[Pdns-dev] (RPM package for CentOS7 DNsdist)
bert hubert
bert.hubert at powerdns.com
Thu Aug 27 15:35:27 CEST 2015
On Thu, Aug 27, 2015 at 11:39:38AM +0300, Burak Ozalp wrote:
> I want to install dnsdist on CentOS7. I installed the rpm which
> includes dnsdist at http://pkgs.org/centos-7/epel-x86_64/pdns-tools-3.4.5-1.el7.x86_64.rpm.html
> . But i couldn't run dnsdist with --config command, because it
> doesn't have this option(looked manual and --help command).
The current version of dnsdist is very different from the one we shipped in
pdns-tools for 3.4.5. The releases you can find through http://dnsdist.org/
are the ones you should look at!
Bert
>
> How can run dnsdist with a config file on CentOS 7 ?
>
> Best Regards
> Burak Özalp
>
>
>
>
>
> Alinti Burak Ozalp <burak.ozalp at metu.edu.tr>
>
> >It works! Thank you for all. I did when i want finally.
> >
> >Best Regards
> >Burak Ozalp
> >
> >Alinti bert hubert <bert.hubert at powerdns.com>
> >
> >>Hi Burak,
> >>
> >>I just tested this:
> >>
> >>addLocal("0.0.0.0:5200")
> >>newServer("192.168.1.2")
> >>
> >>function blockFilter(remote, qname, qtype, dh)
> >> dh:setTC(true)
> >> dh:setQR(true)
> >> return false
> >>end
> >>
> >>And I get this output:
> >>
> >>$ dig ds9a.nl @127.0.0.1 -p 5200
> >>;; Truncated, retrying in TCP mode.
> >>
> >>; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> ds9a.nl @127.0.0.1 -p 5200
> >>;; global options: +cmd
> >>;; Got answer:
> >>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64932
> >>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> >>
> >>;; QUESTION SECTION:
> >>;ds9a.nl. IN A
> >>
> >>;; ANSWER SECTION:
> >>ds9a.nl. 349 IN A 82.94.213.34
> >>
> >>;; Query time: 1 msec
> >>;; SERVER: 127.0.0.1#5200(127.0.0.1)
> >>;; WHEN: Wed Aug 26 14:14:31 CEST 2015
> >>;; MSG SIZE rcvd: 41
> >>
> >>Can you try as well?
> >>
> >> Bert
> >>
> >>On Wed, Aug 26, 2015 at 09:16:33AM +0300, Burak Ozalp wrote:
> >>>I did not run " sudo service pdns start", so i didn't bind
> >>>0.0.0.0:53 on same host. Also i can run addAnyTCRule() perfectly,
> >>>and it rejects ANY queries well
> >>>(i.e;root at burak-desktop:/home/burak# dig any google.com @127.0.0.1
> >>>;; Truncated, retrying in TCP mode.
> >>>;; communications error: end of file).
> >>>
> >>>My main problem is that i couldn't manage to work dnsdistconf.lua as
> >>>I want even if with the command ( dnsdist --local 0.0.0.0:53
> >>>192.168.0.1 --config dnsdistconf.lua ).
> >>>
> >>>
> >>>Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
> >>>
> >>>>Well, technically if you are already listening on 192.168.0.1:53
> >>>>you cannot bind on 0.0.0.0:53 on *same* host.
> >>>>
> >>>>Aki
> >>>>
> >>>>On Wed, Aug 26, 2015 at 08:50:47AM +0300, Burak Ozalp wrote:
> >>>>>In another terminal i run the following command;
> >>>>>
> >>>>>dnsdist --local 0.0.0.0:53 192.168.0.1
> >>>>>
> >>>>>Is it wrong ?
> >>>>>
> >>>>>Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
> >>>>>
> >>>>>>Did you put dnsdist in front of powerdns instance? Is it listening on
> >>>>>>127.0.0.1:53?
