[dnsdist] addAction OpCode Iquery

Thu Nov 16 03:37:03 UTC 2023

Hello!

We have a couple of dnsdist (Old an not so new).

When moving traffic from dnsdist 1.4.0 to 1.6.1 we noticed the following.

Queries with opcode 1 (DNSOpcode.IQuery) are being ignored (droped?) on 1.4
But 1.6.1 answers NOT implemented.

We don't know which is the reason for this queries, but in the not
implemented scenario these queries are retried for a couple of minutes,
hundreds or thousands per second by some devices.

Trying  to stop this, we created a rule to drop them but it's not working:
 addAction(OpcodeRule(DNSOpcode.IQuery),DropAction())
the same with opcode Query works.

#   Name                             Matches Rule
                          Action
0                                          0 opcode==1
                           no op
1                                     191722 opcode==0
                           no op

There is some preprocessing before the rules which answers not implemented?

There is any option to solve this? If not, we will try with iptables.

Thanks in advance!

Nico
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20231116/43c453b7/attachment.htm>