dnsdist Marking downstream as "down"

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

dnsdist Marking downstream as "down"

Federico87
Hi all,
I'm playing around with dnsdist on my raspberry. My idea is to use it as load balancer between 2 server. I had a look around and I have implemented this conf

root@raspberrypi:/etc/dnsdist# cat dnsdist.conf
newServer{address="192.168.0.3"}
newServer{address="5.172.1xx.xx"}

When I start dnsdist I get this message Marking downstream 192.168.0.3:53 as 'down' and seems not working

Dec 17 14:26:46 raspberrypi dnsdist[2434]: Listening on 127.0.0.1:53
Dec 17 14:26:46 raspberrypi dnsdist[2434]: dnsdist 0.0.523g812632e comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2
Dec 17 14:26:47 raspberrypi dnsdist[2434]: Marking downstream 192.168.0.3:53 as 'down'
Dec 17 14:26:48 raspberrypi dnsdist[2434]: Marking downstream 5.172.120.59:53 as 'down'

Questions:
  1. there is extra conf that I need to do?
  2. How dnsdist recognizes if a server is UP or DOWN
Another question. Is it possible to run dnsdist in the same server that running pdns-recursor? My understanding is that both use 127.0.0.1 in order to run and they cannot coexist. maybe there is a way to bind dnsdist to another interface

Thanks!!!

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: dnsdist Marking downstream as "down"

Federico87
Found by myself.

RTFM

I haven't read for entire the README :) 

"By default, the availability of a downstream server is checked by regularly sending an A query for "a.root-servers.net.". A different query type and target can be specified by passing, respectively, the 'checkType' and 'checkName' parameters tonewServer. The default behavior is to consider any valid response with a RCODE different from ServFail as valid. If the 'mustResolve' parameter of newServer is set to true, a response will only be considered valid if its RCODE differs from NXDomain, ServFail and Refused."

Still remain the question about the dnsdist+recursor...Maybe I'll find the answer before the end of the README file

Federico

2015-12-17 14:44 GMT+00:00 Federico Olivieri <[hidden email]>:
Hi all,
I'm playing around with dnsdist on my raspberry. My idea is to use it as load balancer between 2 server. I had a look around and I have implemented this conf

root@raspberrypi:/etc/dnsdist# cat dnsdist.conf
newServer{address="192.168.0.3"}
newServer{address="5.172.1xx.xx"}

When I start dnsdist I get this message Marking downstream 192.168.0.3:53 as 'down' and seems not working

Dec 17 14:26:46 raspberrypi dnsdist[2434]: Listening on 127.0.0.1:53
Dec 17 14:26:46 raspberrypi dnsdist[2434]: dnsdist 0.0.523g812632e comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2
Dec 17 14:26:47 raspberrypi dnsdist[2434]: Marking downstream 192.168.0.3:53 as 'down'
Dec 17 14:26:48 raspberrypi dnsdist[2434]: Marking downstream 5.172.120.59:53 as 'down'

Questions:
  1. there is extra conf that I need to do?
  2. How dnsdist recognizes if a server is UP or DOWN
Another question. Is it possible to run dnsdist in the same server that running pdns-recursor? My understanding is that both use 127.0.0.1 in order to run and they cannot coexist. maybe there is a way to bind dnsdist to another interface

Thanks!!!


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: dnsdist Marking downstream as "down"

Federico87
Ok,
I have managed to run dnsdist. Now it is up and running, however, form the web page I can see that all packets are dropped

Uptime: a minute, Number of queries: 673 (7 qps), ACL drops: 673, Dynamic drops: 0, Rule drops: 0, Blockfilter drops: 0
 
I have tried different configurations but the problem remain. That is my actual conf

newServer{address="192.168.0.3:53", checkType="A", checkName="www.google.com.", mustResolve=true, qps=10, order=1}
newServer{address="5.172.xx.xx:53", checkType="A", checkName="www.google.com.", mustResolve=true, qps=100, order=2}
setServerPolicy(firstAvailable)
webserver("192.168.0.2:8083", "supersecret")

Any idea about what I have missed?

Thanks

Federico

2015-12-17 15:13 GMT+00:00 Federico Olivieri <[hidden email]>:
Found by myself.

RTFM

I haven't read for entire the README :) 

"By default, the availability of a downstream server is checked by regularly sending an A query for "a.root-servers.net.". A different query type and target can be specified by passing, respectively, the 'checkType' and 'checkName' parameters tonewServer. The default behavior is to consider any valid response with a RCODE different from ServFail as valid. If the 'mustResolve' parameter of newServer is set to true, a response will only be considered valid if its RCODE differs from NXDomain, ServFail and Refused."

