[Pdns-dev] (no subject)

Burak Ozalp burak.ozalp at metu.edu.tr
Wed Aug 26 15:00:47 CEST 2015


It works! Thank you for all. I did when i want finally.

Best Regards
Burak Ozalp

Alinti bert hubert <bert.hubert at powerdns.com>

> Hi Burak,
>
> I just tested this:
>
> addLocal("0.0.0.0:5200")
> newServer("192.168.1.2")
>
> function blockFilter(remote, qname, qtype, dh)
>         dh:setTC(true)
>         dh:setQR(true)
>         return false
> end
>
> And I get this output:
>
> $ dig ds9a.nl @127.0.0.1 -p 5200
> ;; Truncated, retrying in TCP mode.
>
> ; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> ds9a.nl @127.0.0.1 -p 5200
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64932
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ds9a.nl.                       IN      A
>
> ;; ANSWER SECTION:
> ds9a.nl.                349     IN      A       82.94.213.34
>
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1#5200(127.0.0.1)
> ;; WHEN: Wed Aug 26 14:14:31 CEST 2015
> ;; MSG SIZE  rcvd: 41
>
> Can you try as well?
>
> 	Bert
>
> On Wed, Aug 26, 2015 at 09:16:33AM +0300, Burak Ozalp wrote:
>> I did not run " sudo service pdns start", so i didn't bind
>> 0.0.0.0:53 on same host. Also i can run addAnyTCRule() perfectly,
>> and it rejects ANY queries well
>> (i.e;root at burak-desktop:/home/burak# dig any google.com @127.0.0.1
>> ;; Truncated, retrying in TCP mode.
>> ;; communications error: end of file).
>>
>> My main problem is that i couldn't manage to work dnsdistconf.lua as
>> I want even if with the command ( dnsdist --local 0.0.0.0:53
>> 192.168.0.1 --config dnsdistconf.lua ).
>>
>>
>> Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
>>
>> >Well, technically if you are already listening on 192.168.0.1:53
>> >you cannot bind on 0.0.0.0:53 on *same* host.
>> >
>> >Aki
>> >
>> >On Wed, Aug 26, 2015 at 08:50:47AM +0300, Burak Ozalp wrote:
>> >>In another terminal i run the following command;
>> >>
>> >>dnsdist --local 0.0.0.0:53 192.168.0.1
>> >>
>> >>Is it wrong ?
>> >>
>> >>Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
>> >>
>> >>>Did you put dnsdist in front of powerdns instance? Is it listening on
>> >>>127.0.0.1:53?
>> >>>
>> >>>Aki
>> >>>
>> >>>On Tue, Aug 25, 2015 at 04:39:55PM +0300, Burak Ozalp wrote:
>> >>>>This is my dig output;
>> >>>>dig google.com @127.0.0.1
>> >>>>; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> google.com @127.0.0.1
>> >>>>;; global options: +cmd
>> >>>>;; Got answer:
>> >>>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2143
>> >>>>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
>> >>>>
>> >>>>;; OPT PSEUDOSECTION:
>> >>>>; EDNS: version: 0, flags:; udp: 4096
>> >>>>;; QUESTION SECTION:
>> >>>>;google.com.                    IN      A
>> >>>>
>> >>>>;; ANSWER SECTION:
>> >>>>google.com.             167     IN      A       216.58.209.14
>> >>>>
>> >>>>;; AUTHORITY SECTION:
>> >>>>google.com.             30662   IN      NS      ns4.google.com.
>> >>>>google.com.             30662   IN      NS      ns1.google.com.
>> >>>>google.com.             30662   IN      NS      ns2.google.com.
>> >>>>google.com.             30662   IN      NS      ns3.google.com.
>> >>>>
>> >>>>;; ADDITIONAL SECTION:
>> >>>>ns1.google.com.         30944   IN      A       216.239.32.10
>> >>>>ns2.google.com.         10757   IN      A       216.239.34.10
>> >>>>ns3.google.com.         12219   IN      A       216.239.36.10
>> >>>>ns4.google.com.         40489   IN      A       216.239.38.10
>> >>>>
>> >>>>;; Query time: 17 msec
>> >>>>;; SERVER: 127.0.0.1#53(127.0.0.1)
>> >>>>;; WHEN: Tue Aug 25 16:16:23 EEST 2015
>> >>>>;; MSG SIZE  rcvd: 191
>> >>>>
>> >>>>
>> >>>>Alinti bert hubert <bert.hubert at powerdns.com>
>> >>>>
>> >>>>>Does it print out anything at all?
>> >>>>>
>> >>>>>Can you show a 'dig' command that shows TC:0 response and no  
>> fallback to
>> >>>>>TCP/IP?
>> >>>>>
>> >>>>>Thanks!
>> >>>>>
>> >>>>>On Tue, Aug 25, 2015 at 02:52:33PM +0300, Burak Ozalp wrote:
>> >>>>>>Dear Bert;
>> >>>>>>
>> >>>>>>Firstly, thanks a lot for fast and illustrative replies. i learned a
>> >>>>>>lot of things. But i have a problem again :(
>> >>>>>>I change the dnsdistconf.lua file blockfilter() function as:
>> >>>>>>function blockFilter(remote, qname, qtype, dh)
>> >>>>>>
>> >>>>>>     print("any query, tc=1")
>> >>>>>>     dh:setTC(true)
>> >>>>>>	 dh:setQR(true)
>> >>>>>>
>> >>>>>>	 if(qname:isPartOf(block))
>> >>>>>>	 then
>> >>>>>>		print("Blocking *.powerdns.org")
