Theodore Baschak

BOFH. Open Source Guru. Founder/Operator of Hextet Systems, AS395089 and Network Architect for Daemon Defense Systems, AS55101.

dnsdist with pdns recursors

Mon, 01 Aug 2016 20:30:38 -0500 » Networking, Nerd Projects, CLI, IPv6

PowerDNS makes a mighty fine authoritative, and also recursive DNS server. They also recently added a DNS-aware DNS load balancer. This article deals with load balancing multiple backend caches to keep all of them hot and working the most efficiently.

This is a second in blog series about DNS, specifically awesome things that can be done with dnsdist.

Front and Back Ends

  • 2x dnsdist load balancers as client facing DNS resolvers
  • 2x PowerDNS recursor backends

dnsdist Configuration

The config for dnsdist is very simple, skipping over the binds and ACLs as they’re not relevant here, below is the parts of the config that matter:

newServer{address="192.0.2.3", name="DNS1", order=1}
newServer{address="192.0.2.4", name="DNS3", order=1}
setServerPolicy(wrandom)

pdns Configuration

PowerDNS is very easy to set up to be a secure resolver. Two lines of config is all thats needed.

allow-from=192.160.102.0/24, 2605:e200:d000::/44
local-address=0.0.0.0, ::

Experience so far

This set up has been running for three days now, and taking all of the recursive DNS queries for my system. Both back ends are receiving an equal (average) 8 QPS and responding to the majority of those from Packet Cache within 1ms. I am able to take either back end down and dnsdist notices this and stops routing queries to that backend. When it comes back up it starts taking queries again.

© Theodore Baschak - https://github.com/tbaschak - Powered by Jekyll.
Powered by Les.net.
CiscoDude.net is a personal website. Opinions expressed are not necessarily those of his employer.