Denis Machard

My technical gists

Infrastructure architect by profession but always consider himself as a developer and an open source enthusiast.
@github @mastodon @rss
dns powerdns dnsdist

How to send all your DNS queries to a pool of public resolvers with DNSdist

In this very basic example, the goal is to send all your local DNS queries (udp/tcp) to a pool of public resolvers (without encryption).

Basic configuration

dnsdist is configured to make a load balancing (round robin) between all public resolvers configured. A dns cache is enabled to optimize the traffic. We assume you have dnsdist 1.6 minimum installed on your machine.

Configuration: /etc/dnsdist/dnsdist.conf

---------------------------------------------------
-- Dns services
---------------------------------------------------

-- udp/tcp dns listening
setLocal("0.0.0.0:53", {})

-- dns caching
pc = newPacketCache(10000, {})

---------------------------------------------------
-- Pools
---------------------------------------------------

pool_resolv = "resolvers"

-- members definition
newServer({
  name = "google",
  address = "8.8.8.8:53",
  pool = pool_resolv,
})

newServer({
  name = "quad9",
  address = "9.9.9.9:53",
  pool = pool_resolv,
})

-- set the load balacing policy to use
setPoolServerPolicy(roundrobin, pool_resolv)

-- enable cache for the pool
getPool(pool_resolv):setCache(pc)

---------------------------------------------------
-- Rules
---------------------------------------------------

-- matches all incoming traffic and send-it to the pool of resolvers
addAction(
  AllRule(),
  PoolAction(pool_resolv)
)
propulsed by hugo and hugo-theme-gists