Still remain the question about the dnsdist+recursor...Maybe I'll find the answer before the end of the README file

Federico

2015-12-17 14:44 GMT+00:00 Federico Olivieri <[hidden email]>:
Hi all,
I'm playing around with dnsdist on my raspberry. My idea is to use it as load balancer between 2 server. I had a look around and I have implemented this conf

root@raspberrypi:/etc/dnsdist# cat dnsdist.conf
newServer{address="192.168.0.3"}
newServer{address="5.172.1xx.xx"}

When I start dnsdist I get this message Marking downstream 192.168.0.3:53 as 'down' and seems not working

Dec 17 14:26:46 raspberrypi dnsdist[2434]: Listening on 127.0.0.1:53
Dec 17 14:26:46 raspberrypi dnsdist[2434]: dnsdist 0.0.523g812632e comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2
Dec 17 14:26:47 raspberrypi dnsdist[2434]: Marking downstream 192.168.0.3:53 as 'down'
Dec 17 14:26:48 raspberrypi dnsdist[2434]: Marking downstream 5.172.120.59:53 as 'down'

Questions:
  1. there is extra conf that I need to do?
  2. How dnsdist recognizes if a server is UP or DOWN
Another question. Is it possible to run dnsdist in the same server that running pdns-recursor? My understanding is that both use 127.0.0.1 in order to run and they cannot coexist. maybe there is a way to bind dnsdist to another interface

Thanks!!!



_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: dnsdist Marking downstream as "down"

Pieter Lexis-2
Hi Federico,

On Thu, 17 Dec 2015 16:05:11 +0000
Federico Olivieri <[hidden email]> wrote:

> I have managed to run dnsdist. Now it is up and running, however,
> form the web page I can see that all packets are dropped
>
> Uptime: a minute, Number of queries: 673 (7 qps), ACL drops: 673,
> Dynamic drops: 0, Rule drops: 0, Blockfilter drops: 0

The default ACL is only to allow private networks[1]. Are your clients
in those subnets? You can check your current ACL with `showACL()`.

Regards,

Pieter

1 - https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#acl-who-can-use-dnsdist

--
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: dnsdist Marking downstream as "down"

bert hubert-2
In reply to this post by Federico87
These are all acl drops. Ponder using setting an acl with setACL()!

On Dec 17, 2015 5:05 PM, Federico Olivieri <[hidden email]> wrote:

>
> Ok,
> I have managed to run dnsdist. Now it is up and running, however, form the web page I can see that all packets are dropped
>
> Uptime: a minute, Number of queries: 673 (7 qps), ACL drops: 673, Dynamic drops: 0, Rule drops: 0, Blockfilter drops: 0
>  
> I have tried different configurations but the problem remain. That is my actual conf
>
> newServer{address="192.168.0.3:53", checkType="A", checkName="www.google.com.", mustResolve=true, qps=10, order=1}
> newServer{address="5.172.xx.xx:53", checkType="A", checkName="www.google.com.", mustResolve=true, qps=100, order=2}
> setServerPolicy(firstAvailable)
> webserver("192.168.0.2:8083", "supersecret")
>
> Any idea about what I have missed?
>
> Thanks
>
> Federico
>
> 2015-12-17 15:13 GMT+00:00 Federico Olivieri <[hidden email]>:
>>
>> Found by myself.
>>
>> RTFM
>>
>> I haven't read for entire the README :) 
>>
>> "By default, the availability of a downstream server is checked by regularly sending an A query for "a.root-servers.net.". A different query type and target can be specified by passing, respectively, the 'checkType' and 'checkName' parameters tonewServer. The default behavior is to consider any valid response with a RCODE different from ServFail as valid. If the 'mustResolve' parameter of newServer is set to true, a response will only be considered valid if its RCODE differs from NXDomain, ServFail and Refused."
>>
>> Still remain the question about the dnsdist+recursor...Maybe I'll find the answer before the end of the README file
>>
>> Federico
>>
>> 2015-12-17 14:44 GMT+00:00 Federico Olivieri <[hidden email]>:
>>>
>>> Hi all,
>>> I'm playing around with dnsdist on my raspberry. My idea is to use it as load balancer between 2 server. I had a look around and I have implemented this conf
>>>
>>> root@raspberrypi:/etc/dnsdist# cat dnsdist.conf
>>> newServer{address="192.168.0.3"}
>>> newServer{address="5.172.1xx.xx"}
>>>
>>> When I start dnsdist I get this message Marking downstream 192.168.0.3:53 as 'down' and seems not working
>>>
>>> Dec 17 14:26:46 raspberrypi dnsdist[2434]: Listening on 127.0.0.1:53
>>> Dec 17 14:26:46 raspberrypi dnsdist[2434]: dnsdist 0.0.523g812632e comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2
>>> Dec 17 14:26:47 raspberrypi dnsdist[2434]: Marking downstream 192.168.0.3:53 as 'down'
>>> Dec 17 14:26:48 raspberrypi dnsdist[2434]: Marking downstream 5.172.120.59:53 as 'down'
>>>
>>> Questions:
>>> there is extra conf that I need to do?
>>> How dnsdist recognizes if a server is UP or DOWN
>>> Another question. Is it possible to run dnsdist in the same server that running pdns-recursor? My understanding is that both use 127.0.0.1 in order to run and they cannot coexist. maybe there is a way to bind dnsdist to another interface
>>>
>>> Thanks!!!
>>
>>
>
_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users