Install and configure dnsdist : load balnces DNS queries based on RD bit

About dnsdist

http://dnsdist.org/

In short, dnsdist is a software load balancer specified for DNS protocol.

Here are logs when installing dnsdist and having dnsdist forward queries based on RD bit.

Install dnsdist

$ vagrant ssh dnsdist vagrant@dnsdist:~$ tail -1 /etc/apt/sources.list deb [arch=amd64] http://repo.powerdns.com/ubuntu trusty-dnsdist-master main vagrant@dnsdist:~$ cat /etc/apt/preferences.d/dnsdist Package: dnsdist* Pin: origin repo.powerdns.com Pin-Priority: 600 vagrant@dnsdist:~$ sudo apt-get update ; sudo apt-get install dnsdist

Configure dnsdist

If RD bit is 0, forward DNS queries to caching name servers, 192.168.50.11.

If RD bit is 1, forward DNS queries to authoritative servers, 192.168.50.12.

Client --- vip 192.168.50.10 dnsdist --- cache ( 192.168.50.11 )

                                                        --- auth ( 192.168.50.12 )

/etc/dnsdist/dnsdist.conf

newServer({address="192.168.50.11", pool="cache"}) newServer({address="192.168.50.12", pool="auth"}) function splitSetup(servers, dq)         if(dq.dh:getRD() == true)         then                print("forward queries to cache")                return leastOutstanding.policy(getPoolServers("cache"), dq)         else                print("forward queries to auth")                return leastOutstanding.policy(getPoolServers("auth"), dq)         end end setServerPolicyLua("splitsetup", splitSetup)

Run dnsdist

# dnsdist -l 192.168.50.10:53 Added downstream server 192.168.50.11:53 Added downstream server 192.168.50.12:53 Listening on 192.168.50.10:53 dnsdist 0.0.980g327cbc6 comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2 ACL allowing queries from: 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10 Marking downstream 192.168.50.11:53 as 'up' Marking downstream 192.168.50.12:53 as 'up' > showServer showServerPolicy() showServers()      > showServers() #   Name                 Address                       State     Qps    Qlim Ord Wt    Queries   Drops Drate   Lat Outstanding Pools 0                        192.168.50.11:53                 up     0.0       0   1  1          0       0   0.0   0.0           0 cache 1                        192.168.50.12:53                 up     0.0       0   1  1          0       0   0.0   0.0           0 auth All                                                              0.0                         0       0                          >

Dnsdist load balances non recursion queries to auth servers.

$ dig @192.168.50.10 www.foo.com +norec +short 192.168.0.100 hattori@ubuntu:~$ dig @192.168.50.10 www.foo.com +norec ; <<>> DiG 9.10.4b2 <<>> @192.168.50.10 www.foo.com +norec ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1661 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.foo.com. IN A ;; ANSWER SECTION: www.foo.com. 604800 IN A 192.168.0.100 ;; AUTHORITY SECTION: foo.com. 604800 IN NS localhost. ;; ADDITIONAL SECTION: localhost. 604800 IN A 127.0.0.1 localhost. 604800 IN AAAA ::1

Dnsdist load balances recursion desired queries to cache name servers.

$ dig @192.168.50.10 www.google.com ; <<>> DiG 9.10.4b2 <<>> @192.168.50.10 www.google.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30594 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 186 IN A 172.217.25.228

Power DNS : how to build pdns-tools ( dnswasher, dnsscope, dnsbulktest, dnsdist, dnsreplay, dnstcpbench )

Followings are useful DNS tools, such as pcap reply, benchmark tool etc, which contains Power DNS source code.

dnswasher: remove IP addresses from a DNS pcap file dnsscope: provide query/response timing stats from DNS pcap file dnsbulktest: send out many parallel queries to validate resolver performance dnsdist: simple high performance UDP/TCP DNS load balancer dnsreplay: replay existing DNS pcap files to compare nameservers dnstcpbench: stress out nameservers over TCP/IP

Here are trial and error logs when building these tools on Ubuntu 13.10 64bit.

# tail -1 /etc/lsb-release ;uname -ri DISTRIB_DESCRIPTION="Ubuntu 13.10" 3.11.0-12-generic x86_64

download the source code from git.

# apt-get install git # git clone https://github.com/PowerDNS/pdns.git

install required packages

# apt-get install autoconf automake bison flex g++ libboost-all-dev libtool make pkg-config ragel

build

# cd pdns/ # ./bootstrap # ./configure --with-modules="" --without-lua # cd pdns/ # pwd /root/PowerDNS_works/pdns/pdns

- build dnswasher

error

# pwd /root/PowerDNS_works/pdns/pdns # make dnswasher  CXXLD    dnswasher /usr/bin/ld: cannot find -lz collect2: error: ld returned 1 exit status make: *** [dnswasher] Error 1

Googling this error, I might solve this by installing lib32z1-dev..

# apt-get install lib32z1-dev

try again. Okay, I was able to build dnswasher.

# make dnswasher  CXXLD    dnswasher root@ubuntu1310-vm6:~/PowerDNS_works/pdns/pdns# echo $? 0 # ./dnswasher --help Syntax: dnswasher infile outfile

- build other tools.

root@ubuntu1310-vm6:~/PowerDNS_works/pdns/pdns# make dnsscope  CXX      dnsscope.o  CXXLD    dnsscope root@ubuntu1310-vm6:~/PowerDNS_works/pdns/pdns# make dnsbulktest  CXX      dnsbulktest.o  CXXLD    dnsbulktest root@ubuntu1310-vm6:~/PowerDNS_works/pdns/pdns# make dnsdist  CXX      dnsdist.o  CXX      iputils.o  CXXLD    dnsdist root@ubuntu1310-vm6:~/PowerDNS_works/pdns/pdns# make dnsreplay  CXX      dnsreplay.o  CXXLD    dnsreplay root@ubuntu1310-vm6:~/PowerDNS_works/pdns/pdns# make dnstcpbench  CXXLD    dnstcpbench root@ubuntu1310-vm6:~/PowerDNS_works/pdns/pdns#