On 7/16/21 10:58 AM, Al Iverson via mailop wrote:
Each resolver node is set up of multiple pools that consist of resolvers
I run, my provider, and 8.8.8.8/1.1.1.1.
If you want to guide this dummy on how to run a local resolver like
that, I'd appreciate the tips. :) I was trying to get out of the DNS
business but if I want to do any local DNSBL querying, I guess I have
to reconsider that.
In the meantime, is it bad vibes to query Spamhaus directly against
a.gns.spamhaus.org - e.gns.spamhaus.org? What kind of query level
might invite blocking?
Cheers,
Al
I've had a few people ask, so put up one of the example configs here:
https://sosdg.org/general/dnsdist
I'll prob add another config that is used for supporting auth servers
behind dnsdist later on today. It's also possible to have dnsdist route
queries for both auth and recursive appropriately.
If anyone has specific questions, feel free to drop me a line. I'm not
an expert on dnsdist, but I do have a bit of configuration experience.
For those that don't know...
So the general idea with dnsdist is that its smart in how it routes
queries. It will test servers in the pools to make sure they are
functioning, as well as track their latency. If a server goes offline,
it's marked as down until it returns, removing it temp from the pool.
More complicated setups allow you to have fine grained control how it
distributes queries in the pool, can support query quotas for clients,
block potential DDoS attacks from hitting the backend DNS servers, and
quite a bit more.
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
