[dnsdist] DOH configuration issue

Otto Moerbeek otto at drijf.net
Sun Mar 19 20:06:15 UTC 2023


On Sun, Mar 19, 2023 at 04:54:19PM +0100, Chandra via dnsdist wrote:

> Hello all,
> 
> I am trying to configure DOH over HTTP and I can't seem to figure out what I'm doing wrong. I have a nginx proxying the incoming request and don't need it on HTTPS.  Here's my config
> 
> *--- doh over http*
> setACL({"0.0.0.0/0", "::/0"})
> addLocal('0.0.0.0:7070')
> webserver("127.0.0.1:8083")
> 
> newServer({address="1.1.1.1", pool="pub-unsafe-tier1",name="cloudflare"})
> newServer({address="8.8.8.8", pool="pub-unsafe-tier1",name="google"})
> newServer({address="194.242.2.2",pool="pub-safe-tier1",name="mullvad-noadblock",checkInterval=60})
> newServer({address="84.200.69.80", pool="pub-safe-tier2",name="dnswatch1",checkInterval=60})
> newServer({address="84.200.70.40", pool="pub-safe-tier2",name="dnswatch2",checkInterval=60})
> 
> 
> addDOHLocal("0.0.0.0:9090",nil,nil, "/dns-query", { reusePort=true, trustForwardedForHeader=true })
> ```
> 
> When testing on the  locally, here's what I get:
> 
> $ curl  -H 'accept: application/dns-message'  'http://localhost:9090/dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB'
> 
> dns query not allowed
> 
> $ ...
> 
> 
> Where am I going wrong?

You have no policy defined. The default policy is to send packets to
the default pool (named ""). Your default pool is empty.  So the query
gets refused, since no policy applies.

	-Otto


More information about the dnsdist mailing list