Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] Pdnsd: Multiple DNS servers (DNS Routing)?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
musv
Advocate
Advocate


Joined: 01 Dec 2002
Posts: 3237
Location: de

PostPosted: Fri Oct 17, 2014 8:01 am    Post subject: [solved] Pdnsd: Multiple DNS servers (DNS Routing)? Reply with quote

Good morning,

I'm playing around with pdnsd. Works quite well. But there remains one big problem:

I don't receive the IPs of the local networks.

Network:
My computer is located inside a company network. I've installed a VPN connection to my router at home.

/etc/pdnsd.conf:
global {
   perm_cache=4096;
   cache_dir="/var/cache/pdnsd";
   run_as="pdnsd";
   server_ip = 127.0.0.1;
   status_ctl = on;
   paranoid=off;       
   query_method=udp_tcp;
   min_ttl=15m;       # Retain cached entries at least 15 minutes.
   max_ttl=1w;        # One week.
   timeout=10;        # Global timeout option (10 seconds).
    neg_rrs_pol=on;
   par_queries=3;   
       debug=on;           
}

source {
    ttl=1w;                  # Cache time 1 week for local entries
    owner=localhost;   
    serve_aliases=on;
    file="/etc/hosts";                 
    file="/etc/hosts-pdnsd";        # Server list with ads (downloaded)
    file="/etc/hosts-pdnsd-own"; # Server list with more ads
}

server {
   label= "something";
        ip = 213.73.91.35,192.168.109.11,11.14.144.10;
   proxy_only=on;     # Do not query any name servers beside your ISP's.
   timeout=4;         
   interval=10m;      # Check every 10 minutes.
   purge_cache=off;   
       lean_query=on;     # Cache only the requested data.
}

  • 213.73.91.35: DNS server of the Chaos Computer Club
  • 192.168.109.11: My Nas with a DNS Server in my Home network (fritz.box)
  • 11.14.144.10: DNS server of the company


/etc/resolv.conf:
search my_company.com fritz.box
nameserver   127.0.0.1


Now the thing, I don't understand:
  • ping any_machine_in_company: works. Due to the search in resolv.conf, it adds the domain and gives me a ping. The company DNS is the third one in the list above.
  • ping any_machine.fritz.box: doesn't work, independent with or without domain. The DNS is the 2nd in the list.


debug log:
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| Received query (msg len=32).
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| Flags: RD
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| Questions are:
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14|    qc=IN (1), qt=A (1), query="my_company.com."
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| Starting cached resolve for: hexe.my_company.com., query A
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| Trying name servers.
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| Sending query to 213.73.91.35
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| Sending query to 192.168.109.11
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| Sending query to 11.14.144.10
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| Received reply from 213.73.91.35 (msg len=84).
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| rcode=3 (non-existent domain), flags: RD RA
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| Server 213.73.91.35 returned error code: non-existent domain
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| No query succeeded. Returning error code "non-existent domain"
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| Outbound msg len 84, tc=0, rc="non-existent domain"
Okt 17 09:38:14 arch64 pdnsd[5751]: 1 10/17 09:38:14| Answering to: 127.0.0.1, source address: 127.0.0.1
Okt 17 09:38:14 arch64 pdnsd[5751]: 2 10/17 09:38:14| Received query (msg len=32).
Okt 17 09:38:14 arch64 pdnsd[5751]: 2 10/17 09:38:14| Flags: RD
Okt 17 09:38:14 arch64 pdnsd[5751]: 2 10/17 09:38:14| Questions are:
Okt 17 09:38:14 arch64 pdnsd[5751]: 2 10/17 09:38:14|    qc=IN (1), qt=A (1), query="hexe.fritz.box."
Okt 17 09:38:14 arch64 pdnsd[5751]: 2 10/17 09:38:14| Starting cached resolve for: hexe.fritz.box., query A
Okt 17 09:38:14 arch64 pdnsd[5751]: 2 10/17 09:38:14| Entry found in cache for 'fritz.box.' with dflags=LOC.
Okt 17 09:38:14 arch64 pdnsd[5751]: 2 10/17 09:38:14| Outbound msg len 32, tc=0, rc="non-existent domain"
Okt 17 09:38:14 arch64 pdnsd[5751]: 2 10/17 09:38:14| Answering to: 127.0.0.1, source address: 127.0.0.1
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Received query (msg len=22).
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Flags: RD
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Questions are:
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14|    qc=IN (1), qt=A (1), query="hexe."
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Starting cached resolve for: hexe., query A
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Trying name servers.
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Sending query to 213.73.91.35
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Sending query to 192.168.109.11
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Sending query to 11.14.144.10
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Received reply from 11.14.144.10(msg len=22).
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| rcode=2 (server failed), flags: RD RA
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Discarding reply from server 11.14.144.10
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Received reply from 213.73.91.35 (msg len=97).
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| rcode=3 (non-existent domain), flags: RD RA
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Server 213.73.91.35 returned error code: non-existent domain
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| No query succeeded. Returning error code "non-existent domain"
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Outbound msg len 97, tc=0, rc="non-existent domain"
Okt 17 09:38:14 arch64 pdnsd[5751]: 3 10/17 09:38:14| Answering to: 127.0.0.1, source address: 127.0.0.1


ping hexe (my homenetwork) sends queries to 213.73.91.35 (public DNS), 192.168.109.11 (my home DNS), 11.14.144.10 (company DNS). But it only receives answers from the public and the company DNS.

If I change the pdnsd.conf to more server sections:
pdnsd.conf:

global {
    …
    par_queries=4;
}

server {
    label= "fritzbox";
    ip = 192.168.109.11, 192.168.109.1;

}

server {
    label= "my_company";
    ip = 11.14.144.10, 11.14.144.11;

}

server {
    label= "public";
    ip = 213.73.91.35, 8.8.8.8;

}


Then I get the local computers, but only if the fritz.box is at the first position. Means, if I put my "fritzbox" at the 3rd position, it doesn't work again.

Conclusion: It seems, if the first server answers independent of the result, the query will be finished.

Question: How do I force pdnsd to query subsequently also the remaining servers, in case a host name wasn't found on the fastest one?


Last edited by musv on Tue Nov 04, 2014 8:21 am; edited 1 time in total
Back to top
View user's profile Send private message
musv
Advocate
Advocate


Joined: 01 Dec 2002
Posts: 3237
Location: de

PostPosted: Tue Nov 04, 2014 8:18 am    Post subject: Reply with quote

Got it (mostly).

If somebody has the same problem. You can define a number of server blocks and specify for every server block, for what it should be used.

Use this server block only for full qualified domains:

server {
   label="only_external";
   …
   policy=fqdn_only;
}

fqdn_only is described in the man-page as string containing at least one dot.

Use this server block only for simple host names:

server {
   label="only_internal";
   policy=simple_only;
}


Exclude domains:

server {
   label="exclude_a_list_of_domains";
   exclude=.dont-do.com,.dont-do-too.com;
   policy=included;
}


Only for certain domains:

server {
   label="use_this_only_for_listed_domains";
   include=.only-this.com,.only-that.com;
   policy=excluded;
}


This realizes some kind of DNS routing. Could also used quite well for a mixed environment with Tor, where only certain domains should be queried at a public DNS.

There's still a unclear behavior to me. In case of 2 or more server blocks with "policy=simple_only" only the 1st block seems to be queried. And also I had to set par_queries to 4, to query 2 blocks. But that are minor issues, I can live with.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum