[dnsdist] Prevent binding to localhost?
Christopher Engelhard
ce at lcts.de
Fri Feb 8 15:51:22 UTC 2019
Hi Seth,
> I wanted to run dnsdist on top of my existing PowerDNS servers to
> provide DNS over TLS, but it wants to bind to 127.0.0.1:53 which is of
> course already in use.
Have you tried setLocal()? setLocal() overwrites the configured
listeners instead of adding them.
f you want non-TLS-traffic to go to the pdns server directly you could
use setLocal() to make dnsdist listen elsewhere:
setLocal(127.0.0.1:<some_closed_off_port>)
addTLSLocal(<public ip>)
newServer( address="127.0.0.1:53", id="PowerDNS" )
...
, but if you're running dnsdist anyway, it's probably better to let it
handle all inbound queries:
setLocal(<public ip>:53)
addTLSLocal(<public ip>:53)
newServer( address="127.0.0.1:53", id="PowerDNS" )
...
, with PDNS binding ONLY to localhost.
Christopher
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190208/2aebf2a2/attachment.html>
More information about the dnsdist
mailing list