Re: force nameserver(bind) information exchanges with clients via tcp only

Hi Donika, I would recommend adding dnsdist proxy on top of BIND 9. I believe it has all the tools you need (TCPRule as selector and TCAction to truncate). You can run dnsdist on external interface and named on localhost. Using the right tool for the job is half of the success ;) Ondřej --

Re: force nameserver(bind) information exchanges with clients via tcp only

Hello Petr, This setup was not meant to address a specific problem or be implemented in a production situation. I am running an experiment and one of the criteria was for clients to connect with us via tcp only. I don't have control on the clients (only nameserver) and relying on whether

Re: force nameserver(bind) information exchanges with clients via tcp only

I should be clearer about this. The media devices send a lot of traffic. They manipulate the wifi landscape in proprietary (remember the TCP throughput wars 20+ years ago?) or at least unexpected ways. Stupid wifi access point follows "conventional wisdom" and drops UDP traffic. Doesn't

Re: force nameserver(bind) information exchanges with clients via tcp only

Exactly! On Thu, 30 Sep 2021, Carl Byington wrote: On Thu, 2021-09-30 at 16:30 -0700, Fred Morris wrote: https://github.com/m3047/tcp_only_forwarder So what exactly are the media devices doing to screw up dns resolution between the osx laptop and the local dns server? Dropping UDP

Re: force nameserver(bind) information exchanges with clients via tcp only

Hi Donika, I think it can be partially archieved by options use-vc in /etc/resolv.conf on end clients. But I doubt every software would process this flag, only part of them would use it. I doubt many daemons doing direct DNS queries would follow such configuration. Can you share why you are even

Re: force nameserver(bind) information exchanges with clients via tcp only

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2021-09-30 at 16:30 -0700, Fred Morris wrote: > https://github.com/m3047/tcp_only_forwarder So what exactly are the media devices doing to screw up dns resolution between the osx laptop and the local dns server? -BEGIN PGP

Re: force nameserver(bind) information exchanges with clients via tcp only

Hi there. Media devices and a crappy SOHO wifi AP? I know that feeling. ;-) On Thu, 30 Sep 2021, Donika Mirdita wrote: I have set up a nameserver and I would like to force all future client requests to TCP only. You can't really. You can try, by setting TC, but if the clients never see the

force nameserver(bind) information exchanges with clients via tcp only

Hello, I have set up a nameserver and I would like to force all future client requests to TCP only. Essentially, one scenario would be for all UDP requests to be countered with a packet that has the TC bit set so the connection is retried via TCP. I want this rule to be applicable to all