On Thu, Aug 27, 2015 at 02:14:46PM +0300, Burak Ozalp wrote:
> Hi everyone,
>
> when i run dnsdist with the config file, and change to
> /etc/resolv.conf nameserver with 127.0.0.1, i can use dig command
> and it works perfectly.
Which exact version do you run? I think you tried a version from an old RPM,
and one from git?
> However, after applying these configurations, when a connect a new
> web-site ( not in cached one) with chrome browser, in first 2 or 3
> tries it didn't work then it connect the web-site.
Is this with your "reply TC=1" or "TCP for everything" configuration? Can
you retest with that off if it is?
Bert
>
> What did cause these problem?
>
> Best Regards
> Burak Özalp
>
> Alinti Burak Ozalp <burak.oz...@metu.edu.tr>
>
> >It works! Thank you for all. I did when i want finally.
> >
> >Best Regards
> >Burak Ozalp
> >
> >Alinti bert hubert <bert.hub...@powerdns.com>
> >
> >>Hi Burak,
> >>
> >>I just tested this:
> >>
> >>addLocal("0.0.0.0:5200")
> >>newServer("192.168.1.2")
> >>
> >>function blockFilter(remote, qname, qtype, dh)
> >> dh:setTC(true)
> >> dh:setQR(true)
> >> return false
> >>end
> >>
> >>And I get this output:
> >>
> >>$ dig ds9a.nl @127.0.0.1 -p 5200
> >>;; Truncated, retrying in TCP mode.
> >>
> >>; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> ds9a.nl @127.0.0.1 -p 5200
> >>;; global options: +cmd
> >>;; Got answer:
> >>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64932
> >>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> >>
> >>;; QUESTION SECTION:
> >>;ds9a.nl. IN A
> >>
> >>;; ANSWER SECTION:
> >>ds9a.nl. 349 IN A 82.94.213.34
> >>
> >>;; Query time: 1 msec
> >>;; SERVER: 127.0.0.1#5200(127.0.0.1)
> >>;; WHEN: Wed Aug 26 14:14:31 CEST 2015
> >>;; MSG SIZE rcvd: 41
> >>
> >>Can you try as well?
> >>
> >> Bert
> >>
> >>On Wed, Aug 26, 2015 at 09:16:33AM +0300, Burak Ozalp wrote:
> >>>I did not run " sudo service pdns start", so i didn't bind
> >>>0.0.0.0:53 on same host. Also i can run addAnyTCRule() perfectly,
> >>>and it rejects ANY queries well
> >>>(i.e;root@burak-desktop:/home/burak# dig any google.com @127.0.0.1
> >>>;; Truncated, retrying in TCP mode.
> >>>;; communications error: end of file).
> >>>
> >>>My main problem is that i couldn't manage to work dnsdistconf.lua as
> >>>I want even if with the command ( dnsdist --local 0.0.0.0:53
> >>>192.168.0.1 --config dnsdistconf.lua ).
> >>>
> >>>
> >>>Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi>
> >>>
> >>>>Well, technically if you are already listening on 192.168.0.1:53
> >>>>you cannot bind on 0.0.0.0:53 on *same* host.
> >>>>
> >>>>Aki
> >>>>
> >>>>On Wed, Aug 26, 2015 at 08:50:47AM +0300, Burak Ozalp wrote:
> >>>>>In another terminal i run the following command;
> >>>>>
> >>>>>dnsdist --local 0.0.0.0:53 192.168.0.1
> >>>>>
> >>>>>Is it wrong ?
> >>>>>
> >>>>>Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi>
> >>>>>
> >>>>>>Did you put dnsdist in front of powerdns instance? Is it listening on
> >>>>>>127.0.0.1:53?
