[Pdns-dev] (no subject)
bert hubert
bert.hubert at powerdns.com
Tue Aug 25 14:52:41 CEST 2015
Does it print out anything at all?
Can you show a 'dig' command that shows TC:0 response and no fallback to
TCP/IP?
Thanks!
On Tue, Aug 25, 2015 at 02:52:33PM +0300, Burak Ozalp wrote:
> Dear Bert;
>
> Firstly, thanks a lot for fast and illustrative replies. i learned a
> lot of things. But i have a problem again :(
> I change the dnsdistconf.lua file blockfilter() function as:
> function blockFilter(remote, qname, qtype, dh)
>
> print("any query, tc=1")
> dh:setTC(true)
> dh:setQR(true)
>
> if(qname:isPartOf(block))
> then
> print("Blocking *.powerdns.org")
> return true
> end
> return false
> end
>
> then i did re-installation and run dnsdist. However, nothing is changed..
>
>
>
>
> Alinti bert hubert <bert.hubert at powerdns.com>
>
> >sent from the wrong account first, sorry.
> >
> >>Begin forwarded message:
> >>
> >>Subject: Re: [Pdns-dev] How to set PowerDNS Server with option any-to-tcp
> >>From: bert hubert <bert.hubert at netherlabs.nl>
> >>Date: 25 Aug 2015 12:39:05 CEST
> >>Cc: Aki Tuomi <cmouse at youzen.ext.b2.fi>, pdns-dev at mailman.powerdns.com
> >>To: Burak Ozalp <burak.ozalp at metu.edu.tr>
> >>
> >>
> >>>On 25 Aug 2015, at 12:24, Burak Ozalp <burak.ozalp at metu.edu.tr> wrote:
> >>>
> >>>Thanks Bert,
> >>>
> >>>I installed dnsdist. with addAnyTCRule() i can easily do pdns
> >>>any-to-tcp(). However, i couldn't manage to do for all types
> >>>of queries. Should I patch the conf file ?
> >>
> >>
> >>Hi Burak,
> >>
> >>Try:
> >>
> >>"The blockFilter() also gets passed read/writable copy of the
> >>DNS Header. If you invoke setQR(1) on that, dnsdist knows you
> >>turned the packet into a response, and will send the answer
> >>directly to the original client.
> >>
> >>If you also called setTC(1), this will tell the remote client to
> >>move to TCP/IP, and in this way you can implement ANY-to-TCP
> >>even for downstream servers that lack this feature.?
> >>
> >>See: https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#any-or-whatever-to-tc
> >>
> >>
> >>just call setQR(1) and setTC(1) on the header field of
> >>blockFilter() and you are done.
> >>
> >>Good luck!
> >>
> >>
> >>
> >>>
> >>>Best Regards
> >>>Burak Ozalp
> >>>
> >>>Alinti bert hubert <bert.hubert at powerdns.com>
> >>>
> >>>>Hi Burak,
> >>>>
> >>>>dnsdist can do this easily, please see http://dnsdist.org/
> >>>>for more details.
> >>>>It can set TC on any criterium.
> >>>>
> >>>>Good luck!
> >>>>
> >>>> Bert
> >>>>
> >>>>On Tue, Aug 25, 2015 at 09:59:12AM +0300, Burak Ozalp wrote:
> >>>>>Dear Tuomi,
> >>>>>
> >>>>>Yes it works.Does it possible to force all UDP request with
> >>>>>truncated packet, and force all to use TCP ?
> >>>>>
> >>>>>Best Regards
> >>>>>Burak Ozalp
> >>>>>
> >>>>>
> >>>>>
> >>>>>Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
> >>>>>
> >>>>>>On Mon, Aug 24, 2015 at 03:36:02PM +0300, Burak Ozalp wrote:
> >>>>>>>I install PowerDNS with MySql backend from here.I would like to set
> >>>>>>>any-to-tcp=yes for PowerDNS Server. I tried to configure
> >>>>>>>/etc/powerdns/pdns.conf file and add a line "any-to-tcp=yes". This
> >>>>>>>option should reject UDP request from client and force to use tcp.
> >>>>>>>But when i run dig @127.0.0.1 it doesn't set the truncated bit in
> >>>>>>>response, so it doesn't work.
> >>>>>>>
> >>>>>>>How to set correctly any-to-tcp option ?
> >>>>>>>
> >>>>>>
> >>>>>>It only truncates ANY query, try dig any domain.com @localhost
> >>>>>>
> >>>>>>>
> >>>>>>>_______________________________________________
> >>>>>>>Pdns-dev mailing list
> >>>>>>>Pdns-dev at mailman.powerdns.com
> >>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>_______________________________________________
> >>>>>Pdns-dev mailing list
> >>>>>Pdns-dev at mailman.powerdns.com
> >>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
> >>>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>
> >
> >
>
>
>
>
More information about the Pdns-dev
mailing list