[dnsdist] dnsdist 1.7 : allow only A request
Remi Gacogne
remi.gacogne at powerdns.com
Fri Mar 17 16:03:37 UTC 2023
Hi,
On 17/03/2023 16:23, david n via dnsdist wrote:
> BUT : for the "any" request I have this result, and I don't know if it can produce something bad, have you any idea ?
>
> [root at node ~]# dig any www.toto.com @X.X.X.X
> ;; communications error to X.X.X.X#53: end of file
> ;; communications error to X.X.X.X#53: end of file
dig defaults to sending ANY queries over TCP, instead of UDP, and here
dnsdist closes the TCP connection as soon as the query is dropped,
triggering the message you are seeing. It's not clear to me why the
connection is dropped from your configuration, though, have you shared
the actual configuration?
dnsdist could keep the TCP connection around instead but it would be too
nice, because timeouts over TCP are usually quite longer than over UDP
and the connection would just sit there, consuming socket descriptors
for nothing.
Hope that helps,
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20230317/14467201/attachment.sig>
More information about the dnsdist
mailing list