> >>>>>>
> >>>>>>Aki
> >>>>>>
> >>>>>>On Tue, Aug 25, 2015 at 04:39:55PM +0300, Burak Ozalp wrote:
> >>>>>>>This is my dig output;
> >>>>>>>dig google.com @127.0.0.1
> >>>>>>>; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> google.com @127.0.0.1
> >>>>>>>;; global options: +cmd
> >>>>>>>;; Got answer:
> >>>>>>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2143
> >>>>>>>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
> >>>>>>>
> >>>>>>>;; OPT PSEUDOSECTION:
> >>>>>>>; EDNS: version: 0, flags:; udp: 4096
> >>>>>>>;; QUESTION SECTION:
> >>>>>>>;google.com. IN A
> >>>>>>>
> >>>>>>>;; ANSWER SECTION:
> >>>>>>>google.com. 167 IN A 216.58.209.14
> >>>>>>>
> >>>>>>>;; AUTHORITY SECTION:
> >>>>>>>google.com. 30662 IN NS ns4.google.com.
> >>>>>>>google.com. 30662 IN NS ns1.google.com.
> >>>>>>>google.com. 30662 IN NS ns2.google.com.
> >>>>>>>google.com. 30662 IN NS ns3.google.com.
> >>>>>>>
> >>>>>>>;; ADDITIONAL SECTION:
> >>>>>>>ns1.google.com. 30944 IN A 216.239.32.10
> >>>>>>>ns2.google.com. 10757 IN A 216.239.34.10
> >>>>>>>ns3.google.com. 12219 IN A 216.239.36.10
> >>>>>>>ns4.google.com. 40489 IN A 216.239.38.10
> >>>>>>>
> >>>>>>>;; Query time: 17 msec
> >>>>>>>;; SERVER: 127.0.0.1#53(127.0.0.1)
> >>>>>>>;; WHEN: Tue Aug 25 16:16:23 EEST 2015
> >>>>>>>;; MSG SIZE rcvd: 191
> >>>>>>>
> >>>>>>>
> >>>>>>>Alinti bert hubert <bert.hub...@powerdns.com>
> >>>>>>>
> >>>>>>>>Does it print out anything at all?
> >>>>>>>>
> >>>>>>>>Can you show a 'dig' command that shows TC:0
> >>>>>>>>response and no fallback to
> >>>>>>>>TCP/IP?
> >>>>>>>>
> >>>>>>>>Thanks!
> >>>>>>>>
> >>>>>>>>On Tue, Aug 25, 2015 at 02:52:33PM +0300, Burak Ozalp wrote:
> >>>>>>>>>Dear Bert;
> >>>>>>>>>
> >>>>>>>>>Firstly, thanks a lot for fast and illustrative replies. i learned a
> >>>>>>>>>lot of things. But i have a problem again :(
> >>>>>>>>>I change the dnsdistconf.lua file blockfilter() function as:
> >>>>>>>>>function blockFilter(remote, qname, qtype, dh)
> >>>>>>>>>
> >>>>>>>>> print("any query, tc=1")
> >>>>>>>>> dh:setTC(true)
> >>>>>>>>> dh:setQR(true)
> >>>>>>>>>
> >>>>>>>>> if(qname:isPartOf(block))
> >>>>>>>>> then
> >>>>>>>>> print("Blocking *.powerdns.org")
> >>>>>>>>> return true
> >>>>>>>>> end
> >>>>>>>>> return false
> >>>>>>>>>end
> >>>>>>>>>
> >>>>>>>>>then i did re-installation and run dnsdist. However, nothing
> >>>>>is changed..
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>Alinti bert hubert <bert.hub...@powerdns.com>
> >>>>>>>>>
> >>>>>>>>>>sent from the wrong account first, sorry.
> >>>>>>>>>>
> >>>>>>>>>>>Begin forwarded message:
> >>>>>>>>>>>
> >>>>>>>>>>>Subject: Re: [Pdns-dev] How to set PowerDNS Server with
> >>>>>>>option any-to-tcp
> >>>>>>>>>>>From: bert hubert <bert.hub...@netherlabs.nl>
> >>>>>>>>>>>Date: 25 Aug 2015 12:39:05 CEST
> >>>>>>>>>>>Cc: Aki Tuomi <cmo...@youzen.ext.b2.fi>,
> >>>>>>>>>>>pdns-dev@mailman.powerdns.com
> >>>>>>>>>>>To: Burak Ozalp <burak.oz...@metu.edu.tr>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>>On 25 Aug 2015, at 12:24, Burak Ozalp
> >>>>><burak.oz...@metu.edu.tr> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>Thanks Bert,
> >>>>>>>>>>>>
> >>>>>>>>>>>>I installed dnsdist. with addAnyTCRule() i can easily do pdns
> >>>>>>>>>>>>any-to-tcp(). However, i couldn't manage to do for all types
> >>>>>>>>>>>>of queries. Should I patch the conf file ?
