[dnsdist] documentation for "showDOHFrontends()" output

Christoph cm at appliedprivacy.net
Tue Jun 11 22:05:00 UTC 2019


> On 6/9/19 9:54 PM, Christoph wrote:
>>> most of the columns in the output of "showDOHFrontends()" are
>>> self-explanatory, but it would be interesting to know the details behind
>>>  "Bad" and "Errors".
>>>
>>> Are these columns documented somewhere?
>>>
>>> https://dnsdist.org/reference/config.html#showDOHFrontends
>>
>> The "Errors" counter appears to match the amount of HTTP requests
>> getting answered with:
>>
>> 500 Internal Server Error
>>
>> The "Bad" column is still unknown to me but it is not
>> related to HTTP 400 or 408 response codes.
> 
> The "Bad" counter refers to queries that we could not interpret as a DoH
> query, meaning that it was not a POST query and either there was no
> 'dns' parameter in the query or we couldn't not base64 decode the
> content of the 'dns' parameter. We should return a 400 for these,
> though, are you sure we don't?

We saw 400 Bad Request responses but the counter in the "Bad" column did
not increase but I'll rerun the tests to make sure this was not caused
by looking at the IPv4 counter stats while hitting the IPv6 frontend
or vice versa.

> 
> The "Errors" counters refers to invalid or rejected DNS queries:
> - smaller than a minimal DNS header or the QR bit is set, or QDCOUNT is
> equal to zero (noncompliant-queries in the regular stats should increase
> accordingly);
> - blocked by the ACL (acl-drops should increase) ;
> - query is dropped by a rule (the counter of the corresponding rule
> should increase) ;
> - we encountered an error when sending the query to the selected backend
> (downstream-send-errors should increase, as well the 'sendErrors'
> counter of the corresponding backend).

Thanks for writing this down. Are you implying that you currently
respond with
500 Internal Server Error
in all these "Error" cases? (which would be surprising, at least to me)

thanks!
Christoph


More information about the dnsdist mailing list