Re: [dnsdist] dnsdist and powerdns on same machine

2022-02-04 Thread frank+pdns--- via dnsdist 


> On 4 Feb 2022, at 10:50, Remi Gacogne via dnsdist 
> mailto:dnsdist@mailman.powerdns.com>> wrote:
> 
> Hi Stephan,
> 
> On 04/02/2022 10:47, De Webmakers (Stephan) via dnsdist wrote:
> 
>> I’ve been struggling with this for far to long now…
>> Is it possible to run dnsdist and pdns on the same server and accept dns 
>> request from everyone (just as it would be without dnsdist).
>> The problem is that I just can’t seem to find a good dnsdist.conf example to 
>> work with and that’s working.
>> In my mind it should be as simple as changing the port for pdns to let’s say 
>> 5300 and then adding a 127.0.0.1:5300 as server to dnsdist..
>> However the nameserver becomes instantly unreachable after this.
>> Can anyone point me in the right direction?
> 
> Well it is, usually, as simple as that, so if that's not working for you I'm 
> afraid you will have to tell us more about your exact setup. Sharing the 
> configurations of both dnsdist and pdns would be a good start.

Don't forget to set the ACL on dnsdist. See 
https://dnsdist.org/advanced/acl.html 

Frank

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] CPU Usage Dnsdist

2021-03-24 Thread frank+pdns--- via dnsdist 
Hi,

> On 24 Mar 2021, at 18:35, SAMI RAHAL via dnsdist 
> mailto:dnsdist@mailman.powerdns.com>> wrote:
> 
> Average response time: 4.35 ms, CPU Usage: 750.60%, Cache hitrate: 93.45%, 
> Server selection policy: leastOutstanding
> I ask are these values in the norms?
> my config:
> OS: CentOS 7
> -RAM 16 G
> -grep -c ^ processor / proc / cpuinfo
> 16
> -RAM used:
> 949 M

You would increase the cache size, as you're only using about 1GB of ram and 
have 16GB available. You also have 16 (v)cpus, but the CPU usage is under 800%. 
If I am not mistake, the CPU usage reported by dnsdist is "% of full 
utilisation of 1 cpu", so it should theoretically go up to 1600%.

If you do want to reduce the CPU usage, you might want to experiment with 
simplifying your lua rules and see if that improves or not.

Kind Regards,

Frank

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] DNS views using DNSDIST

2021-01-27 Thread frank+pdns--- via dnsdist 
Hi,

You would have a few options to do that.

I wrote a blogpost about implementing BIND views using dnsdist and two 
instances of powerdns-auth. See 
https://www.frank.be/implementing-bind-views-with-powerdns/ 
 for details.

If you want to keep a single BIND as a backend, you could investigate EDNS 
client subnet support.

There are other options, but the two above would my preferred way...

Kind Regards,

Frank


> On 27 Jan 2021, at 10:23, Jahanzeb Arshad via dnsdist 
> mailto:dnsdist@mailman.powerdns.com>> wrote:
> 
> Greetings,
> 
> We have been using BIND DNS server with views to return different A records 
> for different source networks. Now we have put DNSDIST as frontend to the 
> BIND DNS servers. Now BIND DNS is seeing the dnsdist as the client IP and the 
> views are no more valid. We are unable to figure out how we can we create 
> same type of views on the dnsdist application. Any help would be appreciated. 
> 
> For example following different A records to be returned for different client 
> IPs for a specific application/domain name.
> 
> web.domain.com    -> 192.168.10.10 for client IPs 
> 10.10.10.0/24
> web.domain.com    -> 192.168.20.20 for client IPs 
> 10.10.20.0/24
> 
> Regards
> 
> Jahanzeb
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com 
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] ERROR RUNNING ZVELODB c-api-tool LOOKUP COMMAND INSIDE LUA's preresolve()

2021-01-14 Thread frank+pdns--- via dnsdist 
Hi Pius,

Have you checked the permissions on the database and the path? 

Frank


> On 14 Jan 2021, at 05:07, Pius Nganga via dnsdist 
> mailto:dnsdist@mailman.powerdns.com>> wrote:
> 
> We are using zvelodb to do an url lookup inside pdns recursor's preresolve 
> function. We are executing a terminal command using  io.popen as follows;
> 
> f = io.popen("c-api-tool -l "..dq.qname:toString()) -- runs command
>l = f:read("*a") -- read output of command
>f:close()
>print(l)
> 
> Running the above command outside of the preresolve function prints the 
> expected outcome which is 'domainname category'.
> 
> When the command is inside the preresolve function it prints 'url_init: 
> unable to open database'
> Has anyone encountered this before and how do we solve this?
> 
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com 
> https://mailman.powerdns.com/mailman/listinfo/dnsdist

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist