[Pdns-dev] (no subject)

Aki Tuomi cmouse at youzen.ext.b2.fi
Wed Aug 26 08:03:10 CEST 2015


Well, technically if you are already listening on 192.168.0.1:53 
you cannot bind on 0.0.0.0:53 on *same* host.

Aki

On Wed, Aug 26, 2015 at 08:50:47AM +0300, Burak Ozalp wrote:
> In another terminal i run the following command;
> 
> dnsdist --local 0.0.0.0:53 192.168.0.1
> 
> Is it wrong ?
> 
> Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
> 
> >Did you put dnsdist in front of powerdns instance? Is it listening on
> >127.0.0.1:53?
> >
> >Aki
> >
> >On Tue, Aug 25, 2015 at 04:39:55PM +0300, Burak Ozalp wrote:
> >>This is my dig output;
> >>dig google.com @127.0.0.1
> >>; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> google.com @127.0.0.1
> >>;; global options: +cmd
> >>;; Got answer:
> >>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2143
> >>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
> >>
> >>;; OPT PSEUDOSECTION:
> >>; EDNS: version: 0, flags:; udp: 4096
> >>;; QUESTION SECTION:
> >>;google.com.                    IN      A
> >>
> >>;; ANSWER SECTION:
> >>google.com.             167     IN      A       216.58.209.14
> >>
> >>;; AUTHORITY SECTION:
> >>google.com.             30662   IN      NS      ns4.google.com.
> >>google.com.             30662   IN      NS      ns1.google.com.
> >>google.com.             30662   IN      NS      ns2.google.com.
> >>google.com.             30662   IN      NS      ns3.google.com.
> >>
> >>;; ADDITIONAL SECTION:
> >>ns1.google.com.         30944   IN      A       216.239.32.10
> >>ns2.google.com.         10757   IN      A       216.239.34.10
> >>ns3.google.com.         12219   IN      A       216.239.36.10
> >>ns4.google.com.         40489   IN      A       216.239.38.10
> >>
> >>;; Query time: 17 msec
> >>;; SERVER: 127.0.0.1#53(127.0.0.1)
> >>;; WHEN: Tue Aug 25 16:16:23 EEST 2015
> >>;; MSG SIZE  rcvd: 191
> >>
> >>
> >>Alinti bert hubert <bert.hubert at powerdns.com>
> >>
> >>>Does it print out anything at all?
> >>>
> >>>Can you show a 'dig' command that shows TC:0 response and no fallback to
> >>>TCP/IP?
> >>>
> >>>Thanks!
> >>>
> >>>On Tue, Aug 25, 2015 at 02:52:33PM +0300, Burak Ozalp wrote:
> >>>>Dear Bert;
> >>>>
> >>>>Firstly, thanks a lot for fast and illustrative replies. i learned a
> >>>>lot of things. But i have a problem again :(
> >>>>I change the dnsdistconf.lua file blockfilter() function as:
> >>>>function blockFilter(remote, qname, qtype, dh)
> >>>>
> >>>>     print("any query, tc=1")
> >>>>     dh:setTC(true)
> >>>>	 dh:setQR(true)
> >>>>
> >>>>	 if(qname:isPartOf(block))
> >>>>	 then
> >>>>		print("Blocking *.powerdns.org")
> >>>>		return true
> >>>>	 end
> >>>>	 return false
> >>>>end
> >>>>
> >>>>then i did re-installation and run dnsdist. However, nothing is changed..
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>Alinti bert hubert <bert.hubert at powerdns.com>
> >>>>
> >>>>>sent from the wrong account first, sorry.
> >>>>>
> >>>>>>Begin forwarded message:
> >>>>>>
> >>>>>>Subject: Re: [Pdns-dev] How to set PowerDNS Server with
> >>option any-to-tcp
> >>>>>>From: bert hubert <bert.hubert at netherlabs.nl>
> >>>>>>Date: 25 Aug 2015 12:39:05 CEST
> >>>>>>Cc: Aki Tuomi <cmouse at youzen.ext.b2.fi>, pdns-dev at mailman.powerdns.com
