In another terminal i run the following command;
dnsdist --local 0.0.0.0:53 192.168.0.1
Is it wrong ?
Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi>
>Did you put dnsdist in front of powerdns instance? Is it listening on
>127.0.0.1:53?
>
>Aki
>
>On Tue, Aug 25, 2015 at 04:39:55PM +0300, Burak Ozalp wrote:
>>This is my dig output;
>>dig google.com @127.0.0.1
>>; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> google.com @127.0.0.1
>>;; global options: +cmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2143
>>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
>>
>>;; OPT PSEUDOSECTION:
>>; EDNS: version: 0, flags:; udp: 4096
>>;; QUESTION SECTION:
>>;google.com. IN A
>>
>>;; ANSWER SECTION:
>>google.com. 167 IN A 216.58.209.14
>>
>>;; AUTHORITY SECTION:
>>google.com. 30662 IN NS ns4.google.com.
>>google.com. 30662 IN NS ns1.google.com.
>>google.com. 30662 IN NS ns2.google.com.
>>google.com. 30662 IN NS ns3.google.com.
>>
>>;; ADDITIONAL SECTION:
>>ns1.google.com. 30944 IN A 216.239.32.10
>>ns2.google.com. 10757 IN A 216.239.34.10
>>ns3.google.com. 12219 IN A 216.239.36.10
>>ns4.google.com. 40489 IN A 216.239.38.10
>>
>>;; Query time: 17 msec
>>;; SERVER: 127.0.0.1#53(127.0.0.1)
>>;; WHEN: Tue Aug 25 16:16:23 EEST 2015
>>;; MSG SIZE rcvd: 191
>>
>>
>>Alinti bert hubert <bert.hub...@powerdns.com>
>>
>>>Does it print out anything at all?
>>>
>>>Can you show a 'dig' command that shows TC:0 response and no fallback to
>>>TCP/IP?
>>>
>>>Thanks!
>>>
>>>On Tue, Aug 25, 2015 at 02:52:33PM +0300, Burak Ozalp wrote:
>>>>Dear Bert;
>>>>
>>>>Firstly, thanks a lot for fast and illustrative replies. i learned a
>>>>lot of things. But i have a problem again :(
>>>>I change the dnsdistconf.lua file blockfilter() function as:
>>>>function blockFilter(remote, qname, qtype, dh)
>>>>
>>>> print("any query, tc=1")
>>>> dh:setTC(true)
>>>> dh:setQR(true)
>>>>
>>>> if(qname:isPartOf(block))
>>>> then
>>>> print("Blocking *.powerdns.org")
>>>> return true
>>>> end
>>>> return false
>>>>end
>>>>
>>>>then i did re-installation and run dnsdist. However, nothing is
changed..
>>>>
>>>>
>>>>
>>>>
>>>>Alinti bert hubert <bert.hub...@powerdns.com>
>>>>
>>>>>sent from the wrong account first, sorry.
>>>>>
>>>>>>Begin forwarded message:
>>>>>>
>>>>>>Subject: Re: [Pdns-dev] How to set PowerDNS Server with
>>option any-to-tcp
>>>>>>From: bert hubert <bert.hub...@netherlabs.nl>
>>>>>>Date: 25 Aug 2015 12:39:05 CEST
>>>>>>Cc: Aki Tuomi <cmo...@youzen.ext.b2.fi>, pdns-dev@mailman.powerdns.com
>>>>>>To: Burak Ozalp <burak.oz...@metu.edu.tr>
>>>>>>
>>>>>>
>>>>>>>On 25 Aug 2015, at 12:24, Burak Ozalp
<burak.oz...@metu.edu.tr> wrote:
>>>>>>>
>>>>>>>Thanks Bert,
>>>>>>>
>>>>>>>I installed dnsdist. with addAnyTCRule() i can easily do pdns
>>>>>>>any-to-tcp(). However, i couldn't manage to do for all types
>>>>>>>of queries. Should I patch the conf file ?
>>>>>>
>>>>>>
>>>>>>Hi Burak,
>>>>>>
>>>>>>Try:
>>>>>>
>>>>>>"The blockFilter() also gets passed read/writable copy of the
>>>>>>DNS Header. If you invoke setQR(1) on that, dnsdist knows you
>>>>>>turned the packet into a response, and will send the answer
>>>>>>directly to the original client.
>>>>>>
>>>>>>If you also called setTC(1), this will tell the remote client to
>>>>>>move to TCP/IP, and in this way you can implement ANY-to-TCP
>>>>>>even for downstream servers that lack this feature.?
>>>>>>
>>>>>>See:
https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#any-or-whatever-to-tc
>>>>>>
>>>>>>
>>>>>>just call setQR(1) and setTC(1) on the header field of
>>>>>>blockFilter() and you are done.
>>>>>>
>>>>>>Good luck!
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>Best Regards
>>>>>>>Burak Ozalp
>>>>>>>
>>>>>>>Alinti bert hubert <bert.hub...@powerdns.com>
>>>>>>>
>>>>>>>>Hi Burak,
>>>>>>>>
>>>>>>>>dnsdist can do this easily, please see http://dnsdist.org/
>>>>>>>>for more details.
>>>>>>>>It can set TC on any criterium.
>>>>>>>>
>>>>>>>>Good luck!
>>>>>>>>
>>>>>>>> Bert
>>>>>>>>
>>>>>>>>On Tue, Aug 25, 2015 at 09:59:12AM +0300, Burak Ozalp wrote:
>>>>>>>>>Dear Tuomi,
>>>>>>>>>
>>>>>>>>>Yes it works.Does it possible to force all UDP request with
>>>>>>>>>truncated packet, and force all to use TCP ?
>>>>>>>>>
>>>>>>>>>Best Regards
>>>>>>>>>Burak Ozalp
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi>
>>>>>>>>>
>>>>>>>>>>On Mon, Aug 24, 2015 at 03:36:02PM +0300, Burak Ozalp wrote:
>>>>>>>>>>>I install PowerDNS with MySql backend from here.I would
like to set
>>>>>>>>>>>any-to-tcp=yes for PowerDNS Server. I tried to configure
>>>>>>>>>>>/etc/powerdns/pdns.conf file and add a line
"any-to-tcp=yes". This
>>>>>>>>>>>option should reject UDP request from client and force
to use tcp.
>>>>>>>>>>>But when i run dig @127.0.0.1 it doesn't set the truncated bit in
>>>>>>>>>>>response, so it doesn't work.
>>>>>>>>>>>
>>>>>>>>>>>How to set correctly any-to-tcp option ?
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>It only truncates ANY query, try dig any domain.com @localhost
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>_______________________________________________
>>>>>>>>>>>Pdns-dev mailing list
>>>>>>>>>>>Pdns-dev@mailman.powerdns.com
>>>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>_______________________________________________
>>>>>>>>>Pdns-dev mailing list
>>>>>>>>>Pdns-dev@mailman.powerdns.com
>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>>
>>_______________________________________________
>>Pdns-dev mailing list
>>Pdns-dev@mailman.powerdns.com
>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>>
>
