[dnsdist] dnsdist vs. Windows DNS (+noedns or +nocookie)

Phillip R. Jaenke prj at rootwyrm.com
Wed Jul 22 22:42:39 UTC 2020

On 7/17/2020 9:53 AM, Bit World Computing e.K. - Michael Mertel via
dnsdist wrote:
> Hi,
> at one site there are Windows 2012 (?) DNS servers for internal domains, and whenever I try to dig some records or have dnsdist use them as upstream servers I’am getting a FORMERR.
> I don’t have a chance to get this fixed on Windows side and don’t wanna intervene to avoid trouble with the Windows admins.
> To get some results with dig I could use either +noedns or +nocookie, but is there a way to inject these kind of options in the request from dnsdist to the Windows DNS?

That's actually rather surprising to me that you're seeing that; I have
Windows 2k19 upstream here (functional 2k12R2) and I can't reproduce. It
sounds like they may be legitimately broken - or more likely have some
sort of broken load-balancer out front.

You can use DisableECSAction() / dq.useECS to disable ECS globally, but
that's probably not what you're looking for. Have you tried adding
'useClientSubnet=false' to the newServers() entry for the AD DNS pool?


More information about the dnsdist mailing list