[dnsdist] How to force connect via TCP to downstream server?
Andrew Pogrebennyk
andrew.nau.ua at gmail.com
Mon Sep 21 12:33:46 UTC 2020
Hello list,
please ignore my previous mail, ANSI C12.22 was default Wireshark
protocol for port 1153 that we happened to use for DNS.
After decoding this as DNS by creating a wireshark rule I am not able
to see the response (which is actually a Server Failure).
On Mon, Sep 21, 2020 at 8:43 AM Andrew Pogrebennyk
<andrew.nau.ua at gmail.com> wrote:
>
> Hi,
> We have some strange behavior with one kind of server which does not
> respond to healthcheck and I indeed see in Wireshark trace that
> request is formatted as ANSI C12.22, and for whatever reason Wireshark
> does not detect protocol DNS for that one. Maybe this is a valid
> formatted request, I just didn't see it before. Normally dnsdist would
> send the A query to resolve root DNS servers so I am wondering why the
> difference.
>
> Anyway I am testing with UDP now, the server appears as UP because
> healthcheck is disabled. But it seems that we are again doing the
> healthcheck (or whatever it is that appears as ANSI C12.22), before
> sending the query to the downstream DNS according to the configured
> rule and since dnsdist won't receive response to healthcheck it
> doesn't send the actual query. Same behavior on 1.4.0 and 1.5.0
> therefore I was wondering if you have any hints to workaround it.
> I am happy to share the trace if that helps. Thanks in advance.
>
> Regards,
> Andrew
>
>
> On Fri, Sep 4, 2020 at 4:49 PM Andrew Pogrebennyk
> <andrew.nau.ua at gmail.com> wrote:
> >
> > Hello Remi,
> > ok thank you for the very quick response with the hint.
> >
> > Best regards.
> >
> > On Fri, Sep 4, 2020 at 3:00 PM Remi Gacogne via dnsdist
> > <dnsdist at mailman.powerdns.com> wrote:
> > >
> > > Hi Andrew,
> > >
> > > On 9/4/20 2:51 PM, Andrew Pogrebennyk via dnsdist wrote:
> > > > I am using dnsdist as load-balancer because I want specific types of
> > > > queries to be routed to different downstream servers. I have one
> > > > specific server that only responds on TCP (non-standard port) but it is
> > > > immediately marked as down because dnsdist is doing the healthcheck over
> > > > UDP.
> > > >
> > > > So in my example below Enum DNS is only reachable via TCP. Is there a
> > > > way to disable UDP to this server? I've added type = tcp under server,
> > > > but it does not make any difference.
> > > >
> > > > I can't seem to find any documented switch in newServer() for that
> > > > purpose - any ideas why?
> > >
> > > Unfortunately that feature doesn't exist, and I'm not sure it would make
> > > sense to disable UDP in most cases. It would be nice to be able to do
> > > the health checks over TCP, though, but that has not been implemented
> > > yet either.
> > > If you only care about TCP what you could do, however, is to disable the
> > > health check for that backend:
> > >
> > > tcpServ = newServer({
> > > address = "8.8.8.8",
> > > name = "external_dns_1",
> > > pool = "ExternalPool",
> > > type = tcp,
> > > })
> > > tcpServ:setUp()
> > >
> > > Queries sent over TCP will then be forwarded over TCP. Queries received
> > > over UDP will be sent over UDP, as usual, but if you only want TCP to
> > > work that's fine.
> > >
> > > Hope that helps,
> > >
> > > --
> > > Remi Gacogne
> > > PowerDNS.COM BV - https://www.powerdns.com/
> > >
> > > _______________________________________________
> > > dnsdist mailing list
> > > dnsdist at mailman.powerdns.com
> > > https://mailman.powerdns.com/mailman/listinfo/dnsdist
> >
> >
> >
> > --
> > Regards,
> > Andrew
--
Regards,
Andrew
More information about the dnsdist
mailing list