dnsdist with pdns recursors
This is a second in blog series about DNS, specifically awesome things that can be done with dnsdist.
Front and Back Ends
- 2x dnsdist load balancers as client facing DNS resolvers
- 2x PowerDNS recursor backends
dnsdist Configuration
The config for dnsdist is very simple, skipping over the binds and ACLs as they’re not relevant here, below is the parts of the config that matter:
newServer{address="192.0.2.3", name="DNS1", order=1}
newServer{address="192.0.2.4", name="DNS3", order=1}
setServerPolicy(wrandom)
pdns Configuration
PowerDNS is very easy to set up to be a secure resolver. Two lines of config is all thats needed.
allow-from=192.160.102.0/24, 2605:e200:d000::/44
local-address=0.0.0.0, ::
Experience so far
This set up has been running for three days now, and taking all of the recursive DNS queries for my system. Both back ends are receiving an equal (average) 8 QPS and responding to the majority of those from Packet Cache within 1ms. I am able to take either back end down and dnsdist notices this and stops routing queries to that backend. When it comes back up it starts taking queries again.