> >>>>>>To: Burak Ozalp <burak.ozalp at metu.edu.tr>
> >>>>>>
> >>>>>>
> >>>>>>>On 25 Aug 2015, at 12:24, Burak Ozalp <burak.ozalp at metu.edu.tr> wrote:
> >>>>>>>
> >>>>>>>Thanks Bert,
> >>>>>>>
> >>>>>>>I installed dnsdist. with addAnyTCRule() i can easily do pdns
> >>>>>>>any-to-tcp(). However, i couldn't manage to do for all types
> >>>>>>>of queries. Should I patch the conf file ?
> >>>>>>
> >>>>>>
> >>>>>>Hi Burak,
> >>>>>>
> >>>>>>Try:
> >>>>>>
> >>>>>>"The blockFilter() also gets passed read/writable copy of the
> >>>>>>DNS Header. If you invoke setQR(1) on that, dnsdist knows you
> >>>>>>turned the packet into a response, and will send the answer
> >>>>>>directly to the original client.
> >>>>>>
> >>>>>>If you also called setTC(1), this will tell the remote client to
> >>>>>>move to TCP/IP, and in this way you can implement ANY-to-TCP
> >>>>>>even for downstream servers that lack this feature.?
> >>>>>>
> >>>>>>See: https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#any-or-whatever-to-tc
> >>>>>>
> >>>>>>
> >>>>>>just call setQR(1) and setTC(1) on the header field of
> >>>>>>blockFilter() and you are done.
> >>>>>>
> >>>>>>Good luck!
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>
> >>>>>>>Best Regards
> >>>>>>>Burak Ozalp
> >>>>>>>
> >>>>>>>Alinti bert hubert <bert.hubert at powerdns.com>
> >>>>>>>
> >>>>>>>>Hi Burak,
> >>>>>>>>
> >>>>>>>>dnsdist can do this easily, please see http://dnsdist.org/
> >>>>>>>>for more details.
> >>>>>>>>It can set TC on any criterium.
> >>>>>>>>
> >>>>>>>>Good luck!
> >>>>>>>>
> >>>>>>>>	Bert
> >>>>>>>>
> >>>>>>>>On Tue, Aug 25, 2015 at 09:59:12AM +0300, Burak Ozalp wrote:
> >>>>>>>>>Dear Tuomi,
> >>>>>>>>>
> >>>>>>>>>Yes it works.Does it possible to force all UDP request with
> >>>>>>>>>truncated packet, and force all to use TCP ?
> >>>>>>>>>
> >>>>>>>>>Best Regards
> >>>>>>>>>Burak Ozalp
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
> >>>>>>>>>
> >>>>>>>>>>On Mon, Aug 24, 2015 at 03:36:02PM +0300, Burak Ozalp wrote:
> >>>>>>>>>>>I install PowerDNS with MySql backend from here.I would like to set
> >>>>>>>>>>>any-to-tcp=yes for PowerDNS Server. I tried to configure
> >>>>>>>>>>>/etc/powerdns/pdns.conf file and add a line "any-to-tcp=yes". This
> >>>>>>>>>>>option should reject UDP request from client and force to use tcp.
> >>>>>>>>>>>But when i run dig @127.0.0.1 it doesn't set the truncated bit in
> >>>>>>>>>>>response, so it doesn't work.
> >>>>>>>>>>>
> >>>>>>>>>>>How to set correctly any-to-tcp option ?
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>It only truncates ANY query, try dig any domain.com @localhost
> >>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>_______________________________________________
> >>>>>>>>>>>Pdns-dev mailing list
> >>>>>>>>>>>Pdns-dev at mailman.powerdns.com
> >>>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>_______________________________________________
> >>>>>>>>>Pdns-dev mailing list
> >>>>>>>>>Pdns-dev at mailman.powerdns.com
> >>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>
> >>
> >>
> >>
> >>_______________________________________________
> >>Pdns-dev mailing list
> >>Pdns-dev at mailman.powerdns.com
> >>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
> >>
> >
> 
> 
> 
> 



More information about the Pdns-dev mailing list