[dnsdist] dnstap shows UDP for a DoH-query
Tom
lists at verreckte-cheib.ch
Mon Jun 14 12:41:40 UTC 2021
Hi
I'm logging dnsdist queries/responses with newFrameStreamUnixLogger to a
unix socket, where fstrm_capture takes the data and write it to a
fstrm-file.
When querying dnsdist with DoH (TCP), then my fstrm-log shows UDP (see
below).
$ dnstap-read -p 2021-06-13-dnstap.fstrm
...
...
14-Jun-2021 14:19:30.058 CQ x.x.x.x:44749 -> y.y.y.y:443 UDP 51b
google.com/IN/A
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1015
;; flags: rd ad; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 1f5e39ad95e85cd8
;; QUESTION SECTION:
;google.com. IN A
14-Jun-2021 14:19:30.059 CR x.x.x.x:44749 <- y.y.y.y:443 UDP 83b
google.com/IN/A
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1015
;; flags: qr rd ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 1f5e39ad95e85cd80100000060c74952f681b113fec0d503
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 266 IN A 216.58.215.238
...
...
My question is:
Why do I see the protocol "UDP" in the fstrm-log for a DoH request,
although I am sure (tcpdump) that this request was made with tcp? Maybe
because dnsdist queries the backend server with UDP for the DoH request?
Many thanks for any explanations.
Kind regards,
Tom
More information about the dnsdist
mailing list