[dnsdist] Matching corrupt DNS queries?

Jacob Bunk Nielsen jacob at bunknielsen.dk
Sun Aug 13 11:07:50 UTC 2023


We are sometimes seeing UDP DNS queries that come in with the TC flag
set to true. That doesn't make sense to send such queries as the client
should of course just make that query over TCP.

But how do I match those queries in dnsdist? The DNSHeader class has a
:setTC() function, but not a :getTC() function. Also, it would be great
to have a generic way to match on header flags like you can do on e.g.
query types.

Something like:

HeaderRule(DNSFlags.TC, true)

or similar, but I don't find anything like this in the docs. Do any of
you do any sort of filtering based on header flags?

Best regards,

More information about the dnsdist mailing list