BGP.guru

BGP.guru

Nerd blog.

01 Aug 2016

dnsdist with pdns recursors

This is a second in blog series about DNS, specifically awesome things that can be done with dnsdist.

Front and Back Ends

  • 2x dnsdist load balancers as client facing DNS resolvers
  • 2x PowerDNS recursor backends

dnsdist load balancer w/ offsite

dnsdist Configuration

The config for dnsdist is very simple, skipping over the binds and ACLs as they’re not relevant here, below is the parts of the config that matter:

newServer{address="192.0.2.3", name="DNS1", order=1}
newServer{address="192.0.2.4", name="DNS3", order=1}
setServerPolicy(wrandom)

pdns Configuration

PowerDNS is very easy to set up to be a secure resolver. Two lines of config is all thats needed.

allow-from=192.160.102.0/24, 2605:e200:d000::/44
local-address=0.0.0.0, ::

Experience so far

This set up has been running for three days now, and taking all of the recursive DNS queries for my system. Both back ends are receiving an equal (average) 8 QPS and responding to the majority of those from Packet Cache within 1ms. I am able to take either back end down and dnsdist notices this and stops routing queries to that backend. When it comes back up it starts taking queries again.


Theodore Baschak - Theo is a network engineer with experience operating core internet technologies like HTTP, HTTPS and DNS. He has extensive experience running service provider networks with OSPF, MPLS, and BGP.