Hello Pierre, I noticed the same behavior on my box with current before I read this thread. That's why I sent a bug report: 6046/system (http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=6046).
Regards Uwe Am Wed, 14 Jan 2009 15:53:50 +0100 schrieb "BARDOU Pierre" <[email protected]>: > Hi, > > > > I tried to send a bug report with sendbug(1), but I am not very > familiar with it. > > I hope someone will notice... > > > > -- > > Cordialement, > > Pierre BARDOU > > > > De : uday [mailto:[email protected]] > Envoyi : mercredi 14 janvier 2009 15:52 > @ : BARDOU Pierre > Cc : [email protected]; Nigel J. Taylor > Objet : Re: Can't get relayd to work for DNS + problem with relayctl > reload > > > > pierre, > > i'm seeing the same result with relayctl i don't know where it's > coming from. > > um > > On Wed, Jan 14, 2009 at 8:16 AM, BARDOU Pierre <[email protected]> > wrote: > > Shame on me, it didn't worked because I allowed connexion to the real > IP (10.60.0.10x) and no to relayd IP (10.31.33.254). > > Now it works, thanks for the help :) > > But I still have the issue I reported a few monthes ago : when I use > a relay, relayctl reload fails saying "command failed". > The relayd logs says nothing. Will I be forced to pkill relayd and > restart it each time ? > > -- > Cordialement, > Pierre BARDOU > > -----Message d'origine----- > De : Nigel J. Taylor [mailto:[email protected]] > Envoyi : mercredi 14 janvier 2009 02:22 > @ : BARDOU Pierre > Objet : Re: Can't get relayd to work for DNS > > I have this in my relayd.conf, it's just an extract, only a "pass in" > in pf.conf > you use either relay or redirect not both at once redirect requires > an anchor in > pf.conf, relay doesn't. > > dns protocol dnsudp > > tcp protocol dnstcp > > relay relaydnsudp { > protocol dnsudp > listen on $dns_int port domain > forward to <DNSSERVERS> \ > check script "/usr/local/bin/dnscheck" > } > > relay relaydnstcp { > protocol dnstcp > listen on $dns_int port domain > forward to <DNSSERVERS> \ > check script "/usr/local/bin/dnscheck" > } > > > dnscheck script does a dig to check dns is up > > #!/bin/ksh > dnsserver=$1 > if ping -n -c1 -w 1 $dnsserver >/dev/null 2>&1 && dig -x \ > $dnsserver @$dnsserver >/dev/null > then > exit 1 > fi > exit 0 > > > Regards > > Nigel Taylor > > BARDOU Pierre wrote: > > Hello, > > > > I am trying to setup relayd for loadbalancing on my DNS servers. > > The problem is that relayd seems to handle only TCP connexions, UDP > > isn't taken into account. > > I found a known bug on openBSD 4.2, but I am using openBSD 4.4. > > > > I've tried the same setup with a relay, and still have the same > > problem. > > > > Where am I mistaking ? > > > > # pfctl -a relayd/DNS -s nat > > rdr inet proto tcp from any to 10.31.33.254 port = domain > > (tcp.established 600) -> <DNS> port 53 round-robin > > > > # cat /etc/relayd.conf > > node1="10.60.0.101" > > node2="10.60.0.102" > > node3="10.60.0.103" > > > > squid_int="10.31.33.254" > > dns_int="10.31.33.254" > > > > # Global Options > > interval 5 > > log updates > > prefork 10 > > timeout 1500 > > > > table <squid> { $node1 , $node3 } > > table <DNS> { $node1 , $node3 } > > > > redirect "squid" { > > listen on $squid_int port 3128 > > forward to <squid> mode roundrobin check tcp > > } > > > > redirect "DNS" { > > listen on $dns_int port 53 > > forward to <DNS> mode roundrobin check tcp > > } > > > > Relay config : > > dns protocol "dnsfilter" { > > ### TCP performance options > > tcp { nodelay, sack, socket buffer 1024, backlog 1000 } > > } > > > > relay dns { > > ### listen and accept redirected connections from pf > > listen on $dns_int port 53 > > > > ### apply web filters > > protocol "dnsfilter" > > > > ### forward to web server(s) > > forward to <DNS> mode roundrobin check tcp > > } > > -- > > Cordialement, > > > > Pierre BARDOU > > CSIM - Bureau 012 > > > > Midi Picardie Informatique Hospitalihre > > 12 rue Michel Labrousse > > BP93668 > > F-31036 Toulouse CEDEX 1 > > > > Til : 05 67 31 90 84 > > Fax : 05 34 61 51 00 > > Mail : [email protected] > -- Mit freundlichen Gruessen Uwe Werler OB3SI Open Source Software Solution Integration Hosterwitzer Str. 15 D-01259 Dresden Fon +49 351 41722902 http://www.o3si.de mailto:[email protected] Sitz des Unternehmens: 01259 Dresden Der Austausch von Nachrichten mit OB3SI via E-Mail dient ausschliesslich Informationszwecken. RechtsgeschC$ftliche ErklC$rungen dC<rfen auC erhalb gesonderter Vereinbarungen C<ber dieses Medium nicht ausgetauscht werden. Angebote jeglicher Art verstehen sich freibleibend und unterliegen den allgemeinen GeschC$ftsbedingungen. This message is not intended to be relied upon without subsequent written confirmation of its contents OB3SI therefore cannot accept any liability of any kind which may arise from any person either acting upon the contents of the message without having had written confirmation. Any opinions expressed in the e-mail are those of the individual writer and not necessarily those of the Company unless specifically stated otherwise. This e-mail and any files transmitted with it are private and confidential and are solely for the use of the addressee. If you have received this communication in error, please immediately notify us by telephone (+49-351-417229902) or e-mail the sender, and destroy the original message without using, copying or distributing it. The content of this e-mail and any attachments should be virus checked before being downloaded. GPG: 6B6E 2F4E 48E6 DC19 25C0 A020 690A A945 90FE 21C6
