On Sun, Mar 19, 2023 at 04:54:19PM +0100, Chandra via dnsdist wrote:
> Hello all,
>
> I am trying to configure DOH over HTTP and I can't seem to figure out what
> I'm doing wrong. I have a nginx proxying the incoming request and don't need
> it on HTTPS. Here's my config
>
> *--- doh over http*
> setACL({"0.0.0.0/0", "::/0"})
> addLocal('0.0.0.0:7070')
> webserver("127.0.0.1:8083")
>
> newServer({address="1.1.1.1", pool="pub-unsafe-tier1",name="cloudflare"})
> newServer({address="8.8.8.8", pool="pub-unsafe-tier1",name="google"})
> newServer({address="194.242.2.2",pool="pub-safe-tier1",name="mullvad-noadblock",checkInterval=60})
> newServer({address="84.200.69.80",
> pool="pub-safe-tier2",name="dnswatch1",checkInterval=60})
> newServer({address="84.200.70.40",
> pool="pub-safe-tier2",name="dnswatch2",checkInterval=60})
>
>
> addDOHLocal("0.0.0.0:9090",nil,nil, "/dns-query", { reusePort=true,
> trustForwardedForHeader=true })
> ```
>
> When testing on the locally, here's what I get:
>
> $ curl -H 'accept: application/dns-message'
> 'http://localhost:9090/dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB'
>
> dns query not allowed
>
> $ ...
>
>
> Where am I going wrong?
You have no policy defined. The default policy is to send packets to
the default pool (named ""). Your default pool is empty. So the query
gets refused, since no policy applies.
-Otto
_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
