Hello!
We have a couple of dnsdist (Old an not so new).
When moving traffic from dnsdist 1.4.0 to 1.6.1 we noticed the following.
Queries with opcode 1 (DNSOpcode.IQuery) are being ignored (droped?) on 1.4
But 1.6.1 answers NOT implemented.
We don't know which is the reason for this queries, but in the not
implemented scenario these queries are retried for a couple of minutes,
hundreds or thousands per second by some devices.
Trying to stop this, we created a rule to drop them but it's not working:
addAction(OpcodeRule(DNSOpcode.IQuery),DropAction())
the same with opcode Query works.
# Name Matches Rule
Action
0 0 opcode==1
no op
1 191722 opcode==0
no op
There is some preprocessing before the rules which answers not implemented?
There is any option to solve this? If not, we will try with iptables.
Thanks in advance!
Nico
_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
