Shame on me, it didn't worked because I allowed connexion to the real IP (10.60.0.10x) and no to relayd IP (10.31.33.254).
Now it works, thanks for the help :) But I still have the issue I reported a few monthes ago : when I use a relay, relayctl reload fails saying "command failed". The relayd logs says nothing. Will I be forced to pkill relayd and restart it each time ? -- Cordialement, Pierre BARDOU -----Message d'origine----- De : Nigel J. Taylor [mailto:[email protected]] Envoyi : mercredi 14 janvier 2009 02:22 @ : BARDOU Pierre Objet : Re: Can't get relayd to work for DNS I have this in my relayd.conf, it's just an extract, only a "pass in" in pf.conf you use either relay or redirect not both at once redirect requires an anchor in pf.conf, relay doesn't. dns protocol dnsudp tcp protocol dnstcp relay relaydnsudp { protocol dnsudp listen on $dns_int port domain forward to <DNSSERVERS> \ check script "/usr/local/bin/dnscheck" } relay relaydnstcp { protocol dnstcp listen on $dns_int port domain forward to <DNSSERVERS> \ check script "/usr/local/bin/dnscheck" } dnscheck script does a dig to check dns is up #!/bin/ksh dnsserver=$1 if ping -n -c1 -w 1 $dnsserver >/dev/null 2>&1 && dig -x \ $dnsserver @$dnsserver >/dev/null then exit 1 fi exit 0 Regards Nigel Taylor BARDOU Pierre wrote: > Hello, > > I am trying to setup relayd for loadbalancing on my DNS servers. > The problem is that relayd seems to handle only TCP connexions, UDP isn't > taken into account. > I found a known bug on openBSD 4.2, but I am using openBSD 4.4. > > I've tried the same setup with a relay, and still have the same problem. > > Where am I mistaking ? > > # pfctl -a relayd/DNS -s nat > rdr inet proto tcp from any to 10.31.33.254 port = domain (tcp.established > 600) -> <DNS> port 53 round-robin > > # cat /etc/relayd.conf > node1="10.60.0.101" > node2="10.60.0.102" > node3="10.60.0.103" > > squid_int="10.31.33.254" > dns_int="10.31.33.254" > > # Global Options > interval 5 > log updates > prefork 10 > timeout 1500 > > table <squid> { $node1 , $node3 } > table <DNS> { $node1 , $node3 } > > redirect "squid" { > listen on $squid_int port 3128 > forward to <squid> mode roundrobin check tcp > } > > redirect "DNS" { > listen on $dns_int port 53 > forward to <DNS> mode roundrobin check tcp > } > > Relay config : > dns protocol "dnsfilter" { > ### TCP performance options > tcp { nodelay, sack, socket buffer 1024, backlog 1000 } > } > > relay dns { > ### listen and accept redirected connections from pf > listen on $dns_int port 53 > > ### apply web filters > protocol "dnsfilter" > > ### forward to web server(s) > forward to <DNS> mode roundrobin check tcp > } > -- > Cordialement, > > Pierre BARDOU > CSIM - Bureau 012 > > Midi Picardie Informatique Hospitalihre > 12 rue Michel Labrousse > BP93668 > F-31036 Toulouse CEDEX 1 > > Til : 05 67 31 90 84 > Fax : 05 34 61 51 00 > Mail : [email protected]
