dnsdist with pdns recursors

PowerDNS makes a mighty fine authoritative, and also recursive DNS server. They also recently added a DNS-aware DNS load balancer. This article deals with load balancing multiple backend caches to keep all of them hot and working the most efficiently.

This is a second in blog series about DNS, specifically awesome things that can be done with dnsdist.

Front and Back Ends

  • 2x dnsdist load balancers as client facing DNS resolvers
  • 2x PowerDNS recursor backends

Norway Spruce Picea abies shoot with foliage buds.
Diagram: Theodore Baschak / All Rights Reserved

dnsdist Configuration

The config for dnsdist is very simple, skipping over the binds and ACLs as they’re not relevant here, below is the parts of the config that matter:

newServer{address="", name="DNS1", order=1}
newServer{address="", name="DNS3", order=1}

pdns Configuration

PowerDNS is very easy to set up to be a secure resolver. Two lines of config is all thats needed.

allow-from=, 2605:e200:d000::/44
local-address=, ::

Experience so far

This set up has been running for three days now, and taking all of the recursive DNS queries for my system. Both back ends are receiving an equal (average) 8 QPS and responding to the majority of those from Packet Cache within 1ms. I am able to take either back end down and dnsdist notices this and stops routing queries to that backend. When it comes back up it starts taking queries again.