Hi Seth,

> I wanted to run dnsdist on top of my existing PowerDNS servers to 
> provide DNS over TLS, but it wants to bind to 127.0.0.1:53 which is of 
> course already in use.

Have you tried setLocal()? setLocal() overwrites the configured 
listeners instead of adding them.

f you want non-TLS-traffic to go to the pdns server directly you could 
use setLocal() to make dnsdist listen elsewhere:

   setLocal(127.0.0.1:<some_closed_off_port>)
   addTLSLocal(<public ip>)
   newServer( address="127.0.0.1:53", id="PowerDNS" )
   ...

, but if you're running dnsdist anyway, it's probably better to let it 
handle all inbound queries:

   setLocal(<public ip>:53)
   addTLSLocal(<public ip>:53)
   newServer( address="127.0.0.1:53", id="PowerDNS" )
   ...

, with PDNS binding ONLY to localhost.

Christopher

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Reply via email to