[Pdns-dev] (no subject)
Burak Ozalp
burak.ozalp at metu.edu.tr
Wed Aug 26 08:16:33 CEST 2015
I did not run " sudo service pdns start", so i didn't bind 0.0.0.0:53
on same host. Also i can run addAnyTCRule() perfectly, and it rejects
ANY queries well
(i.e;root at burak-desktop:/home/burak# dig any google.com @127.0.0.1
;; Truncated, retrying in TCP mode.
;; communications error: end of file).
My main problem is that i couldn't manage to work dnsdistconf.lua as I
want even if with the command ( dnsdist --local 0.0.0.0:53 192.168.0.1
--config dnsdistconf.lua ).
Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
> Well, technically if you are already listening on 192.168.0.1:53
> you cannot bind on 0.0.0.0:53 on *same* host.
>
> Aki
>
> On Wed, Aug 26, 2015 at 08:50:47AM +0300, Burak Ozalp wrote:
>> In another terminal i run the following command;
>>
>> dnsdist --local 0.0.0.0:53 192.168.0.1
>>
>> Is it wrong ?
>>
>> Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
>>
>> >Did you put dnsdist in front of powerdns instance? Is it listening on
>> >127.0.0.1:53?
>> >
>> >Aki
>> >
>> >On Tue, Aug 25, 2015 at 04:39:55PM +0300, Burak Ozalp wrote:
>> >>This is my dig output;
>> >>dig google.com @127.0.0.1
>> >>; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> google.com @127.0.0.1
>> >>;; global options: +cmd
>> >>;; Got answer:
>> >>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2143
>> >>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
>> >>
>> >>;; OPT PSEUDOSECTION:
>> >>; EDNS: version: 0, flags:; udp: 4096
>> >>;; QUESTION SECTION:
>> >>;google.com. IN A
>> >>
>> >>;; ANSWER SECTION:
>> >>google.com. 167 IN A 216.58.209.14
>> >>
>> >>;; AUTHORITY SECTION:
>> >>google.com. 30662 IN NS ns4.google.com.
>> >>google.com. 30662 IN NS ns1.google.com.
>> >>google.com. 30662 IN NS ns2.google.com.
>> >>google.com. 30662 IN NS ns3.google.com.
>> >>
>> >>;; ADDITIONAL SECTION:
>> >>ns1.google.com. 30944 IN A 216.239.32.10
>> >>ns2.google.com. 10757 IN A 216.239.34.10
>> >>ns3.google.com. 12219 IN A 216.239.36.10
>> >>ns4.google.com. 40489 IN A 216.239.38.10
>> >>
>> >>;; Query time: 17 msec
>> >>;; SERVER: 127.0.0.1#53(127.0.0.1)
>> >>;; WHEN: Tue Aug 25 16:16:23 EEST 2015
>> >>;; MSG SIZE rcvd: 191
>> >>
>> >>
>> >>Alinti bert hubert <bert.hubert at powerdns.com>
>> >>
>> >>>Does it print out anything at all?
>> >>>
>> >>>Can you show a 'dig' command that shows TC:0 response and no fallback to
>> >>>TCP/IP?
>> >>>
>> >>>Thanks!
>> >>>
>> >>>On Tue, Aug 25, 2015 at 02:52:33PM +0300, Burak Ozalp wrote:
>> >>>>Dear Bert;
>> >>>>
>> >>>>Firstly, thanks a lot for fast and illustrative replies. i learned a
>> >>>>lot of things. But i have a problem again :(
>> >>>>I change the dnsdistconf.lua file blockfilter() function as:
>> >>>>function blockFilter(remote, qname, qtype, dh)
>> >>>>
>> >>>> print("any query, tc=1")
>> >>>> dh:setTC(true)
>> >>>> dh:setQR(true)
>> >>>>
>> >>>> if(qname:isPartOf(block))
>> >>>> then
>> >>>> print("Blocking *.powerdns.org")
>> >>>> return true
>> >>>> end
>> >>>> return false
>> >>>>end
>> >>>>
>> >>>>then i did re-installation and run dnsdist. However, nothing is
>> changed..
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>Alinti bert hubert <bert.hubert at powerdns.com>
>> >>>>
>> >>>>>sent from the wrong account first, sorry.
