[dnsdist] dnsdist 1.5.1 doh + options bug ?

Dave Knight dave at knig.ht
Tue Oct 6 00:14:04 UTC 2020 

Hello all,

Recently started exploring dnsdist and joined the mail list just today.

I'd been playing with DoT and DoH in 1.4.0 without problems. Since switching to 1.5.0 and now 1.5.1 I have problems with DoH.

I did some fiddling in the config and found that DoH doesn't work for a listener configured where addDOHLocal has { options }.

Is this a bug, or am I doing something stupid ? :-)



Running on 

root at dnsdist-21vzgq2:# dnsdist --version 

dnsdist 1.5.1 (Lua 5.3.3)
Enabled features: dns-over-tls(gnutls openssl) dns-over-https(DOH) ebpf fstrm ipcipher protobuf recvmmsg/sendmmsg systemd

root at dnsdist-21vzgq2:# lsb_release -a 

No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.1 LTS
Release:	20.04
Codename:	focal


I scripted testing various config changes

# for version in 1 2 3 4 ; do
	echo === $version ===
	echo
	ln -sf dnsdist.conf.${version} dnsdist.conf
	systemctl restart dnsdist
	cat dnsdist.conf
	echo
	doh -k www.example.com https://[::1]/dns-query
	echo
done 

=== 1 ===

newServer({ address="8.8.8.8",
           qps=100000,
           useClientSubnet=true
         })

setServerPolicy(firstAvailable)

setACL({ '0.0.0.0/0', '::0/0' })

addDOHLocal( '[::1]:443',
            '/etc/ssl/certs/bigalsfancydns.com.pem',
            '/etc/ssl/private/bigalsfancydns.com.key',
            { reusePort=True } )

Probe for AAAA got response: 404
Probe for A got response: 404

=== 2 ===

newServer({ address="8.8.8.8",
           qps=100000,
           useClientSubnet=true
         })

setServerPolicy(firstAvailable)

setACL({ '0.0.0.0/0', '::0/0' })

addDOHLocal( '[::1]:443',
            '/etc/ssl/certs/bigalsfancydns.com.pem',
            '/etc/ssl/private/bigalsfancydns.com.key',
            { reusePort=False } )

Probe for AAAA got response: 404
Probe for A got response: 404

=== 3 ===

newServer({ address="8.8.8.8",
           qps=100000,
           useClientSubnet=true
         })

setServerPolicy(firstAvailable)

setACL({ '0.0.0.0/0', '::0/0' })

addDOHLocal( '[::1]:443',
            '/etc/ssl/certs/bigalsfancydns.com.pem',
            '/etc/ssl/private/bigalsfancydns.com.key',
            { } )

Probe for A got response: 404
Probe for AAAA got response: 404

=== 4 ===

newServer({ address="8.8.8.8",
           qps=100000,
           useClientSubnet=true
         })

setServerPolicy(firstAvailable)

setACL({ '0.0.0.0/0', '::0/0' })

addDOHLocal( '[::1]:443',
            '/etc/ssl/certs/bigalsfancydns.com.pem',
            '/etc/ssl/private/bigalsfancydns.com.key' )

[www.example.com]
TTL: 20767 seconds
A: 93.184.216.34
AAAA: 2606:2800:0220:0001:0248:1893:25c8:1946

More information about the dnsdist mailing list