[dnsdist] dnsdist vs. Windows DNS (+noedns or +nocookie)
Bit World Computing e.K. - Michael Mertel
michael.mertel at bwc.de
Thu Jul 23 08:12:51 UTC 2020
Hi Phil,
my fault, the windows admin told me it is a W2K8R2, I wasn’t able to verify it myself with my own test instance of W2K12R2.
I’ve tried the mentioned functions/parameters already, but no luck so far. I spoofed the needed response in the meantime.
Best regards.
—Michael
> Am 23.07.2020 um 00:42 schrieb Phillip R. Jaenke <prj at rootwyrm.com>:
>
> On 7/17/2020 9:53 AM, Bit World Computing e.K. - Michael Mertel via
> dnsdist wrote:
>> Hi,
>>
>> at one site there are Windows 2012 (?) DNS servers for internal domains, and whenever I try to dig some records or have dnsdist use them as upstream servers I’am getting a FORMERR.
>> I don’t have a chance to get this fixed on Windows side and don’t wanna intervene to avoid trouble with the Windows admins.
>>
>> To get some results with dig I could use either +noedns or +nocookie, but is there a way to inject these kind of options in the request from dnsdist to the Windows DNS?
>
> That's actually rather surprising to me that you're seeing that; I have
> Windows 2k19 upstream here (functional 2k12R2) and I can't reproduce. It
> sounds like they may be legitimately broken - or more likely have some
> sort of broken load-balancer out front.
>
> You can use DisableECSAction() / dq.useECS to disable ECS globally, but
> that's probably not what you're looking for. Have you tried adding
> 'useClientSubnet=false' to the newServers() entry for the AD DNS pool?
>
> -Phil
More information about the dnsdist
mailing list