Re: [Pdns-dev] (no subject)

Tue, 25 Aug 2015 22:53:15 -0700 

In another terminal i run the following command;

dnsdist --local 0.0.0.0:53 192.168.0.1

Is it wrong ?

Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi>


Did you put dnsdist in front of powerdns instance? Is it listening on
127.0.0.1:53?

Aki

On Tue, Aug 25, 2015 at 04:39:55PM +0300, Burak Ozalp wrote:

This is my dig output;
dig google.com @127.0.0.1
; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> google.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2143
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             167     IN      A       216.58.209.14

;; AUTHORITY SECTION:
google.com.             30662   IN      NS      ns4.google.com.
google.com.             30662   IN      NS      ns1.google.com.
google.com.             30662   IN      NS      ns2.google.com.
google.com.             30662   IN      NS      ns3.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.         30944   IN      A       216.239.32.10
ns2.google.com.         10757   IN      A       216.239.34.10
ns3.google.com.         12219   IN      A       216.239.36.10
ns4.google.com.         40489   IN      A       216.239.38.10

;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Aug 25 16:16:23 EEST 2015
;; MSG SIZE  rcvd: 191


Alinti bert hubert <bert.hub...@powerdns.com>

>Does it print out anything at all?
>
>Can you show a 'dig' command that shows TC:0 response and no fallback to
>TCP/IP?
>
>Thanks!
>
>On Tue, Aug 25, 2015 at 02:52:33PM +0300, Burak Ozalp wrote:
>>Dear Bert;
>>
>>Firstly, thanks a lot for fast and illustrative replies. i learned a
>>lot of things. But i have a problem again :(
>>I change the dnsdistconf.lua file blockfilter() function as:
>>function blockFilter(remote, qname, qtype, dh)
>>
>>     print("any query, tc=1")
>>     dh:setTC(true)
>>         dh:setQR(true)
>>
>>         if(qname:isPartOf(block))
>>         then
>>                print("Blocking *.powerdns.org")
>>                return true
>>         end
>>         return false
>>end
>>
>>then i did re-installation and run dnsdist. However, nothing is changed..
>>
>>
>>
>>
>>Alinti bert hubert <bert.hub...@powerdns.com>
>>
>>>sent from the wrong account first, sorry.
>>>
>>>>Begin forwarded message:
>>>>
>>>>Subject: Re: [Pdns-dev] How to set PowerDNS Server with option any-to-tcp 
>>>>From: bert hubert <bert.hub...@netherlabs.nl>
>>>>Date: 25 Aug 2015 12:39:05 CEST
>>>>Cc: Aki Tuomi <cmo...@youzen.ext.b2.fi>, pdns-dev@mailman.powerdns.com
>>>>To: Burak Ozalp <burak.oz...@metu.edu.tr>
>>>>
>>>>
>>>>>On 25 Aug 2015, at 12:24, Burak Ozalp <burak.oz...@metu.edu.tr> wrote:
>>>>>
>>>>>Thanks Bert,
>>>>>
>>>>>I installed dnsdist. with addAnyTCRule() i can easily do pdns
>>>>>any-to-tcp(). However, i couldn't manage to do for all types
>>>>>of queries. Should I patch the conf file ?
>>>>
>>>>
>>>>Hi Burak,
>>>>
>>>>Try:
>>>>
>>>>"The blockFilter() also gets passed read/writable copy of the
>>>>DNS Header. If you invoke setQR(1) on that, dnsdist knows you
>>>>turned the packet into a response, and will send the answer
>>>>directly to the original client.
>>>>
>>>>If you also called setTC(1), this will tell the remote client to
>>>>move to TCP/IP, and in this way you can implement ANY-to-TCP
>>>>even for downstream servers that lack this feature.?
>>>>
>>>>See: https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#any-or-whatever-to-tc 
>>>>
>>>>
>>>>just call setQR(1) and setTC(1) on the header field of
>>>>blockFilter() and you are done.
>>>>
>>>>Good luck!
>>>>
>>>>
>>>>
>>>>>
>>>>>Best Regards
>>>>>Burak Ozalp
>>>>>
>>>>>Alinti bert hubert <bert.hub...@powerdns.com>
>>>>>
>>>>>>Hi Burak,
>>>>>>
>>>>>>dnsdist can do this easily, please see http://dnsdist.org/
>>>>>>for more details.
>>>>>>It can set TC on any criterium.
>>>>>>
>>>>>>Good luck!
>>>>>>
>>>>>>        Bert
>>>>>>
>>>>>>On Tue, Aug 25, 2015 at 09:59:12AM +0300, Burak Ozalp wrote:
>>>>>>>Dear Tuomi,
>>>>>>>
>>>>>>>Yes it works.Does it possible to force all UDP request with
>>>>>>>truncated packet, and force all to use TCP ?
>>>>>>>
>>>>>>>Best Regards
>>>>>>>Burak Ozalp
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi>
>>>>>>>
>>>>>>>>On Mon, Aug 24, 2015 at 03:36:02PM +0300, Burak Ozalp wrote:
>>>>>>>>>I install PowerDNS with MySql backend from here.I would like to set
>>>>>>>>>any-to-tcp=yes for PowerDNS Server. I tried to configure
>>>>>>>>>/etc/powerdns/pdns.conf file and add a line "any-to-tcp=yes". This
>>>>>>>>>option should reject UDP request from client and force to use tcp.
>>>>>>>>>But when i run dig @127.0.0.1 it doesn't set the truncated bit in
>>>>>>>>>response, so it doesn't work.
>>>>>>>>>
>>>>>>>>>How to set correctly any-to-tcp option ?
>>>>>>>>>
>>>>>>>>
>>>>>>>>It only truncates ANY query, try dig any domain.com @localhost
>>>>>>>>
>>>>>>>>>
>>>>>>>>>_______________________________________________
>>>>>>>>>Pdns-dev mailing list
>>>>>>>>>Pdns-dev@mailman.powerdns.com
>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>_______________________________________________
>>>>>>>Pdns-dev mailing list
>>>>>>>Pdns-dev@mailman.powerdns.com
>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>>
>>
>>
>




_______________________________________________
Pdns-dev mailing list
Pdns-dev@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-dev








_______________________________________________
Pdns-dev mailing list
Pdns-dev@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-dev

Reply via email to