> >>>>>>
> >>>>>>Aki
> >>>>>>
> >>>>>>On Tue, Aug 25, 2015 at 04:39:55PM +0300, Burak Ozalp wrote:
> >>>>>>>This is my dig output;
> >>>>>>>dig google.com @127.0.0.1
> >>>>>>>; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> google.com @127.0.0.1
> >>>>>>>;; global options: +cmd
> >>>>>>>;; Got answer:
> >>>>>>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2143
> >>>>>>>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
> >>>>>>>
> >>>>>>>;; OPT PSEUDOSECTION:
> >>>>>>>; EDNS: version: 0, flags:; udp: 4096
> >>>>>>>;; QUESTION SECTION:
> >>>>>>>;google.com. IN A
> >>>>>>>
> >>>>>>>;; ANSWER SECTION:
> >>>>>>>google.com. 167 IN A 216.58.209.14
> >>>>>>>
> >>>>>>>;; AUTHORITY SECTION:
> >>>>>>>google.com. 30662 IN NS ns4.google.com.
> >>>>>>>google.com. 30662 IN NS ns1.google.com.
> >>>>>>>google.com. 30662 IN NS ns2.google.com.
> >>>>>>>google.com. 30662 IN NS ns3.google.com.
> >>>>>>>
> >>>>>>>;; ADDITIONAL SECTION:
> >>>>>>>ns1.google.com. 30944 IN A 216.239.32.10
> >>>>>>>ns2.google.com. 10757 IN A 216.239.34.10
> >>>>>>>ns3.google.com. 12219 IN A 216.239.36.10
> >>>>>>>ns4.google.com. 40489 IN A 216.239.38.10
> >>>>>>>
> >>>>>>>;; Query time: 17 msec
> >>>>>>>;; SERVER: 127.0.0.1#53(127.0.0.1)
> >>>>>>>;; WHEN: Tue Aug 25 16:16:23 EEST 2015
> >>>>>>>;; MSG SIZE rcvd: 191
> >>>>>>>
> >>>>>>>
> >>>>>>>Alinti bert hubert <bert.hubert at powerdns.com>
> >>>>>>>
> >>>>>>>>Does it print out anything at all?
> >>>>>>>>
> >>>>>>>>Can you show a 'dig' command that shows TC:0
> >>>>>>>>response and no fallback to
> >>>>>>>>TCP/IP?
> >>>>>>>>
> >>>>>>>>Thanks!
> >>>>>>>>
> >>>>>>>>On Tue, Aug 25, 2015 at 02:52:33PM +0300, Burak Ozalp wrote:
> >>>>>>>>>Dear Bert;
> >>>>>>>>>
> >>>>>>>>>Firstly, thanks a lot for fast and illustrative replies. i learned a
> >>>>>>>>>lot of things. But i have a problem again :(
> >>>>>>>>>I change the dnsdistconf.lua file blockfilter() function as:
> >>>>>>>>>function blockFilter(remote, qname, qtype, dh)
> >>>>>>>>>
> >>>>>>>>> print("any query, tc=1")
> >>>>>>>>> dh:setTC(true)
> >>>>>>>>> dh:setQR(true)
> >>>>>>>>>
> >>>>>>>>> if(qname:isPartOf(block))
> >>>>>>>>> then
> >>>>>>>>> print("Blocking *.powerdns.org")
> >>>>>>>>> return true
> >>>>>>>>> end
> >>>>>>>>> return false
> >>>>>>>>>end
> >>>>>>>>>
> >>>>>>>>>then i did re-installation and run dnsdist. However, nothing
> >>>>>is changed..
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>Alinti bert hubert <bert.hubert at powerdns.com>
> >>>>>>>>>
> >>>>>>>>>>sent from the wrong account first, sorry.
> >>>>>>>>>>
> >>>>>>>>>>>Begin forwarded message:
> >>>>>>>>>>>
> >>>>>>>>>>>Subject: Re: [Pdns-dev] How to set PowerDNS Server with
> >>>>>>>option any-to-tcp
> >>>>>>>>>>>From: bert hubert <bert.hubert at netherlabs.nl>
> >>>>>>>>>>>Date: 25 Aug 2015 12:39:05 CEST
> >>>>>>>>>>>Cc: Aki Tuomi <cmouse at youzen.ext.b2.fi>,
> >>>>>>>>>>>pdns-dev at mailman.powerdns.com
> >>>>>>>>>>>To: Burak Ozalp <burak.ozalp at metu.edu.tr>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>>On 25 Aug 2015, at 12:24, Burak Ozalp
> >>>>><burak.ozalp at metu.edu.tr> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>Thanks Bert,
> >>>>>>>>>>>>
> >>>>>>>>>>>>I installed dnsdist. with addAnyTCRule() i can easily do pdns
> >>>>>>>>>>>>any-to-tcp(). However, i couldn't manage to do for all types
> >>>>>>>>>>>>of queries. Should I patch the conf file ?
