Using multiple A-records for my domain

[phancong0897]

I have a domain abc.xyz with two A records: 192.168.1.10 and 192.168.1.11. I want to configure dnsdist to check if a TCP check to the A record 192.168.1.10 times out; in that case, any subsequent requests from clients to dnsdist should resolve only to the remaining IP, which is 192.168.1.11, and vice versa. This means that if both IPs are functioning normally, the resolution should distribute evenly between the two IPs. If one of the records fails, dnsdist should only resolve to the operational IP. These are two records for the domain abc.xyz, not for recursive DNS.

[paddg]

I would not use dnsdist for this task, but rather PowerDNS Authoritative with its Lua records. Would that not be an option for you?

[phancong0897]

i'm using pdns 4.8, i create a script.lua file with the content -- script.lua

function get_a_record(name)
if name == "abc.phancong.vn" then
return "ifportup(22, {'192.168.1.1', '192.168.1.2'})"
end
return nil -- No other records
end

-- Register function to get record
addQueryHandler(get_a_record)
i can't find how pdns 4.8 declares script.lua

[paddg]

The examples from the manual are DNS resource records (RRs) in BIND zone file format. You must enter these RRs in your DNS zone. And don't foget to enable this feature.

[phancong0897]

i have created record and enable enable-lua-records=yes.
The ip 192.168.1.10 is not real, 10.10.10.100 is my server IP, but when i dig abc.phancong.vn it still resolves to 2 IPs
did i configure something wrong, please help me
@ LUA "ifportup(80, {'192.168.1.10', '10.10.10.100'})"

[paddg]

I have no experience with LUA RRs in a SQL backend. Maybe this is relevant for you: https://doc.powerdns.com/authoritative/lua-records/#using-lua-records-with-generic-sql-backends

[phancong0897]

676 / 5.000
i'm using mysql, i tried following the instructions but it didn't work,
-- Create the zone example.com
INSERT INTO domains (id, name, type) VALUES (1, 'example.com', 'NATIVE');

-- Enable Lua records for the zone (if not enabled globally)
INSERT INTO domainmetadata (domain_id, kind, content)
VALUES (1, 'ENABLE-LUA-RECORDS', 1);

-- Create a pickClosest() Lua A record.
-- Double single quotes are used to escape single quotes in both MySQL and PostgreSQL
INSERT INTO records (domain_id, name, type, content, ttl)
VALUES (
1,
'www.example.com',
'LUA',
'A "pickclosest({''192.0.2.1'',''192.0.2.2'',''198.51.100.1''})"',
600
);
I don't understand what I did wrong or what I'm missing

[lpmhouben]

... I understand you're eliding for the sake of privacy, but given the framing of your question I'm wondering if you're not dealing with an XY problem .

It at least sounds like what you're trying to construct is a relatively straightforward high-availability setup, where you want the HA provider to check the health of the servers and route traffic only to the ones that are still up.

In which case, there is absolutely no need to (and every reason not to) use dnsdist, or in fact DNS at all. Leaving aside the difficulties you're already encountering, the way DNS caching and TTLs work means that potentially wrong answers will persist in DNS caches over the world for much longer than any anticipated outage.

Instead I'd recommend something like HAProxy, which is as its name implies a High-Availability Proxy server software that explicitly includes load balancing and health checks and is pretty much made specifically for the exact scenario you're describing.

[lpmhouben]

I reiterate: This will not work for your particular use case because DNS TTL will foul you up. HAProxy can and will do exactly what you need, trying to make DNS do something it's very much not designed for will make no one happy.

[paddg]

For this to work, the TTL of these LUA RRs must be very small. For example, 30s. In your first attempt, you chose 86400, which is obviously too much.

[Habbie]

I understand you're eliding for the sake of privacy,

please also note that this is against policy

[lpmhouben]

Upon further reflection, I suspect that what you think you saw is in actuality much less similar to your issue than it actually is, and the example there is listed as an advanced example for people who know what they're doing with dnsdist that is, with no disrespect intended, not a subset that includes you. And it still won't actually do what you want because of the limitations already described by me and paddg.

What you're trying is much more easily, reliably and effectively accomplished using HAproxy. Trying to make it work in dnsdist will only waste everyone's time.

[phancong0897]

thanks for your help, however i am having the following problem, it seems i have mis-described the case i am having.
I have a domain abc.xyz with two A records: 192.168.1.10 and 192.168.1.11 these are 2 apache webservers, i am using pdns 4.8, i want pdns to check the status of these 2 webservers, if one of the two webservers has a problem, all requests to pdns will automatically redirect to the remaining webserver ip and remove the problem webserver from the domain query. I got the instruction from padd https://doc.powerdns.com/authoritative/lua-records/ , I tried to follow it because it describes exactly what I want, I understand about haproxy, however my problem is not using haproxy but using powerdns to handle that problem, I also want pdns to solve the above problem for me without changing the system model.