About dnsdist
In short, dnsdist is a software load balancer specified for DNS protocol.
Here are logs when installing dnsdist and having dnsdist forward queries based on RD bit.
Install dnsdist
$ vagrant ssh dnsdist
vagrant@dnsdist:~$ tail -1 /etc/apt/sources.list
deb [arch=amd64] http://repo.powerdns.com/ubuntu trusty-dnsdist-master main
vagrant@dnsdist:~$ cat /etc/apt/preferences.d/dnsdist
Package: dnsdist*
Pin: origin repo.powerdns.com
Pin-Priority: 600
vagrant@dnsdist:~$ sudo apt-get update ; sudo apt-get install dnsdist
|
Configure dnsdist
If RD bit is 0, forward DNS queries to caching name servers, 192.168.50.11.
If RD bit is 1, forward DNS queries to authoritative servers, 192.168.50.12.
Client --- vip 192.168.50.10 dnsdist --- cache ( 192.168.50.11 )
--- auth ( 192.168.50.12 )
/etc/dnsdist/dnsdist.conf
newServer({address="192.168.50.11", pool="cache"})
newServer({address="192.168.50.12", pool="auth"})
function splitSetup(servers, dq)
if(dq.dh:getRD() == true)
then
print("forward queries to cache")
return leastOutstanding.policy(getPoolServers("cache"), dq)
else
print("forward queries to auth")
return leastOutstanding.policy(getPoolServers("auth"), dq)
end
end
setServerPolicyLua("splitsetup", splitSetup)
|
Run dnsdist
# dnsdist -l 192.168.50.10:53
Added downstream server 192.168.50.11:53
Added downstream server 192.168.50.12:53
Listening on 192.168.50.10:53
dnsdist 0.0.980g327cbc6 comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2
ACL allowing queries from: 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10
Marking downstream 192.168.50.11:53 as 'up'
Marking downstream 192.168.50.12:53 as 'up'
> showServer
showServerPolicy() showServers()
> showServers()
# Name Address State Qps Qlim Ord Wt Queries Drops Drate Lat Outstanding Pools
0 192.168.50.11:53 up 0.0 0 1 1 0 0 0.0 0.0 0 cache
1 192.168.50.12:53 up 0.0 0 1 1 0 0 0.0 0.0 0 auth
All 0.0 0 0
>
|
Dnsdist load balances non recursion queries to auth servers.
$ dig @192.168.50.10 www.foo.com +norec +short
192.168.0.100
hattori@ubuntu:~$ dig @192.168.50.10 www.foo.com +norec
; <<>> DiG 9.10.4b2 <<>> @192.168.50.10 www.foo.com +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1661
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.foo.com. IN A
;; ANSWER SECTION:
www.foo.com. 604800 IN A 192.168.0.100
;; AUTHORITY SECTION:
foo.com. 604800 IN NS localhost.
;; ADDITIONAL SECTION:
localhost. 604800 IN A 127.0.0.1
localhost. 604800 IN AAAA ::1
|
Dnsdist load balances recursion desired queries to cache name servers.
$ dig @192.168.50.10 www.google.com
; <<>> DiG 9.10.4b2 <<>> @192.168.50.10 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30594
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 186 IN A 172.217.25.228
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.