Re: [knot-dns-users] Is it possible to inhibit a response?

Sat, 02 Sep 2017 23:31:53 -0700 

Daniel,
I tried with both recvmmsg set to yes and to no.  Made no difference.  Not sure why it would. 


When I use the dig client to send to the server, I can see from the 
module log that dig tries three times to receive a valid response before 
giving up.



It appears that knot is still sending a response each time, but because 
pkt->size was set to 0 in an attempt to have the server drop the 
message, dig complains about the length.


What I see is(actual address obscured with XXX.XXX.XXX.XXX):


dig ANY test.com @XXX.XXX.XXX.XXX
;; Warning: short (< header size) message received
;; Warning: short (< header size) message received
;; Warning: short (< header size) message received

; <<>> DiG 9.10.3-P4-Ubuntu <<>> ANY test.com @XXX.XXX.XXX.XXX
;; global options: +cmd
;; connection timed out; no servers could be reached



It would be great if the server would send nothing at all and truly drop 
the message.   Are you seeing a true drop?  Again, I'm working with the 
latest 2.6 code from the git repo.


Thanks,

Lisa



On 9/2/2017 2:38 AM, daniel.salz...@nic.cz wrote:

Hi Lisa,

Setting packet size to 0 and returning KNOTD_STATE_DONE is the proper way
how to inhibit a response. It also work in my simple test. Which version
of Knot do you have? Is recvmmsg utilized (see configure summary)?

Daniel

On 2017-09-01 19:45, Lisa Bahler wrote:

I've written aknot module, which is functioning well.  I've been asked
to add functionality to it that would inhibit any response from knot,
based upon the client's identity.  I know the identity; I just need to
figure out how to inhibit a response.

I just noticed the rrl module, and I looked at what it does.  I
emulated what I saw and set pkt->size = 0 and returned
KNOTD_STATE_DONE.

When I ran host -a, it returned that no servers could be reached.Â
When I ran dig ANY, I ultimately got the same response, but dig
complained three times about receiving a message that was too short in
length.

I really want NO message to be returned.  How do I force this?



_______________________________________________
knot-dns-users mailing list
knot-dns-users@lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users

_______________________________________________
knot-dns-users mailing list
knot-dns-users@lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users



_______________________________________________
knot-dns-users mailing list
knot-dns-users@lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users






















					Reply via email to