Did you put dnsdist in front of powerdns instance? Is it listening on 127.0.0.1:53?
Aki On Tue, Aug 25, 2015 at 04:39:55PM +0300, Burak Ozalp wrote: > This is my dig output; > dig google.com @127.0.0.1 > ; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> google.com @127.0.0.1 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2143 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;google.com. IN A > > ;; ANSWER SECTION: > google.com. 167 IN A 216.58.209.14 > > ;; AUTHORITY SECTION: > google.com. 30662 IN NS ns4.google.com. > google.com. 30662 IN NS ns1.google.com. > google.com. 30662 IN NS ns2.google.com. > google.com. 30662 IN NS ns3.google.com. > > ;; ADDITIONAL SECTION: > ns1.google.com. 30944 IN A 216.239.32.10 > ns2.google.com. 10757 IN A 216.239.34.10 > ns3.google.com. 12219 IN A 216.239.36.10 > ns4.google.com. 40489 IN A 216.239.38.10 > > ;; Query time: 17 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Tue Aug 25 16:16:23 EEST 2015 > ;; MSG SIZE rcvd: 191 > > > Alinti bert hubert <bert.hub...@powerdns.com> > > >Does it print out anything at all? > > > >Can you show a 'dig' command that shows TC:0 response and no fallback to > >TCP/IP? > > > >Thanks! > > > >On Tue, Aug 25, 2015 at 02:52:33PM +0300, Burak Ozalp wrote: > >>Dear Bert; > >> > >>Firstly, thanks a lot for fast and illustrative replies. i learned a > >>lot of things. But i have a problem again :( > >>I change the dnsdistconf.lua file blockfilter() function as: > >>function blockFilter(remote, qname, qtype, dh) > >> > >> print("any query, tc=1") > >> dh:setTC(true) > >> dh:setQR(true) > >> > >> if(qname:isPartOf(block)) > >> then > >> print("Blocking *.powerdns.org") > >> return true > >> end > >> return false > >>end > >> > >>then i did re-installation and run dnsdist. However, nothing is changed.. > >> > >> > >> > >> > >>Alinti bert hubert <bert.hub...@powerdns.com> > >> > >>>sent from the wrong account first, sorry. > >>> > >>>>Begin forwarded message: > >>>> > >>>>Subject: Re: [Pdns-dev] How to set PowerDNS Server with option any-to-tcp > >>>>From: bert hubert <bert.hub...@netherlabs.nl> > >>>>Date: 25 Aug 2015 12:39:05 CEST > >>>>Cc: Aki Tuomi <cmo...@youzen.ext.b2.fi>, pdns-dev@mailman.powerdns.com > >>>>To: Burak Ozalp <burak.oz...@metu.edu.tr> > >>>> > >>>> > >>>>>On 25 Aug 2015, at 12:24, Burak Ozalp <burak.oz...@metu.edu.tr> wrote: > >>>>> > >>>>>Thanks Bert, > >>>>> > >>>>>I installed dnsdist. with addAnyTCRule() i can easily do pdns > >>>>>any-to-tcp(). However, i couldn't manage to do for all types > >>>>>of queries. Should I patch the conf file ? > >>>> > >>>> > >>>>Hi Burak, > >>>> > >>>>Try: > >>>> > >>>>"The blockFilter() also gets passed read/writable copy of the > >>>>DNS Header. If you invoke setQR(1) on that, dnsdist knows you > >>>>turned the packet into a response, and will send the answer > >>>>directly to the original client. > >>>> > >>>>If you also called setTC(1), this will tell the remote client to > >>>>move to TCP/IP, and in this way you can implement ANY-to-TCP > >>>>even for downstream servers that lack this feature.? > >>>> > >>>>See: > >>>>https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#any-or-whatever-to-tc > >>>> > >>>> > >>>>just call setQR(1) and setTC(1) on the header field of > >>>>blockFilter() and you are done. > >>>> > >>>>Good luck! > >>>> > >>>> > >>>> > >>>>> > >>>>>Best Regards > >>>>>Burak Ozalp > >>>>> > >>>>>Alinti bert hubert <bert.hub...@powerdns.com> > >>>>> > >>>>>>Hi Burak, > >>>>>> > >>>>>>dnsdist can do this easily, please see http://dnsdist.org/ > >>>>>>for more details. > >>>>>>It can set TC on any criterium. > >>>>>> > >>>>>>Good luck! > >>>>>> > >>>>>> Bert > >>>>>> > >>>>>>On Tue, Aug 25, 2015 at 09:59:12AM +0300, Burak Ozalp wrote: > >>>>>>>Dear Tuomi, > >>>>>>> > >>>>>>>Yes it works.Does it possible to force all UDP request with > >>>>>>>truncated packet, and force all to use TCP ? > >>>>>>> > >>>>>>>Best Regards > >>>>>>>Burak Ozalp > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi> > >>>>>>> > >>>>>>>>On Mon, Aug 24, 2015 at 03:36:02PM +0300, Burak Ozalp wrote: > >>>>>>>>>I install PowerDNS with MySql backend from here.I would like to set > >>>>>>>>>any-to-tcp=yes for PowerDNS Server. I tried to configure > >>>>>>>>>/etc/powerdns/pdns.conf file and add a line "any-to-tcp=yes". This > >>>>>>>>>option should reject UDP request from client and force to use tcp. > >>>>>>>>>But when i run dig @127.0.0.1 it doesn't set the truncated bit in > >>>>>>>>>response, so it doesn't work. > >>>>>>>>> > >>>>>>>>>How to set correctly any-to-tcp option ? > >>>>>>>>> > >>>>>>>> > >>>>>>>>It only truncates ANY query, try dig any domain.com @localhost > >>>>>>>> > >>>>>>>>> > >>>>>>>>>_______________________________________________ > >>>>>>>>>Pdns-dev mailing list > >>>>>>>>>Pdns-dev@mailman.powerdns.com > >>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev > >>>>>>>>> > >>>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>_______________________________________________ > >>>>>>>Pdns-dev mailing list > >>>>>>>Pdns-dev@mailman.powerdns.com > >>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev > >>>>>>> > >>>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>> > >>> > >>> > >> > >> > >> > >> > > > > > > > _______________________________________________ > Pdns-dev mailing list > Pdns-dev@mailman.powerdns.com > http://mailman.powerdns.com/mailman/listinfo/pdns-dev > _______________________________________________ Pdns-dev mailing list Pdns-dev@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-dev