Re: [dnsdist] Matching DNS server IP in request

2024-05-21 Thread Aleš Rygl via dnsdist 
    I would need to virtualy split a single dnsdist instance in the the 
way, that clients sendig request to a particular IP od DNS dnsdist 
(listening on multiple IPs) are sent to a dedicated pool. I could start 
another dnsdist process bound to the secondary IP on the server but I 
think there must be a more lelegant wa to do it ;-) It should work this 
way:


    client1 ---> DNS req. to dnsdist IP1 ---> pool-A ---> cache-A ---> 
backend A
    client2 ---> DNS req. to dnsdist IP2 ---> pool-B ---> cache-B ---> 
backend B


    Is there a way to match a destination IP of the client's request 
in a rule in order to send it to a pool? I can not use client's IP here.


I have found a solution using. NetmaskGroupRule. Let's define 
destionation IPs:


dns_vip1 = newNMG()
dns_vip1:addMask('192.168.1.1/32')
dns_vip2 = newNMG()
dns_vip2:addMask('192.168.2.1/32')

Let's define two servers and pools:

newServer({address="172.27.0.1:5053", name="dns-be1", order=1, 
useProxyProtocol=true, pool="pool1" })
newServer({address="172.27.0.1:5053", name="dns-be2", order=1, 
useProxyProtocol=true, pool="pool2" })


Cache:

cache1 = newPacketCache(5, { keepStaleData=true, maxTTL=86400, 
minTTL=0, numberOfShards=4, maxNegativeTTL=600, staleTTL=180 })
cache2 = newPacketCache(5, { keepStaleData=true, maxTTL=86400, 
minTTL=0, numberOfShards=4, maxNegativeTTL=600, staleTTL=180 })

getPool("pool1"):setCache(cache1)
getPool("pool2"):setCache(cache2)

And finaly the rules:

addAction(NetmaskGroupRule(dns_vip1, false), PoolAction('pool1'))
addAction(NetmaskGroupRule(dns_vip2, false), PoolAction('pool2'))

Note: if you want ot test this setup localy do not forget that it does 
not process queries sent to loopback even if dnsdist is listening them. 
There is no rule for such target...


I hope it cal help to someone.

Regards

Ales


___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Matching DNS server IP in request

2024-05-21 Thread Remi Gacogne via dnsdist 

Hi Aleš,

On 17/05/2024 18:17, Aleš Rygl via dnsdist wrote:
     I would need to virtualy split a single dnsdist instance in the the 
way, that clients sendig request to a particular IP od DNS dnsdist 
(listening on multiple IPs) are sent to a dedicated pool. I could start 
another dnsdist process bound to the secondary IP on the server but I 
think there must be a more lelegant wa to do it ;-) It should work this 
way:


     client1 ---> DNS req. to dnsdist IP1 ---> pool-A ---> cache-A ---> 
backend A
     client2 ---> DNS req. to dnsdist IP2 ---> pool-B ---> cache-B ---> 
backend B


     Is there a way to match a destination IP of the client's request in 
a rule in order to send it to a pool? I can not use client's IP here.


Unless I'm mistaken you should be able to do that with NetmaskGroupRule 
[1], setting the "src" parameter to false to match the destination 
instead of the source.


[1]:
https://dnsdist.org/reference/selectors.html?highlight=netmaskgroup#NetmaskGroupRule

Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/



OpenPGP_signature.asc
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Matching DNS server IP in request

2024-05-21 Thread Michel Otte via dnsdist 
Hi Ales,

Just setup two Server pools A & B with their own cache, then use a LuaRule
 / LuaFFIRule
 and write a Lua
function that will get a DNSQuestion 
object when called and use the localaddr
 attribute to
filter on the local IP address the request was received on. The Lua
function should return true when the particular IP is matched. Then use
PoolAction("")
 to direct the
packets that are received on that particular IP to the desired pool.

The easiest way to achieve this is to assign one IP address to be the
"default" destination though, and only set up a specific pool and rule for
the alternate IP address. Otherwise you'll have to maintain 2 Lua functions
and set up 2 rules.

Met vriendelijke groet,
Michel Otte

Spoorstraat 55k 
5831 CJ Boxmeer 

0485-471774 <0485471774>
www.cybox.nl


Op vr 17 mei 2024 om 18:18 schreef Aleš Rygl via dnsdist <
dnsdist@mailman.powerdns.com>:

> Hello,
>
>  I would need to virtualy split a single dnsdist instance in the the
> way, that clients sendig request to a particular IP od DNS dnsdist
> (listening on multiple IPs) are sent to a dedicated pool. I could start
> another dnsdist process bound to the secondary IP on the server but I
> think there must be a more lelegant wa to do it ;-) It should work this
> way:
>
>  client1 ---> DNS req. to dnsdist IP1 ---> pool-A ---> cache-A --->
> backend A
>  client2 ---> DNS req. to dnsdist IP2 ---> pool-B ---> cache-B --->
> backend B
>
>  Is there a way to match a destination IP of the client's request in
> a rule in order to send it to a pool? I can not use client's IP here.
>
> Thanks for any ideas.
>
> Regards
>
> Ales
>
>
>
>
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist