMX (769 769) > *SMX Limited:* Level 10, 19 Victoria Street West, Auckland, New Zealand > *Web:* http://smxemail.com > > This email has been filtered by SMX. For more information visit > smxemail.com > ___ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users > ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] How can I enforce additional TXT records in DNS response?
The reason is as follows: I work for a telecommunications company. This company provides customers with products such as MNP and HLR lookups. A NAPTR query is used to check whether a mobile number has been ported (MNP) or in which net / country the number is currently logged on (HLR). The company is currently using a self-programmed DNS server. This does exactly what I have described, it parses the NAPTR query and answers with a NAPTR record as well as an additional TXT record. Since this involves millions of queries every day, overhead like SOA queries are absolutely undesirable because if a SOA query has to be answered first and then an ANY query, then 2 co-processes are necessary in the case of the pipe backend. It could be done with only one co-process if only the parsed NAPTR question would be passed to the backend since only that was requested by the client. Most important is the performance and number of questions answered. It does not matter whether this answer is authoritative or not. So it would be great if PowerDNS could be configured to do exactly the same thing as the self-programmed company DNS Server: Parse the NAPTR query, pass it to the backend, send the answer from the backend to the client, no matter how this answer looks like. The company has a reason to have an additional TXT record in the answer. If that's impossible, that's ok, then we have to look for another solution that meets our requirements. I just don't know if it's possible and how, I could not find an answer for this problem in the docs. Am Mi., 15. Jan. 2020 um 20:38 Uhr schrieb Jan-Piet Mens : > (summarizing from two of your messages) > > > I only want to pass what was explicitly requested to the backend and > > nothing else because the server has to process many millions of > > requests and any overhead is not desired. > > >I want PowerDNS to send exactly the records to the client that the pipe > >backend produced. Nothing should be left out. > > That seems contradictory to me. > > Be that as it may, the client issues a query for a particular type (e.g > TXT or ); even if PowerDNS returned all types it has for a qname to > the client which, as you've noticed it doesn't, the latter would likely > not use the result. > > -JP > ___ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users > ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] How can I enforce additional TXT records in DNS response?
On Wed, 2020-01-15 at 19:23 +0100, Matthias Kruzenski wrote: > Hello, > > I want to use PowerDNS to answer NAPTR queries through the pipe > backend. This works, but if an additional TXT record is returned from > the pipe backend, it is not passed on to the client. > > I want PowerDNS to send exactly the records to the client that the > pipe backend produced. Nothing should be left out. This sounds to me a lot like "I want to avoid the DNS-poisoning protection in pdns, or to take advantage of clients without them". Any decent client will drop unsolicited records due to the risk of DNS poisoning, so there's no real reason to send them. There's a good reason this for this behaviour. Steve -- Steve Shipway | Senior Email Systems Administrator Phone: +64 9 302 0515 Fax: +64 9 302 0518 Freephone: 0800 SMX SMX (769 769) SMX Limited: Level 10, 19 Victoria Street West, Auckland, New Zealand Web: http://smxemail.com _ This email has been filtered by SMX. For more info visit http://smxemail.com _ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] How can I enforce additional TXT records in DNS response?
(summarizing from two of your messages) I only want to pass what was explicitly requested to the backend and nothing else because the server has to process many millions of requests and any overhead is not desired. I want PowerDNS to send exactly the records to the client that the pipe backend produced. Nothing should be left out. That seems contradictory to me. Be that as it may, the client issues a query for a particular type (e.g TXT or ); even if PowerDNS returned all types it has for a qname to the client which, as you've noticed it doesn't, the latter would likely not use the result. -JP ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users