[dnsdist] DOH configuration issue
Otto Moerbeek
otto at drijf.net
Sun Mar 19 20:06:15 UTC 2023
On Sun, Mar 19, 2023 at 04:54:19PM +0100, Chandra via dnsdist wrote:
> Hello all,
>
> I am trying to configure DOH over HTTP and I can't seem to figure out what I'm doing wrong. I have a nginx proxying the incoming request and don't need it on HTTPS. Here's my config
>
> *--- doh over http*
> setACL({"0.0.0.0/0", "::/0"})
> addLocal('0.0.0.0:7070')
> webserver("127.0.0.1:8083")
>
> newServer({address="1.1.1.1", pool="pub-unsafe-tier1",name="cloudflare"})
> newServer({address="8.8.8.8", pool="pub-unsafe-tier1",name="google"})
> newServer({address="194.242.2.2",pool="pub-safe-tier1",name="mullvad-noadblock",checkInterval=60})
> newServer({address="84.200.69.80", pool="pub-safe-tier2",name="dnswatch1",checkInterval=60})
> newServer({address="84.200.70.40", pool="pub-safe-tier2",name="dnswatch2",checkInterval=60})
>
>
> addDOHLocal("0.0.0.0:9090",nil,nil, "/dns-query", { reusePort=true, trustForwardedForHeader=true })
> ```
>
> When testing on the locally, here's what I get:
>
> $ curl -H 'accept: application/dns-message' 'http://localhost:9090/dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB'
>
> dns query not allowed
>
> $ ...
>
>
> Where am I going wrong?
You have no policy defined. The default policy is to send packets to
the default pool (named ""). Your default pool is empty. So the query
gets refused, since no policy applies.
-Otto
More information about the dnsdist
mailing list