I did not run " sudo service pdns start", so i didn't bind
0.0.0.0:53 on same host. Also i can run addAnyTCRule() perfectly,
and it rejects ANY queries well
(i.e;root@burak-desktop:/home/burak# dig any google.com @127.0.0.1
;; Truncated, retrying in TCP mode.
;; communications error: end of file).
My main problem is that i couldn't manage to work dnsdistconf.lua as
I want even if with the command ( dnsdist --local 0.0.0.0:53
192.168.0.1 --config dnsdistconf.lua ).
Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi>
>Well, technically if you are already listening on 192.168.0.1:53
>you cannot bind on 0.0.0.0:53 on *same* host.
>
>Aki
>
>On Wed, Aug 26, 2015 at 08:50:47AM +0300, Burak Ozalp wrote:
>>In another terminal i run the following command;
>>
>>dnsdist --local 0.0.0.0:53 192.168.0.1
>>
>>Is it wrong ?
>>
>>Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi>
>>
>>>Did you put dnsdist in front of powerdns instance? Is it listening on
>>>127.0.0.1:53?
>>>
>>>Aki
>>>
>>>On Tue, Aug 25, 2015 at 04:39:55PM +0300, Burak Ozalp wrote:
>>>>This is my dig output;
>>>>dig google.com @127.0.0.1
>>>>; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> google.com @127.0.0.1
>>>>;; global options: +cmd
>>>>;; Got answer:
>>>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2143
>>>>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
>>>>
>>>>;; OPT PSEUDOSECTION:
>>>>; EDNS: version: 0, flags:; udp: 4096
>>>>;; QUESTION SECTION:
>>>>;google.com. IN A
>>>>
>>>>;; ANSWER SECTION:
>>>>google.com. 167 IN A 216.58.209.14
>>>>
>>>>;; AUTHORITY SECTION:
>>>>google.com. 30662 IN NS ns4.google.com.
>>>>google.com. 30662 IN NS ns1.google.com.
>>>>google.com. 30662 IN NS ns2.google.com.
>>>>google.com. 30662 IN NS ns3.google.com.
>>>>
>>>>;; ADDITIONAL SECTION:
>>>>ns1.google.com. 30944 IN A 216.239.32.10
>>>>ns2.google.com. 10757 IN A 216.239.34.10
>>>>ns3.google.com. 12219 IN A 216.239.36.10
>>>>ns4.google.com. 40489 IN A 216.239.38.10
>>>>
>>>>;; Query time: 17 msec
>>>>;; SERVER: 127.0.0.1#53(127.0.0.1)
>>>>;; WHEN: Tue Aug 25 16:16:23 EEST 2015
>>>>;; MSG SIZE rcvd: 191
>>>>
>>>>
>>>>Alinti bert hubert <bert.hub...@powerdns.com>
>>>>
>>>>>Does it print out anything at all?
>>>>>
>>>>>Can you show a 'dig' command that shows TC:0 response and no
fallback to
>>>>>TCP/IP?
>>>>>
>>>>>Thanks!
>>>>>
>>>>>On Tue, Aug 25, 2015 at 02:52:33PM +0300, Burak Ozalp wrote:
>>>>>>Dear Bert;
>>>>>>
>>>>>>Firstly, thanks a lot for fast and illustrative replies. i learned a
>>>>>>lot of things. But i have a problem again :(
>>>>>>I change the dnsdistconf.lua file blockfilter() function as:
>>>>>>function blockFilter(remote, qname, qtype, dh)
>>>>>>
>>>>>> print("any query, tc=1")
>>>>>> dh:setTC(true)
>>>>>> dh:setQR(true)
>>>>>>
>>>>>> if(qname:isPartOf(block))
>>>>>> then
>>>>>> print("Blocking *.powerdns.org")
>>>>>> return true
>>>>>> end
>>>>>> return false
>>>>>>end
>>>>>>
>>>>>>then i did re-installation and run dnsdist. However, nothing
>>is changed..
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>Alinti bert hubert <bert.hub...@powerdns.com>
>>>>>>
>>>>>>>sent from the wrong account first, sorry.
