[Pdns-dev] (no subject)

Burak Ozalp burak.ozalp at metu.edu.tr
Wed Aug 26 07:50:47 CEST 2015


In another terminal i run the following command;

dnsdist --local 0.0.0.0:53 192.168.0.1

Is it wrong ?

Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>

> Did you put dnsdist in front of powerdns instance? Is it listening on
> 127.0.0.1:53?
>
> Aki
>
> On Tue, Aug 25, 2015 at 04:39:55PM +0300, Burak Ozalp wrote:
>> This is my dig output;
>> dig google.com @127.0.0.1
>> ; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> google.com @127.0.0.1
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2143
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;google.com.                    IN      A
>>
>> ;; ANSWER SECTION:
>> google.com.             167     IN      A       216.58.209.14
>>
>> ;; AUTHORITY SECTION:
>> google.com.             30662   IN      NS      ns4.google.com.
>> google.com.             30662   IN      NS      ns1.google.com.
>> google.com.             30662   IN      NS      ns2.google.com.
>> google.com.             30662   IN      NS      ns3.google.com.
>>
>> ;; ADDITIONAL SECTION:
>> ns1.google.com.         30944   IN      A       216.239.32.10
>> ns2.google.com.         10757   IN      A       216.239.34.10
>> ns3.google.com.         12219   IN      A       216.239.36.10
>> ns4.google.com.         40489   IN      A       216.239.38.10
>>
>> ;; Query time: 17 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Tue Aug 25 16:16:23 EEST 2015
>> ;; MSG SIZE  rcvd: 191
>>
>>
>> Alinti bert hubert <bert.hubert at powerdns.com>
>>
>> >Does it print out anything at all?
>> >
>> >Can you show a 'dig' command that shows TC:0 response and no fallback to
>> >TCP/IP?
>> >
>> >Thanks!
>> >
>> >On Tue, Aug 25, 2015 at 02:52:33PM +0300, Burak Ozalp wrote:
>> >>Dear Bert;
>> >>
>> >>Firstly, thanks a lot for fast and illustrative replies. i learned a
>> >>lot of things. But i have a problem again :(
>> >>I change the dnsdistconf.lua file blockfilter() function as:
>> >>function blockFilter(remote, qname, qtype, dh)
>> >>
>> >>     print("any query, tc=1")
>> >>     dh:setTC(true)
>> >>	 dh:setQR(true)
>> >>
>> >>	 if(qname:isPartOf(block))
>> >>	 then
>> >>		print("Blocking *.powerdns.org")
>> >>		return true
>> >>	 end
>> >>	 return false
>> >>end
>> >>
>> >>then i did re-installation and run dnsdist. However, nothing is changed..
>> >>
>> >>
>> >>
>> >>
>> >>Alinti bert hubert <bert.hubert at powerdns.com>
>> >>
>> >>>sent from the wrong account first, sorry.
>> >>>
>> >>>>Begin forwarded message:
>> >>>>
>> >>>>Subject: Re: [Pdns-dev] How to set PowerDNS Server with option  
>> any-to-tcp
>> >>>>From: bert hubert <bert.hubert at netherlabs.nl>
>> >>>>Date: 25 Aug 2015 12:39:05 CEST
>> >>>>Cc: Aki Tuomi <cmouse at youzen.ext.b2.fi>, pdns-dev at mailman.powerdns.com
>> >>>>To: Burak Ozalp <burak.ozalp at metu.edu.tr>
>> >>>>
>> >>>>
>> >>>>>On 25 Aug 2015, at 12:24, Burak Ozalp <burak.ozalp at metu.edu.tr> wrote:
>> >>>>>
>> >>>>>Thanks Bert,
>> >>>>>
>> >>>>>I installed dnsdist. with addAnyTCRule() i can easily do pdns
>> >>>>>any-to-tcp(). However, i couldn't manage to do for all types
>> >>>>>of queries. Should I patch the conf file ?
>> >>>>
>> >>>>
>> >>>>Hi Burak,
>> >>>>
>> >>>>Try:
>> >>>>
>> >>>>"The blockFilter() also gets passed read/writable copy of the
>> >>>>DNS Header. If you invoke setQR(1) on that, dnsdist knows you
>> >>>>turned the packet into a response, and will send the answer
>> >>>>directly to the original client.
>> >>>>
>> >>>>If you also called setTC(1), this will tell the remote client to
>> >>>>move to TCP/IP, and in this way you can implement ANY-to-TCP
>> >>>>even for downstream servers that lack this feature.?
>> >>>>
>> >>>>See:  
>> https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#any-or-whatever-to-tc
>> >>>>
>> >>>>
>> >>>>just call setQR(1) and setTC(1) on the header field of
>> >>>>blockFilter() and you are done.
>> >>>>
>> >>>>Good luck!
>> >>>>
>> >>>>
>> >>>>
>> >>>>>
>> >>>>>Best Regards
>> >>>>>Burak Ozalp
>> >>>>>
>> >>>>>Alinti bert hubert <bert.hubert at powerdns.com>
>> >>>>>
>> >>>>>>Hi Burak,
>> >>>>>>
>> >>>>>>dnsdist can do this easily, please see http://dnsdist.org/
>> >>>>>>for more details.
>> >>>>>>It can set TC on any criterium.
>> >>>>>>
>> >>>>>>Good luck!
>> >>>>>>
>> >>>>>>	Bert
>> >>>>>>
>> >>>>>>On Tue, Aug 25, 2015 at 09:59:12AM +0300, Burak Ozalp wrote:
>> >>>>>>>Dear Tuomi,
>> >>>>>>>
>> >>>>>>>Yes it works.Does it possible to force all UDP request with
>> >>>>>>>truncated packet, and force all to use TCP ?
>> >>>>>>>
>> >>>>>>>Best Regards
>> >>>>>>>Burak Ozalp
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
>> >>>>>>>
>> >>>>>>>>On Mon, Aug 24, 2015 at 03:36:02PM +0300, Burak Ozalp wrote:
>> >>>>>>>>>I install PowerDNS with MySql backend from here.I would like to set
>> >>>>>>>>>any-to-tcp=yes for PowerDNS Server. I tried to configure
>> >>>>>>>>>/etc/powerdns/pdns.conf file and add a line "any-to-tcp=yes". This
>> >>>>>>>>>option should reject UDP request from client and force to use tcp.
>> >>>>>>>>>But when i run dig @127.0.0.1 it doesn't set the truncated bit in
>> >>>>>>>>>response, so it doesn't work.
>> >>>>>>>>>
>> >>>>>>>>>How to set correctly any-to-tcp option ?
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>>It only truncates ANY query, try dig any domain.com @localhost
>> >>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>_______________________________________________
>> >>>>>>>>>Pdns-dev mailing list
>> >>>>>>>>>Pdns-dev at mailman.powerdns.com
>> >>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>_______________________________________________
>> >>>>>>>Pdns-dev mailing list
>> >>>>>>>Pdns-dev at mailman.powerdns.com
>> >>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>> >>>>>>>
>> >>>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>
>> >>>
>> >>>
>> >>
>> >>
>> >>
>> >>
>> >
>>
>>
>>
>>
>> _______________________________________________
>> Pdns-dev mailing list
>> Pdns-dev at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>>
>






More information about the Pdns-dev mailing list