Welcome! Log In Create A New Profile

Advanced

DNS Resolution: proxy_bind - transparent

Posted by astro_turfed 
Forum List Message List New Topic
astro_turfed
DNS Resolution: proxy_bind - transparent
July 26, 2016 09:32AM
Hello,

I am completely new to NGINX and it's been years since I've dealt with Linux so please bear with me.

What I am trying to accomplish: I am trying to setup NGINX to act as a loadbalancer to forward DNS requests to multiple upstream DNS servers. I need the requesting client's IP address to be seen and logged by the DNS server as the requesting IP, for auditing purposes.

What I currently have: I currently have NGINX installed and configured on a CentOS server. NGINX was installed from binaries that were built with the --with-stream flag. NGINX is up and running and wasbalancing the DNS queries between my upstream DNS servers just fine but the IP address of the NGINX server was being logged in the DNS server as the requester instead of the IP address of the client.

http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_bind

I came across the doc that describes the proxy_bind directive. With this directive added, along with $remote_addr transparent options, I am now seeing the client's IP address in the DNS server logs but the client is not getting a response back. According to the information on the proxy_bind directive: "In order for this parameter to work, it is necessary to run nginx worker processes with the superuser privileges and configure kernel routing table to intercept network traffic from the proxied server."

I currently have the worker processes running with superuser privileges but I do not know what needs to be configured in the kernel routing table to route the traffic back from the NGINX server to the requesting client. This is where I am currently stuck.

Is there anyone that would be able to shed some light on what I need to do to configure the routing table? Thank you greatly in advance for any insight.

Useful or not but below is my current config for my dns stream block:

stream {
upstream dns_servers {
server 192.168.1.1:53 fail_timeout=60s;
server 192.168.1.2:53 fail_timeout=60s;
}

server {
listen 53 udp;
listen 53; #tcp
proxy_pass dns_servers;
error_log /var/log/nginx/dns.log info;
proxy_responses 1;
proxy_timeout 5s;
proxy_bind $remote_addr transparent;
}
}
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 316
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready