<HTML><HEAD></HEAD>
<BODY dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">
<DIV>The default addAnyTCRule() seems to add a match on qtype==ANY, informing
dnsdist to truncate, and have client come back on TCP.</DIV>
<DIV>When the client does return on TCP(with dnsdist also listening on TCP), it
again matches the rule, and the well behaving client does not get a
response.</DIV>
<DIV> </DIV>
<DIV>Removing the rule works as expected in TCP or UDP mode.</DIV>
<DIV> </DIV>
<DIV>I don’t really see a way to add “PROTO == udp” with existing
rulesets. I am missing something?</DIV>
<DIV> </DIV>
<DIV>It may be nice to add received interface, and protocol maybe?</DIV>
<DIV> </DIV>
<DIV>That way if qtype==ANY && PROTO ==udp then action: tc=1
answer</DIV>
<DIV> </DIV>
<DIV>Would also be nice to AddPoolRule based on destination interface.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Example:</DIV>
<DIV> </DIV>
<DIV>DNSDIST:</DIV>
<DIV>> addAnyTCRule()</DIV>
<DIV>> showRules()</DIV>
<DIV># Matches
Rule
Action</DIV>
<DIV>0 0
qtype==ANY
tc=1 answer</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV># dig @192.168.1.67 ANY google.com</DIV>
<DIV>;; Truncated, retrying in TCP mode.</DIV>
<DIV> </DIV>
<DIV>; <<>> DiG 9.7.1-P2 <<>> @192.168.1.67 ANY
google.com</DIV>
<DIV>; (1 server found)</DIV>
<DIV>;; global options: +cmd</DIV>
<DIV>;; Got answer:</DIV>
<DIV>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5037</DIV>
<DIV>;; flags: qr tc rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0</DIV>
<DIV>;; WARNING: recursion requested but not available</DIV>
<DIV> </DIV>
<DIV>;; QUESTION SECTION:</DIV>
<DIV>;google.com.
IN ANY</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>DNSDIST:</DIV>
<DIV>> showRules()</DIV>
<DIV># Matches
Rule
Action</DIV>
<DIV>0 2
qtype==ANY
tc=1 answer</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>TCPDUMP:</DIV>
<DIV>19:12:31.373860 IP 192.168.1.48.51291 > 192.168.1.67.53: 30517+ ANY?
google.com. (28)</DIV>
<DIV>19:12:31.373966 IP 192.168.1.67.53 > 192.168.1.48.51291: 30517-| 0/0/0
(28)</DIV>
<DIV>19:12:31.375826 IP 192.168.1.48.35744 > 192.168.1.67.53: Flags [S], seq
2895826786, win 14600, options [mss 1460,sackOK,TS val 2755684127 ecr
0,nop,wscale 4], length 0</DIV>
<DIV>19:12:31.375892 IP 192.168.1.67.53 > 192.168.1.48.35744: Flags [S.], seq
3796982548, ack 2895826787, win 28960, options [mss 1460,sackOK,TS val 325515277
ecr 2755684127,nop,wscale 7], length 0</DIV>
<DIV>19:12:31.376091 IP 192.168.1.48.35744 > 192.168.1.67.53: Flags [.], ack
1, win 913, options [nop,nop,TS val 2755684127 ecr 325515277], length 0</DIV>
<DIV>19:12:31.376396 IP 192.168.1.48.35744 > 192.168.1.67.53: Flags [P.], seq
1:31, ack 1, win 913, options [nop,nop,TS val 2755684127 ecr 325515277], length
305037+ ANY? google.com. (28)</DIV>
<DIV>19:12:31.376413 IP 192.168.1.67.53 > 192.168.1.48.35744: Flags [.], ack
31, win 227, options [nop,nop,TS val 325515277 ecr 2755684127], length 0</DIV>
<DIV>19:12:31.376457 IP 192.168.1.67.53 > 192.168.1.48.35744: Flags [P.], seq
1:3, ack 31, win 227, options [nop,nop,TS val 325515277 ecr 2755684127], length
2</DIV>
<DIV>19:12:31.376469 IP 192.168.1.67.53 > 192.168.1.48.35744: Flags [FP.],
seq 3:31, ack 31, win 227, options [nop,nop,TS val 325515277 ecr 2755684127],
length 2833536 [b2&3=0x1] [0q] [1639au] (26)</DIV>
<DIV>19:12:31.376562 IP 192.168.1.48.35744 > 192.168.1.67.53: Flags [.], ack
3, win 913, options [nop,nop,TS val 2755684127 ecr 325515277], length 0</DIV>
<DIV>19:12:31.386644 IP 192.168.1.48.35744 > 192.168.1.67.53: Flags [F.], seq
31, ack 32, win 913, options [nop,nop,TS val 2755684129 ecr 325515277], length
0</DIV>
<DIV>19:12:31.386654 IP 192.168.1.67.53 > 192.168.1.48.35744: Flags [.], ack
32, win 227, options [nop,nop,TS val 325515280 ecr 2755684129], length
0</DIV></DIV></DIV></BODY></HTML>