[dnsdist] TCP / UDP backend queries

Remi Gacogne remi.gacogne at powerdns.com
Fri Sep 30 13:23:22 UTC 2022

Hi Thibaud,

On 30/09/2022 15:18, Thib D via dnsdist wrote:
> Use case here is for authoritative DNS, not DoH.
> As far as my understanding goes (and backed up by a tcpdump test),
> a UDP query on the frontend will result on a UDP query to the backend 
> server, and a TCP query on the frontend will result on a TCP query to 
> the backend.

That's correct.
> Is there a way to force dnsdist to make UDP queries to the backend or is 
> this just not possible?

I'm afraid it's currently not possible to force dnsdist to make an 
outgoing query over UDP when the incoming query was received over TCP 
(the opposite is possible since 1.7.0 with the tcpOnly option on newServer).
I do not really want to implement that since the client would be 
confused by TC=1 replies received over TCP, DoT or DoH.
I am instead  considering implementing a mode where all outgoing queries 
are sent over UDP by default, only falling back to TCP if the answer is 
truncated, but this will not be before 1.9 so somewhere next year.

Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20220930/4b4a628e/attachment.sig>

More information about the dnsdist mailing list