>> >>>>>
>> >>>>>>Begin forwarded message:
>> >>>>>>
>> >>>>>>Subject: Re: [Pdns-dev] How to set PowerDNS Server with
>> >>option any-to-tcp
>> >>>>>>From: bert hubert <bert.hubert at netherlabs.nl>
>> >>>>>>Date: 25 Aug 2015 12:39:05 CEST
>> >>>>>>Cc: Aki Tuomi <cmouse at youzen.ext.b2.fi>, pdns-dev at mailman.powerdns.com
>> >>>>>>To: Burak Ozalp <burak.ozalp at metu.edu.tr>
>> >>>>>>
>> >>>>>>
>> >>>>>>>On 25 Aug 2015, at 12:24, Burak Ozalp
>> <burak.ozalp at metu.edu.tr> wrote:
>> >>>>>>>
>> >>>>>>>Thanks Bert,
>> >>>>>>>
>> >>>>>>>I installed dnsdist. with addAnyTCRule() i can easily do pdns
>> >>>>>>>any-to-tcp(). However, i couldn't manage to do for all types
>> >>>>>>>of queries. Should I patch the conf file ?
>> >>>>>>
>> >>>>>>
>> >>>>>>Hi Burak,
>> >>>>>>
>> >>>>>>Try:
>> >>>>>>
>> >>>>>>"The blockFilter() also gets passed read/writable copy of the
>> >>>>>>DNS Header. If you invoke setQR(1) on that, dnsdist knows you
>> >>>>>>turned the packet into a response, and will send the answer
>> >>>>>>directly to the original client.
>> >>>>>>
>> >>>>>>If you also called setTC(1), this will tell the remote client to
>> >>>>>>move to TCP/IP, and in this way you can implement ANY-to-TCP
>> >>>>>>even for downstream servers that lack this feature.?
>> >>>>>>
>> >>>>>>See:
>> https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#any-or-whatever-to-tc
>> >>>>>>
>> >>>>>>
>> >>>>>>just call setQR(1) and setTC(1) on the header field of
>> >>>>>>blockFilter() and you are done.
>> >>>>>>
>> >>>>>>Good luck!
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>>>
>> >>>>>>>Best Regards
>> >>>>>>>Burak Ozalp
>> >>>>>>>
>> >>>>>>>Alinti bert hubert <bert.hubert at powerdns.com>
>> >>>>>>>
>> >>>>>>>>Hi Burak,
>> >>>>>>>>
>> >>>>>>>>dnsdist can do this easily, please see http://dnsdist.org/
>> >>>>>>>>for more details.
>> >>>>>>>>It can set TC on any criterium.
>> >>>>>>>>
>> >>>>>>>>Good luck!
>> >>>>>>>>
>> >>>>>>>> Bert
>> >>>>>>>>
>> >>>>>>>>On Tue, Aug 25, 2015 at 09:59:12AM +0300, Burak Ozalp wrote:
>> >>>>>>>>>Dear Tuomi,
>> >>>>>>>>>
>> >>>>>>>>>Yes it works.Does it possible to force all UDP request with
>> >>>>>>>>>truncated packet, and force all to use TCP ?
>> >>>>>>>>>
>> >>>>>>>>>Best Regards
>> >>>>>>>>>Burak Ozalp
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
>> >>>>>>>>>
>> >>>>>>>>>>On Mon, Aug 24, 2015 at 03:36:02PM +0300, Burak Ozalp wrote:
>> >>>>>>>>>>>I install PowerDNS with MySql backend from here.I would
>> like to set
>> >>>>>>>>>>>any-to-tcp=yes for PowerDNS Server. I tried to configure
>> >>>>>>>>>>>/etc/powerdns/pdns.conf file and add a line
>> "any-to-tcp=yes". This
>> >>>>>>>>>>>option should reject UDP request from client and force
>> to use tcp.
>> >>>>>>>>>>>But when i run dig @127.0.0.1 it doesn't set the truncated bit in
>> >>>>>>>>>>>response, so it doesn't work.
>> >>>>>>>>>>>
>> >>>>>>>>>>>How to set correctly any-to-tcp option ?
>> >>>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>>It only truncates ANY query, try dig any domain.com @localhost
>> >>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>>_______________________________________________
>> >>>>>>>>>>>Pdns-dev mailing list
>> >>>>>>>>>>>Pdns-dev at mailman.powerdns.com
>> >>>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>> >>>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>_______________________________________________
>> >>>>>>>>>Pdns-dev mailing list
>> >>>>>>>>>Pdns-dev at mailman.powerdns.com
>> >>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>
>> >>>>>
>> >>>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>
>> >>
>> >>
>> >>
>> >>
>> >>_______________________________________________
>> >>Pdns-dev mailing list
>> >>Pdns-dev at mailman.powerdns.com
>> >>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>> >>
>> >
>>
>>
>>
>>
>
More information about the Pdns-dev
mailing list