[Pdns-dev] (no subject)
Burak Ozalp
burak.ozalp at metu.edu.tr
Tue Aug 25 15:39:55 CEST 2015
This is my dig output;
dig google.com @127.0.0.1
; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> google.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2143
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 167 IN A 216.58.209.14
;; AUTHORITY SECTION:
google.com. 30662 IN NS ns4.google.com.
google.com. 30662 IN NS ns1.google.com.
google.com. 30662 IN NS ns2.google.com.
google.com. 30662 IN NS ns3.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 30944 IN A 216.239.32.10
ns2.google.com. 10757 IN A 216.239.34.10
ns3.google.com. 12219 IN A 216.239.36.10
ns4.google.com. 40489 IN A 216.239.38.10
;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Aug 25 16:16:23 EEST 2015
;; MSG SIZE rcvd: 191
Alinti bert hubert <bert.hubert at powerdns.com>
> Does it print out anything at all?
>
> Can you show a 'dig' command that shows TC:0 response and no fallback to
> TCP/IP?
>
> Thanks!
>
> On Tue, Aug 25, 2015 at 02:52:33PM +0300, Burak Ozalp wrote:
>> Dear Bert;
>>
>> Firstly, thanks a lot for fast and illustrative replies. i learned a
>> lot of things. But i have a problem again :(
>> I change the dnsdistconf.lua file blockfilter() function as:
>> function blockFilter(remote, qname, qtype, dh)
>>
>> print("any query, tc=1")
>> dh:setTC(true)
>> dh:setQR(true)
>>
>> if(qname:isPartOf(block))
>> then
>> print("Blocking *.powerdns.org")
>> return true
>> end
>> return false
>> end
>>
>> then i did re-installation and run dnsdist. However, nothing is changed..
>>
>>
>>
>>
>> Alinti bert hubert <bert.hubert at powerdns.com>
>>
>> >sent from the wrong account first, sorry.
>> >
>> >>Begin forwarded message:
>> >>
>> >>Subject: Re: [Pdns-dev] How to set PowerDNS Server with option any-to-tcp
>> >>From: bert hubert <bert.hubert at netherlabs.nl>
>> >>Date: 25 Aug 2015 12:39:05 CEST
>> >>Cc: Aki Tuomi <cmouse at youzen.ext.b2.fi>, pdns-dev at mailman.powerdns.com
>> >>To: Burak Ozalp <burak.ozalp at metu.edu.tr>
>> >>
>> >>
>> >>>On 25 Aug 2015, at 12:24, Burak Ozalp <burak.ozalp at metu.edu.tr> wrote:
>> >>>
>> >>>Thanks Bert,
>> >>>
>> >>>I installed dnsdist. with addAnyTCRule() i can easily do pdns
>> >>>any-to-tcp(). However, i couldn't manage to do for all types
>> >>>of queries. Should I patch the conf file ?
>> >>
>> >>
>> >>Hi Burak,
>> >>
>> >>Try:
>> >>
>> >>"The blockFilter() also gets passed read/writable copy of the
>> >>DNS Header. If you invoke setQR(1) on that, dnsdist knows you
>> >>turned the packet into a response, and will send the answer
>> >>directly to the original client.
>> >>
>> >>If you also called setTC(1), this will tell the remote client to
>> >>move to TCP/IP, and in this way you can implement ANY-to-TCP
>> >>even for downstream servers that lack this feature.?
>> >>
>> >>See:
>> https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#any-or-whatever-to-tc
>> >>
>> >>
>> >>just call setQR(1) and setTC(1) on the header field of
>> >>blockFilter() and you are done.
>> >>
>> >>Good luck!
>> >>
>> >>
>> >>
>> >>>
>> >>>Best Regards
>> >>>Burak Ozalp
>> >>>
>> >>>Alinti bert hubert <bert.hubert at powerdns.com>
>> >>>
>> >>>>Hi Burak,
>> >>>>
>> >>>>dnsdist can do this easily, please see http://dnsdist.org/
>> >>>>for more details.
>> >>>>It can set TC on any criterium.
>> >>>>
>> >>>>Good luck!
>> >>>>
>> >>>> Bert
>> >>>>
>> >>>>On Tue, Aug 25, 2015 at 09:59:12AM +0300, Burak Ozalp wrote:
>> >>>>>Dear Tuomi,
>> >>>>>
>> >>>>>Yes it works.Does it possible to force all UDP request with
>> >>>>>truncated packet, and force all to use TCP ?
>> >>>>>
>> >>>>>Best Regards
>> >>>>>Burak Ozalp
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
>> >>>>>
>> >>>>>>On Mon, Aug 24, 2015 at 03:36:02PM +0300, Burak Ozalp wrote:
>> >>>>>>>I install PowerDNS with MySql backend from here.I would like to set
>> >>>>>>>any-to-tcp=yes for PowerDNS Server. I tried to configure
>> >>>>>>>/etc/powerdns/pdns.conf file and add a line "any-to-tcp=yes". This
>> >>>>>>>option should reject UDP request from client and force to use tcp.
>> >>>>>>>But when i run dig @127.0.0.1 it doesn't set the truncated bit in
>> >>>>>>>response, so it doesn't work.
>> >>>>>>>
>> >>>>>>>How to set correctly any-to-tcp option ?
>> >>>>>>>
>> >>>>>>
>> >>>>>>It only truncates ANY query, try dig any domain.com @localhost
>> >>>>>>
>> >>>>>>>
>> >>>>>>>_______________________________________________
>> >>>>>>>Pdns-dev mailing list
>> >>>>>>>Pdns-dev at mailman.powerdns.com
>> >>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>> >>>>>>>
>> >>>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>_______________________________________________
>> >>>>>Pdns-dev mailing list
>> >>>>>Pdns-dev at mailman.powerdns.com
>> >>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>> >>>>>
>> >>>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>
>> >
>> >
>>
>>
>>
>>
>
More information about the Pdns-dev
mailing list