[dnsdist] Matching corrupt DNS queries?
Remi Gacogne
remi.gacogne at powerdns.com
Mon Aug 14 15:07:40 UTC 2023
Hi Jacob,
On 13/08/2023 13:07, Jacob Bunk Nielsen via dnsdist wrote:
> We are sometimes seeing UDP DNS queries that come in with the TC flag
> set to true. That doesn't make sense to send such queries as the client
> should of course just make that query over TCP.
>
> But how do I match those queries in dnsdist? The DNSHeader class has a
> :setTC() function, but not a :getTC() function.
Right, it was indeed missing. [1] adds it, and will likely be backported
to 1.8.x.
> Also, it would be great
> to have a generic way to match on header flags like you can do on e.g.
> query types.
>
> Something like:
>
> HeaderRule(DNSFlags.TC, true)
>
> or similar, but I don't find anything like this in the docs.
I don't think we have such a rule yet, and I would gladly add it to
dnsdist. Would you mind opening a feature request so it doesn't get
forgotten?
[1]: https://github.com/PowerDNS/pdns/pull/13135
Cheers,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20230814/52af46bc/attachment.sig>
More information about the dnsdist
mailing list