[dnsdist] nsupdate passing through dnsdist gets dropped by pdns
Remi Gacogne
remi.gacogne at powerdns.com
Wed Jan 6 16:43:26 UTC 2021
Hi Darac,
On 1/6/21 5:35 PM, Darac Marjal via dnsdist wrote:
> Watching messages on the webserver, I can see that the "DNSOpcode.Update
> -> auth" rule is applied, but then the number of "Drops" on the auth
> server increments. On the pdns webmonitor "Remote hosts sending corrupt
> packets" also increments. After a few seconds, the nsupdate times out.
>
> Can anyone spot something I've done wrong, or suggest how I can go about
> debugging this further (I can't seem to figure out, for example, why
> pdns thinks the packet is corrupt).
This indeed suggests that dnsdist might be corrupting the packet
somehow, perhaps by adding the EDNS Client Subnet payload. Is there any
chance you could have a look at the packet sent from dnsdist to the
Authoritative Server, using for example tcpdump?
I am not aware of any issue of that type in 1.5.1 but we have had bugs
in that area before, so perhaps one remains?
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
More information about the dnsdist
mailing list