Hello,
I am completely new to NGINX and it's been years since I've dealt with Linux so please bear with me.
What I am trying to accomplish: I am trying to setup NGINX to act as a loadbalancer to forward DNS requests to multiple upstream DNS servers. I need the requesting client's IP address to be seen and logged by the DNS server as the requesting IP, for auditing purposes.
What I currently have: I currently have NGINX installed and configured on a CentOS server. NGINX was installed from binaries that were built with the --with-stream flag. NGINX is up and running and wasbalancing the DNS queries between my upstream DNS servers just fine but the IP address of the NGINX server was being logged in the DNS server as the requester instead of the IP address of the client.
http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_bind
I came across the doc that describes the proxy_bind directive. With this directive added, along with $remote_addr transparent options, I am now seeing the client's IP address in the DNS server logs but the client is not getting a response back. According to the information on the proxy_bind directive: "In order for this parameter to work, it is necessary to run nginx worker processes with the superuser privileges and configure kernel routing table to intercept network traffic from the proxied server."
I currently have the worker processes running with superuser privileges but I do not know what needs to be configured in the kernel routing table to route the traffic back from the NGINX server to the requesting client. This is where I am currently stuck.
Is there anyone that would be able to shed some light on what I need to do to configure the routing table? Thank you greatly in advance for any insight.
Useful or not but below is my current config for my dns stream block:
stream {
upstream dns_servers {
server 192.168.1.1:53 fail_timeout=60s;
server 192.168.1.2:53 fail_timeout=60s;
}
server {
listen 53 udp;
listen 53; #tcp
proxy_pass dns_servers;
error_log /var/log/nginx/dns.log info;
proxy_responses 1;
proxy_timeout 5s;
proxy_bind $remote_addr transparent;
}
}
I am completely new to NGINX and it's been years since I've dealt with Linux so please bear with me.
What I am trying to accomplish: I am trying to setup NGINX to act as a loadbalancer to forward DNS requests to multiple upstream DNS servers. I need the requesting client's IP address to be seen and logged by the DNS server as the requesting IP, for auditing purposes.
What I currently have: I currently have NGINX installed and configured on a CentOS server. NGINX was installed from binaries that were built with the --with-stream flag. NGINX is up and running and wasbalancing the DNS queries between my upstream DNS servers just fine but the IP address of the NGINX server was being logged in the DNS server as the requester instead of the IP address of the client.
http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_bind
I came across the doc that describes the proxy_bind directive. With this directive added, along with $remote_addr transparent options, I am now seeing the client's IP address in the DNS server logs but the client is not getting a response back. According to the information on the proxy_bind directive: "In order for this parameter to work, it is necessary to run nginx worker processes with the superuser privileges and configure kernel routing table to intercept network traffic from the proxied server."
I currently have the worker processes running with superuser privileges but I do not know what needs to be configured in the kernel routing table to route the traffic back from the NGINX server to the requesting client. This is where I am currently stuck.
Is there anyone that would be able to shed some light on what I need to do to configure the routing table? Thank you greatly in advance for any insight.
Useful or not but below is my current config for my dns stream block:
stream {
upstream dns_servers {
server 192.168.1.1:53 fail_timeout=60s;
server 192.168.1.2:53 fail_timeout=60s;
}
server {
listen 53 udp;
listen 53; #tcp
proxy_pass dns_servers;
error_log /var/log/nginx/dns.log info;
proxy_responses 1;
proxy_timeout 5s;
proxy_bind $remote_addr transparent;
}
}