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>Hi Burak,
> >>>>>>>>>>>
> >>>>>>>>>>>Try:
> >>>>>>>>>>>
> >>>>>>>>>>>"The blockFilter() also gets passed read/writable copy of the
> >>>>>>>>>>>DNS Header. If you invoke setQR(1) on that, dnsdist knows you
> >>>>>>>>>>>turned the packet into a response, and will send the answer
> >>>>>>>>>>>directly to the original client.
> >>>>>>>>>>>
> >>>>>>>>>>>If you also called setTC(1), this will tell the remote client to
> >>>>>>>>>>>move to TCP/IP, and in this way you can implement ANY-to-TCP
> >>>>>>>>>>>even for downstream servers that lack this feature.?
> >>>>>>>>>>>
> >>>>>>>>>>>See:
> >>>>>>>>>>>https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#any-or-whatever-to-tc
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>just call setQR(1) and setTC(1) on the header field of
> >>>>>>>>>>>blockFilter() and you are done.
> >>>>>>>>>>>
> >>>>>>>>>>>Good luck!
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>Best Regards
> >>>>>>>>>>>>Burak Ozalp
> >>>>>>>>>>>>
> >>>>>>>>>>>>Alinti bert hubert <bert.hub...@powerdns.com>
> >>>>>>>>>>>>
> >>>>>>>>>>>>>Hi Burak,
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>dnsdist can do this easily, please see http://dnsdist.org/
> >>>>>>>>>>>>>for more details.
> >>>>>>>>>>>>>It can set TC on any criterium.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>Good luck!
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Bert
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>On Tue, Aug 25, 2015 at 09:59:12AM +0300, Burak Ozalp wrote:
> >>>>>>>>>>>>>>Dear Tuomi,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>Yes it works.Does it possible to force all UDP request with
> >>>>>>>>>>>>>>truncated packet, and force all to use TCP ?
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>Best Regards
> >>>>>>>>>>>>>>Burak Ozalp
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>On Mon, Aug 24, 2015 at 03:36:02PM +0300, Burak Ozalp wrote:
> >>>>>>>>>>>>>>>>I install PowerDNS with MySql backend from here.I
> >>>>>would like to set
> >>>>>>>>>>>>>>>>any-to-tcp=yes for PowerDNS Server. I tried to configure
> >>>>>>>>>>>>>>>>/etc/powerdns/pdns.conf file and add a line
> >>>>>"any-to-tcp=yes". This
> >>>>>>>>>>>>>>>>option should reject UDP request from client and
> >>>>>force to use tcp.
> >>>>>>>>>>>>>>>>But when i run dig @127.0.0.1 it
> >>>>>>>>>>>>>>>>doesn't set the truncated bit in
> >>>>>>>>>>>>>>>>response, so it doesn't work.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>How to set correctly any-to-tcp option ?
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>It only truncates ANY query, try dig any domain.com @localhost
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>_______________________________________________
> >>>>>>>>>>>>>>>>Pdns-dev mailing list
> >>>>>>>>>>>>>>>>Pdns-dev@mailman.powerdns.com
> >>>>>>>>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>_______________________________________________
> >>>>>>>>>>>>>>Pdns-dev mailing list
> >>>>>>>>>>>>>>Pdns-dev@mailman.powerdns.com
> >>>>>>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>_______________________________________________
> >>>>>>>Pdns-dev mailing list
> >>>>>>>Pdns-dev@mailman.powerdns.com
> >>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>
> >
> >
> >
> >
> >_______________________________________________
> >Pdns-dev mailing list
> >Pdns-dev@mailman.powerdns.com
> >http://mailman.powerdns.com/mailman/listinfo/pdns-dev
> >
>
>
>
_______________________________________________
Pdns-dev mailing list
Pdns-dev@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-dev
