[dnsdist] Matching corrupt DNS queries?
remi.gacogne at powerdns.com
Mon Aug 14 15:07:40 UTC 2023
On 13/08/2023 13:07, Jacob Bunk Nielsen via dnsdist wrote:
> We are sometimes seeing UDP DNS queries that come in with the TC flag
> set to true. That doesn't make sense to send such queries as the client
> should of course just make that query over TCP.
> But how do I match those queries in dnsdist? The DNSHeader class has a
> :setTC() function, but not a :getTC() function.
Right, it was indeed missing.  adds it, and will likely be backported
> Also, it would be great
> to have a generic way to match on header flags like you can do on e.g.
> query types.
> Something like:
> HeaderRule(DNSFlags.TC, true)
> or similar, but I don't find anything like this in the docs.
I don't think we have such a rule yet, and I would gladly add it to
dnsdist. Would you mind opening a feature request so it doesn't get
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the dnsdist