Troubleshooting pdns and SDNS configuration.
modify the pdns.conf file and set the following settings
1loglevel=72log-dns-queries=yes3log-dns-details=yesOnce that is done, you will need to restart the service for those settings to take effect.
1service pdns restartThe dns queries are being logged to /var/log/messages. So, you can tail that file to see the DNS queries that are coming in. When we are talking about troubleshooting issues with Extended DNS Client Subnet (EDNS-CS)
Response details
I appreciate that you might not be able to see those results that well, lets dissect them somewhat.
The information that we are most concerned with is the Remote IP, the GSLB uses this to match against the topologies configured in the load balancer. If there is an issue with the remote IP that is being offered up to the GSLB that can cause issues with TWRR working the way that we need it to.
The first request is showing us the following:
Remote 10.0.51.14<-192.168.65.0/24 wants 'cloudy.with.meatballs'
What this is telling us is that the actual request that came in to the GSLB is sourced from 10.0.51.14 but the Client Subnet field has been set with the originating client subnet configured as 192.168.65.0/24. As the client subnet field is set, that is what the GSLB will use to evaluate against the topology configuration. The client subnet field can be set if the DNS request originates from a completely different than the IP address that has forwarded the address to the GSLB, in this case it is because I manually set the field on the lookup, like so:
1dig @192.168.100.80 cloudy.with.meatballs +subnet=192.168.65.0/24The second request doesn't have the extra information of the Client Subnet field:
Remote 10.0.51.14 wants 'cloudy.with.meatballs'
With this lookup the remote IP will be evaluated against the remote IP as the Client Subnet field is not set. This request came in after issuing this command on the client
1nslookup cloudy.with.meatballs 192.168.100.80The dns server was manually set as my dns server is not set up to point at the GSLB for this domain so a manual override was used.
Comments