[dnsdist] dnsdist 1.7 : allow only A request

Remi Gacogne remi.gacogne at powerdns.com
Fri Mar 17 16:03:37 UTC 2023


On 17/03/2023 16:23, david n via dnsdist wrote:
> BUT : for the "any" request I have this result, and I don't know if it can produce something bad, have you any idea ?
> [root at node ~]# dig any www.toto.com @X.X.X.X
> ;; communications error to X.X.X.X#53: end of file
> ;; communications error to X.X.X.X#53: end of file

dig defaults to sending ANY queries over TCP, instead of UDP, and here 
dnsdist closes the TCP connection as soon as the query is dropped, 
triggering the message you are seeing. It's not clear to me why the 
connection is dropped from your configuration, though, have you shared 
the actual configuration?

dnsdist could keep the TCP connection around instead but it would be too 
nice, because timeouts over TCP are usually quite longer than over UDP 
and the connection would just sit there, consuming socket descriptors 
for nothing.

Hope that helps,

Best regards,
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20230317/14467201/attachment.sig>

More information about the dnsdist mailing list