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>Hi Burak,
> >>>>>>>>>>>
> >>>>>>>>>>>Try:
> >>>>>>>>>>>
> >>>>>>>>>>>"The blockFilter() also gets passed read/writable copy of the
> >>>>>>>>>>>DNS Header. If you invoke setQR(1) on that, dnsdist knows you
> >>>>>>>>>>>turned the packet into a response, and will send the answer
> >>>>>>>>>>>directly to the original client.
> >>>>>>>>>>>
> >>>>>>>>>>>If you also called setTC(1), this will tell the remote client to
> >>>>>>>>>>>move to TCP/IP, and in this way you can implement ANY-to-TCP
> >>>>>>>>>>>even for downstream servers that lack this feature.?
> >>>>>>>>>>>
> >>>>>>>>>>>See: https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#any-or-whatever-to-tc
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>just call setQR(1) and setTC(1) on the header field of
> >>>>>>>>>>>blockFilter() and you are done.
> >>>>>>>>>>>
> >>>>>>>>>>>Good luck!
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>Best Regards
> >>>>>>>>>>>>Burak Ozalp
> >>>>>>>>>>>>
> >>>>>>>>>>>>Alinti bert hubert <bert.hubert at powerdns.com>
> >>>>>>>>>>>>
> >>>>>>>>>>>>>Hi Burak,
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>dnsdist can do this easily, please see http://dnsdist.org/
> >>>>>>>>>>>>>for more details.
> >>>>>>>>>>>>>It can set TC on any criterium.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>Good luck!
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Bert
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>On Tue, Aug 25, 2015 at 09:59:12AM +0300, Burak Ozalp wrote:
> >>>>>>>>>>>>>>Dear Tuomi,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>Yes it works.Does it possible to force all UDP request with
> >>>>>>>>>>>>>>truncated packet, and force all to use TCP ?
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>Best Regards
> >>>>>>>>>>>>>>Burak Ozalp
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>Alinti Aki Tuomi <cmouse at youzen.ext.b2.fi>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>On Mon, Aug 24, 2015 at 03:36:02PM +0300, Burak Ozalp wrote:
> >>>>>>>>>>>>>>>>I install PowerDNS with MySql backend from here.I
> >>>>>would like to set
> >>>>>>>>>>>>>>>>any-to-tcp=yes for PowerDNS Server. I tried to configure
> >>>>>>>>>>>>>>>>/etc/powerdns/pdns.conf file and add a line
> >>>>>"any-to-tcp=yes". This
> >>>>>>>>>>>>>>>>option should reject UDP request from client and
> >>>>>force to use tcp.
> >>>>>>>>>>>>>>>>But when i run dig @127.0.0.1 it
> >>>>>>>>>>>>>>>>doesn't set the truncated bit in
> >>>>>>>>>>>>>>>>response, so it doesn't work.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>How to set correctly any-to-tcp option ?
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>It only truncates ANY query, try dig any domain.com @localhost
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>_______________________________________________
> >>>>>>>>>>>>>>>>Pdns-dev mailing list
> >>>>>>>>>>>>>>>>Pdns-dev at mailman.powerdns.com
> >>>>>>>>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>_______________________________________________
> >>>>>>>>>>>>>>Pdns-dev mailing list
> >>>>>>>>>>>>>>Pdns-dev at mailman.powerdns.com
> >>>>>>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>_______________________________________________
> >>>>>>>Pdns-dev mailing list
> >>>>>>>Pdns-dev at mailman.powerdns.com
> >>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>
> >
> >
> >
> >
> >_______________________________________________
> >Pdns-dev mailing list
> >Pdns-dev at mailman.powerdns.com
> >http://mailman.powerdns.com/mailman/listinfo/pdns-dev
> >
>
>
>
More information about the Pdns-dev
mailing list