Mirroring Traffic Using dnsdist
The Yeti project would like DNS resolver operators to send us their query traffic. Because Yeti is an experimental network, DNS operators may not want to put their users on resolvers using Yeti. By using dnsdist, resolver operators can continue to use the normal IANA root servers and also send queries to the Yeti root servers.
To do this an administrator needs to set up a resolver that uses the Yeti servers which runs at the same time as the production IANA resolver. They will then add dnsdist as a DNS load-balancer in front of the resolver using IANA root servers and the resolver using Yeti root servers.
dnsdist is a highly DNS-, DoS- and abuse-aware load balancer. We can use the TeeAction to mirror DNS query to Yeti resolvers.
TeeAction This action sends off a copy of a UDP query to another server, and keeps statistics on the responses received.
dnsdist will only copy UDP query to other server. There is a figure depicting the dnstist mirrored traffic flow below:
|Client|<-->|DNSDIST|<--->Resolvers<--->Other authority servers |DNSDIST|<--->Yeti Resolver<--->Yeti root name server
The dnsdist is installed betweeen client and a normal in-production RDNS server, so that the stub queries heard by that server will be mirrored toward a specified Yeti-capable RDNS server.People who is willing to use dnsdist to mirror traffic to yeti is expected to run another Yeti resolver. (The is also a list of registried Yeti RDNS in the Yeti webpage)
Note that there is no round-robin, load balancing, or RTT-based server selection for the dnsdist ‘tee’ action, and so, all mirrored queries will be sent to the Yeti Resolver server, whose IPv6 address must be hard wired in the dnsdist config.
Please refer to dnsdist
Mirror dns query to Yeti resolvers
1) Yeti resolvers add ACL for dnsdist server.
2) dnsdist add rules:
addAction(AllRule(), TeeAction("240c:f:1:22::103")) -- default port 53 topRule()
1) running in the foreground.
dnsdist -C /path/to/dnsdist.conf
dnsdist -C /path/to/dnsdist.conf --daemon dnsdist -C /path/to/dnstist.conf --client # connect to control