>>>>>>>
>>>>>>>>Begin forwarded message:
>>>>>>>>
>>>>>>>>Subject: Re: [Pdns-dev] How to set PowerDNS Server with
>>>>option any-to-tcp
>>>>>>>>From: bert hubert <bert.hub...@netherlabs.nl>
>>>>>>>>Date: 25 Aug 2015 12:39:05 CEST
>>>>>>>>Cc: Aki Tuomi <cmo...@youzen.ext.b2.fi>,
pdns-dev@mailman.powerdns.com
>>>>>>>>To: Burak Ozalp <burak.oz...@metu.edu.tr>
>>>>>>>>
>>>>>>>>
>>>>>>>>>On 25 Aug 2015, at 12:24, Burak Ozalp
>><burak.oz...@metu.edu.tr> wrote:
>>>>>>>>>
>>>>>>>>>Thanks Bert,
>>>>>>>>>
>>>>>>>>>I installed dnsdist. with addAnyTCRule() i can easily do pdns
>>>>>>>>>any-to-tcp(). However, i couldn't manage to do for all types
>>>>>>>>>of queries. Should I patch the conf file ?
>>>>>>>>
>>>>>>>>
>>>>>>>>Hi Burak,
>>>>>>>>
>>>>>>>>Try:
>>>>>>>>
>>>>>>>>"The blockFilter() also gets passed read/writable copy of the
>>>>>>>>DNS Header. If you invoke setQR(1) on that, dnsdist knows you
>>>>>>>>turned the packet into a response, and will send the answer
>>>>>>>>directly to the original client.
>>>>>>>>
>>>>>>>>If you also called setTC(1), this will tell the remote client to
>>>>>>>>move to TCP/IP, and in this way you can implement ANY-to-TCP
>>>>>>>>even for downstream servers that lack this feature.?
>>>>>>>>
>>>>>>>>See:
https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#any-or-whatever-to-tc
>>>>>>>>
>>>>>>>>
>>>>>>>>just call setQR(1) and setTC(1) on the header field of
>>>>>>>>blockFilter() and you are done.
>>>>>>>>
>>>>>>>>Good luck!
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>>Best Regards
>>>>>>>>>Burak Ozalp
>>>>>>>>>
>>>>>>>>>Alinti bert hubert <bert.hub...@powerdns.com>
>>>>>>>>>
>>>>>>>>>>Hi Burak,
>>>>>>>>>>
>>>>>>>>>>dnsdist can do this easily, please see http://dnsdist.org/
>>>>>>>>>>for more details.
>>>>>>>>>>It can set TC on any criterium.
>>>>>>>>>>
>>>>>>>>>>Good luck!
>>>>>>>>>>
>>>>>>>>>> Bert
>>>>>>>>>>
>>>>>>>>>>On Tue, Aug 25, 2015 at 09:59:12AM +0300, Burak Ozalp wrote:
>>>>>>>>>>>Dear Tuomi,
>>>>>>>>>>>
>>>>>>>>>>>Yes it works.Does it possible to force all UDP request with
>>>>>>>>>>>truncated packet, and force all to use TCP ?
>>>>>>>>>>>
>>>>>>>>>>>Best Regards
>>>>>>>>>>>Burak Ozalp
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi>
>>>>>>>>>>>
>>>>>>>>>>>>On Mon, Aug 24, 2015 at 03:36:02PM +0300, Burak Ozalp wrote:
>>>>>>>>>>>>>I install PowerDNS with MySql backend from here.I
>>would like to set
>>>>>>>>>>>>>any-to-tcp=yes for PowerDNS Server. I tried to configure
>>>>>>>>>>>>>/etc/powerdns/pdns.conf file and add a line
>>"any-to-tcp=yes". This
>>>>>>>>>>>>>option should reject UDP request from client and
>>force to use tcp.
>>>>>>>>>>>>>But when i run dig @127.0.0.1 it doesn't set the
truncated bit in
>>>>>>>>>>>>>response, so it doesn't work.
>>>>>>>>>>>>>
>>>>>>>>>>>>>How to set correctly any-to-tcp option ?
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>It only truncates ANY query, try dig any domain.com @localhost
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>_______________________________________________
>>>>>>>>>>>>>Pdns-dev mailing list
>>>>>>>>>>>>>Pdns-dev@mailman.powerdns.com
>>>>>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>_______________________________________________
>>>>>>>>>>>Pdns-dev mailing list
>>>>>>>>>>>Pdns-dev@mailman.powerdns.com
>>>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>>_______________________________________________
>>>>Pdns-dev mailing list
>>>>Pdns-dev@mailman.powerdns.com
>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>>>>
>>>
>>
>>
>>
>>
>
