Re: [dnsdist] Dnsdist dynamic backend selection between AUTH and RECURSOR

[bernd--- via dnsdist]

Hello!

I am aware that the solution I am aiming for is not the optimum.

However, I use fly.io as a platform where I have already distributed DNSDIST 
containers to over 20 locations with Anycast IP.
The problem comes with the limitations of the fly - one app is bound to a set 
of IPs. You can not distinguish within the app between different IPs on the 
same app.
This means, I would have to start another 20 Instances of dnsdist 

May I can code an Pub/Sub solution or make use of the KV Store... I still have 
to think my way into it.

If someone is interested in my fly.io solution (Alpha State, testing only, no 
warranty!):

https://github.com/Berndinox/flyio-powerdns-dnsdist
https://github.com/Berndinox/flyio-powerdns-pg


BR
Bernd


-Ursprüngliche Nachricht-
Von: Chris Hofstaedtler | Deduktiva  
Gesendet: Samstag, 7. Januar 2023 12:50
An: Bernd KLAUS 
Cc: dnsdist@mailman.powerdns.com
Betreff: Re: [dnsdist] Dnsdist dynamic backend selection between AUTH and 
RECURSOR

Hello Bernd,

* Bernd KLAUS via dnsdist  [230107 11:01]:
> Regarding:
> „ My first suggestion would be to not need to do the name based 
> forwarding by separating the incoming recurosr and auth traffic on ip 
> address or port“
> 
> So i should forward all querys to the recursor?

I believe the best practice is to have a dedicated IP for auth services, and 
another dedicated IP for recursive.

I'd expect Otto's suggestions to be that ^.

Best,
--
Chris Hofstaedtler / Deduktiva GmbH (FN 418592 b, HG Wien) www.deduktiva.com / 
+43 1 353 1707

___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

[dnsdist] Dnsdist dynamic backend selection between AUTH and RECURSOR

[bernd--- via dnsdist]

Hello!

 

I have a question regarding the architecture of DNSDIST in front of an
authorative pdns instance as well as an recursor.

I`ve looked at: https://doc.powerdns.com/authoritative/guides/recursion.html
- however, the solutions described are kind of static.

Eg. Domains send to the auth-instance have to be specified manually in the
config.

 

What I love to achieve is:

 

Let DNSDIST dynamicly select if a Request should be send to AUTH or
RECURSOR.

For Latency, the list of AUTH-Domains should be somehow synced locally to
the DNSDIST-Instance itself.

DNSDIST should not ask AUTH always and if it fails forward the request to
the Recursor.

Also if another Domain is added to the AUTH-Instance, this domain should be
added to the DNSDIST Config.

 

I tought about getting the Domain List via API on Startup and adding new
records via Control-Socket.

 

Has someone done a similar thing already?

 

PS: Sorry for some potential false spellings - i`m not native.

 

BR

Bernd

https://berndklaus.at

 

___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist