[Pdns-users] dnsdist : connection refused

ROGER VIncent vincent.roger at gmx.fr
Mon Nov 17 18:35:00 UTC 2025 

Great thank you !

> ➜  ~ dig -t aaaa powerdns.com @127.0.0.1 -p 5300 +nocookie 
> +http-plain=/dns-query
>
> ; <<>> DiG 9.20.15-1~deb13u1-Debian <<>> -t aaaa powerdns.com 
> @127.0.0.1 -p 5300 +nocookie +http-plain=/dns-query
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17379
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ;; QUESTION SECTION:
> ;powerdns.com.            IN    AAAA
>
> ;; AUTHORITY SECTION:
> powerdns.com.        3600    IN    SOA pdns-public-ns1.powerdns.com. 
> peter\.van\.dijk.powerdns.com. 2025111301 10800 3600 604800 3600
>
> ;; Query time: 168 msec
> ;; SERVER: 127.0.0.1#5300(127.0.0.1) (HTTP)
> ;; WHEN: Mon Nov 17 19:09:52 CET 2025
> ;; MSG SIZE  rcvd: 108


Now that I test requests via apache reverse proxy I get errors like this 
one :

> [proxy_http:error] [pid 542507:tid 542557] (70014)End of file found: 
> [remote 192.168.0.254:40452] AH01102: error reading status line from 
> remote server 127.0.0.1:5300

I know it's perhaps more related to Apache than dnsdist but I ask anyway 
: is it possible to use Apache to proxy requests to dnsdist ?

Le 17/11/2025 à 18:11, Aman Grewal a écrit :
> You have to tell dig to use DoH
>
> `+https=/dns-query` for https
> `+http-plain=/dns-query` for http
>
> On Mon, Nov 17, 2025 at 11:51 AM ROGER VIncent via Pdns-users 
> <pdns-users at mailman.powerdns.com> wrote:
>
>     Hi,
>
>     I intend to access dnsdist via DoH with an apache reverse proxy,
>     but first I can't get dnsdist respond to queries :
>
>>     ➜  ~ dig -t aaaa powerdns.com <http://powerdns.com> @127.0.0.1
>>     <http://127.0.0.1> -p 5300 +short +nocookie
>>     ;; communications error to 127.0.0.1#5300: connection refused
>>     ;; communications error to 127.0.0.1#5300: connection refused
>>     ;; communications error to 127.0.0.1#5300: connection refused
>>
>>     ; <<>> DiG 9.20.15-1~deb13u1-Debian <<>> -t aaaa powerdns.com
>>     <http://powerdns.com> @127.0.0.1 <http://127.0.0.1> -p 5300
>>     +short +nocookie
>>     ;; global options: +cmd
>>     ;; no servers could be reached
>     Here is my dnsdist.conf :
>
>>     -- disable security status polling via DNS
>>     setSecurityPollSuffix("")
>>
>>     setACL("127.0.0.1/8 <http://127.0.0.1/8>")
>>
>>     -- Define upstream DNS server (Pi-hole)
>>     newServer({address="192.168.0.26:53 <http://192.168.0.26:53>",
>>     name="Pi2-hole", checkInterval=60, mustResolve=true})
>>     newServer({address="192.168.0.24:53 <http://192.168.0.24:53>",
>>     name="Pi1-hole", checkInterval=60, mustResolve=true})
>>
>>     -- Set the load balancing policy
>>     setServerPolicy(roundrobin)
>>
>>     -- Create local DOH server listener in DNS over HTTP mode,
>>     otherwise the information coming from nginx won't be processed well
>>     addDOHLocal("127.0.0.1:5300 <http://127.0.0.1:5300>", nil, nil,
>>     "/dns-query", {reusePort=true, trustForwardedForHeader=false,
>>     keepIncomingHeaders=true})
>     dnsdist is listening port 5300 though :
>
>>     ➜  ~ sudo netstat -tapn | grep 5300
>>     tcp        0      0 127.0.0.1:5300 <http://127.0.0.1:5300>      
>>       0.0.0.0:*               LISTEN      508356/dnsdist
>     What is my mistake here ?
>
>
>     -- 
>     ROGER Vincent
>
>     _______________________________________________
>     Pdns-users mailing list
>     Pdns-users at mailman.powerdns.com
>     https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20251117/a951539f/attachment-0001.htm>

More information about the Pdns-users mailing list