[dnsdist] Prevent binding to localhost?

Christopher Engelhard ce at lcts.de
Fri Feb 8 16:34:11 UTC 2019



On 2/8/2019 5:03 PM, Seth Mattinen wrote:
> It doesn't like that:

My bad, that was unclear of me, I meant the function in general, not the 
specific command.

> [...] but the purist in me wants it to only listen on 853.
Hooray for purism. But I don't think that is possible. You could use 
192.0.2.1, which at least is unequivocally no in use, but then using an 
explicit example IP 'for real' isn't very pure, either.

Does anything speak against letting dnsdist handle normal DNS traffic as 
well as DoT? The only difference, configuration-wise, would be changing 
pdns to only bind to localhost, and you'd get dnsdist caching/rate 
limiting/whatever into the bargain.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190208/8aaf62d4/attachment.html>


More information about the dnsdist mailing list