>> >>>>>>		return true
>> >>>>>>	 end
>> >>>>>>	 return false
>> >>>>>>end
>> >>>>>>
>> >>>>>>then i did re-installation and run dnsdist. However, nothing
>> >>is changed..
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>>Alinti bert hubert <bert.hubert at powerdns.com>
>> >>>>>>
>> >>>>>>>sent from the wrong account first, sorry.
>> >>>>>>>
>> >>>>>>>>Begin forwarded message:
>> >>>>>>>>
>> >>>>>>>>Subject: Re: [Pdns-dev] How to set PowerDNS Server with
>> >>>>option any-to-tcp
>> >>>>>>>>From: bert hubert <bert.hubert at netherlabs.nl>
>> >>>>>>>>Date: 25 Aug 2015 12:39:05 CEST
>> >>>>>>>>Cc: Aki Tuomi <cmouse at youzen.ext.b2.fi>,  
>> pdns-dev at mailman.powerdns.com
>> >>>>>>>>To: Burak Ozalp <burak.ozalp at metu.edu.tr>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>>On 25 Aug 2015, at 12:24, Burak Ozalp
>> >><burak.ozalp at metu.edu.tr> wrote:
>> >>>>>>>>>
>> >>>>>>>>>Thanks Bert,
>> >>>>>>>>>
>> >>>>>>>>>I installed dnsdist. with addAnyTCRule() i can easily do pdns
>> >>>>>>>>>any-to-tcp(). However, i couldn't manage to do for all types
>> >>>>>>>>>of queries. Should I patch the conf file ?
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>Hi Burak,
>> >>>>>>>>
>> >>>>>>>>Try:
>> >>>>>>>>
>> >>>>>>>>"The blockFilter() also gets passed read/writable copy of the
>> >>>>>>>>DNS Header. If you invoke setQR(1) on that, dnsdist knows you
>> >>>>>>>>turned the packet into a response, and will send the answer
>> >>>>>>>>directly to the original client.
>> >>>>>>>>
>> >>>>>>>>If you also called setTC(1), this will tell the remote client to
>> >>>>>>>>move to TCP/IP, and in this way you can implement ANY-to-TCP
>> >>>>>>>>even for downstream servers that lack this feature.?
>> >>>>>>>>
>> >>>>>>>>See:  
>> https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#any-or-whatever-to-tc
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>just call setQR(1) and setTC(1) on the header field of
>> >>>>>>>>blockFilter() and you are done.
>> >>>>>>>>
>> >>>>>>>>Good luck!
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>Best Regards
>> >>>>>>>>>Burak Ozalp
>> >>>>>>>>>
>> >>>>>>>>>Alinti bert hubert <bert.hubert at powerdns.com>
>> >>>>>>>>>
>> >>>>>>>>>>Hi Burak,
>> >>>>>>>>>>
>> >>>>>>>>>>dnsdist can do this easily, please see http://dnsdist.org/
>> >>>>>>>>>>for more details.
>> >>>>>>>>>>It can set TC on any criterium.
>> >>>>>>>>>>
>> >>>>>>>>>>Good luck!
>> >>>>>>>>>>
>> >>>>>>>>>>	Bert
>> >>>>>>>>>>
>> >>>>>>>>>>On Tue, Aug 25, 2015 at 09:59:12AM +0300, Burak Ozalp wrote:
>> >>>>>>>>>>>Dear Tuomi,
>> >>>>>>>>>>>
>> >>>>>>>>>>>Yes it works.Does it possible to force all UDP request with
>> >>>>>>>>>>>truncated packet, and force all to use TCP ?
>> >>>>>>>>>>>
>> >>>>>>>>>>>Best Regards
>> >>>>>>>>>>>Burak Ozalp
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>>Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
>> >>>>>>>>>>>
>> >>>>>>>>>>>>On Mon, Aug 24, 2015 at 03:36:02PM +0300, Burak Ozalp wrote:
>> >>>>>>>>>>>>>I install PowerDNS with MySql backend from here.I
>> >>would like to set
>> >>>>>>>>>>>>>any-to-tcp=yes for PowerDNS Server. I tried to configure
>> >>>>>>>>>>>>>/etc/powerdns/pdns.conf file and add a line
>> >>"any-to-tcp=yes". This
>> >>>>>>>>>>>>>option should reject UDP request from client and
>> >>force to use tcp.
>> >>>>>>>>>>>>>But when i run dig @127.0.0.1 it doesn't set the  
>> truncated bit in
>> >>>>>>>>>>>>>response, so it doesn't work.
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>How to set correctly any-to-tcp option ?
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>It only truncates ANY query, try dig any domain.com @localhost
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>_______________________________________________
>> >>>>>>>>>>>>>Pdns-dev mailing list
>> >>>>>>>>>>>>>Pdns-dev at mailman.powerdns.com
>> >>>>>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>>_______________________________________________
>> >>>>>>>>>>>Pdns-dev mailing list
>> >>>>>>>>>>>Pdns-dev at mailman.powerdns.com
>> >>>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>> >>>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>_______________________________________________
>> >>>>Pdns-dev mailing list
>> >>>>Pdns-dev at mailman.powerdns.com
>> >>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>> >>>>
>> >>>
>> >>
>> >>
>> >>
>> >>
>> >
>>
>>
>>
>>
>






More information about the Pdns-dev mailing list