What did cause these problem?
Best Regards
Burak Özalp
Alinti Burak Ozalp <burak.oz...@metu.edu.tr>
>It works! Thank you for all. I did when i want finally.
>
>Best Regards
>Burak Ozalp
>
>Alinti bert hubert <bert.hub...@powerdns.com>
>
>>Hi Burak,
>>
>>I just tested this:
>>
>>addLocal("0.0.0.0:5200")
>>newServer("192.168.1.2")
>>
>>function blockFilter(remote, qname, qtype, dh)
>> dh:setTC(true)
>> dh:setQR(true)
>> return false
>>end
>>
>>And I get this output:
>>
>>$ dig ds9a.nl @127.0.0.1 -p 5200
>>;; Truncated, retrying in TCP mode.
>>
>>; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> ds9a.nl @127.0.0.1 -p 5200
>>;; global options: +cmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64932
>>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>>
>>;; QUESTION SECTION:
>>;ds9a.nl. IN A
>>
>>;; ANSWER SECTION:
>>ds9a.nl. 349 IN A 82.94.213.34
>>
>>;; Query time: 1 msec
>>;; SERVER: 127.0.0.1#5200(127.0.0.1)
>>;; WHEN: Wed Aug 26 14:14:31 CEST 2015
>>;; MSG SIZE rcvd: 41
>>
>>Can you try as well?
>>
>> Bert
>>
>>On Wed, Aug 26, 2015 at 09:16:33AM +0300, Burak Ozalp wrote:
>>>I did not run " sudo service pdns start", so i didn't bind
>>>0.0.0.0:53 on same host. Also i can run addAnyTCRule() perfectly,
>>>and it rejects ANY queries well
>>>(i.e;root@burak-desktop:/home/burak# dig any google.com @127.0.0.1
>>>;; Truncated, retrying in TCP mode.
>>>;; communications error: end of file).
>>>
>>>My main problem is that i couldn't manage to work dnsdistconf.lua as
>>>I want even if with the command ( dnsdist --local 0.0.0.0:53
>>>192.168.0.1 --config dnsdistconf.lua ).
>>>
>>>
>>>Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi>
>>>
>>>>Well, technically if you are already listening on 192.168.0.1:53
>>>>you cannot bind on 0.0.0.0:53 on *same* host.
>>>>
>>>>Aki
>>>>
>>>>On Wed, Aug 26, 2015 at 08:50:47AM +0300, Burak Ozalp wrote:
>>>>>In another terminal i run the following command;
>>>>>
>>>>>dnsdist --local 0.0.0.0:53 192.168.0.1
>>>>>
>>>>>Is it wrong ?
>>>>>
>>>>>Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi>
>>>>>
>>>>>>Did you put dnsdist in front of powerdns instance? Is it listening on
>>>>>>127.0.0.1:53?
>>>>>>
>>>>>>Aki
>>>>>>
>>>>>>On Tue, Aug 25, 2015 at 04:39:55PM +0300, Burak Ozalp wrote:
>>>>>>>This is my dig output;
>>>>>>>dig google.com @127.0.0.1
>>>>>>>; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> google.com @127.0.0.1
>>>>>>>;; global options: +cmd
>>>>>>>;; Got answer:
>>>>>>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2143
>>>>>>>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
>>>>>>>
>>>>>>>;; OPT PSEUDOSECTION:
>>>>>>>; EDNS: version: 0, flags:; udp: 4096
>>>>>>>;; QUESTION SECTION:
>>>>>>>;google.com. IN A
>>>>>>>
>>>>>>>;; ANSWER SECTION:
>>>>>>>google.com. 167 IN A 216.58.209.14
>>>>>>>
>>>>>>>;; AUTHORITY SECTION:
>>>>>>>google.com. 30662 IN NS ns4.google.com.
>>>>>>>google.com. 30662 IN NS ns1.google.com.
>>>>>>>google.com. 30662 IN NS ns2.google.com.
>>>>>>>google.com. 30662 IN NS ns3.google.com.
>>>>>>>
>>>>>>>;; ADDITIONAL SECTION:
>>>>>>>ns1.google.com. 30944 IN A 216.239.32.10
>>>>>>>ns2.google.com. 10757 IN A 216.239.34.10
>>>>>>>ns3.google.com. 12219 IN A 216.239.36.10
>>>>>>>ns4.google.com. 40489 IN A 216.239.38.10
>>>>>>>
>>>>>>>;; Query time: 17 msec
>>>>>>>;; SERVER: 127.0.0.1#53(127.0.0.1)
>>>>>>>;; WHEN: Tue Aug 25 16:16:23 EEST 2015
>>>>>>>;; MSG SIZE rcvd: 191
>>>>>>>
>>>>>>>
>>>>>>>Alinti bert hubert <bert.hub...@powerdns.com>
>>>>>>>
>>>>>>>>Does it print out anything at all?
>>>>>>>>
>>>>>>>>Can you show a 'dig' command that shows TC:0
>>>>>>>>response and no fallback to
>>>>>>>>TCP/IP?
>>>>>>>>
>>>>>>>>Thanks!
>>>>>>>>
>>>>>>>>On Tue, Aug 25, 2015 at 02:52:33PM +0300, Burak Ozalp wrote:
>>>>>>>>>Dear Bert;
>>>>>>>>>
>>>>>>>>>Firstly, thanks a lot for fast and illustrative replies. i
learned a
>>>>>>>>>lot of things. But i have a problem again :(
>>>>>>>>>I change the dnsdistconf.lua file blockfilter() function as:
>>>>>>>>>function blockFilter(remote, qname, qtype, dh)
>>>>>>>>>
>>>>>>>>> print("any query, tc=1")
>>>>>>>>> dh:setTC(true)
>>>>>>>>> dh:setQR(true)
>>>>>>>>>
>>>>>>>>> if(qname:isPartOf(block))
>>>>>>>>> then
>>>>>>>>> print("Blocking *.powerdns.org")
>>>>>>>>> return true
>>>>>>>>> end
>>>>>>>>> return false
>>>>>>>>>end
>>>>>>>>>
>>>>>>>>>then i did re-installation and run dnsdist. However, nothing
>>>>>is changed..
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>Alinti bert hubert <bert.hub...@powerdns.com>
>>>>>>>>>
>>>>>>>>>>sent from the wrong account first, sorry.
>>>>>>>>>>
>>>>>>>>>>>Begin forwarded message:
>>>>>>>>>>>
>>>>>>>>>>>Subject: Re: [Pdns-dev] How to set PowerDNS Server with
>>>>>>>option any-to-tcp
>>>>>>>>>>>From: bert hubert <bert.hub...@netherlabs.nl>
>>>>>>>>>>>Date: 25 Aug 2015 12:39:05 CEST
>>>>>>>>>>>Cc: Aki Tuomi <cmo...@youzen.ext.b2.fi>,
>>>>>>>>>>>pdns-dev@mailman.powerdns.com
>>>>>>>>>>>To: Burak Ozalp <burak.oz...@metu.edu.tr>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>On 25 Aug 2015, at 12:24, Burak Ozalp
>>>>><burak.oz...@metu.edu.tr> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>Thanks Bert,
>>>>>>>>>>>>
>>>>>>>>>>>>I installed dnsdist. with addAnyTCRule() i can easily do pdns
>>>>>>>>>>>>any-to-tcp(). However, i couldn't manage to do for all types
>>>>>>>>>>>>of queries. Should I patch the conf file ?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>Hi Burak,
>>>>>>>>>>>
>>>>>>>>>>>Try:
>>>>>>>>>>>
>>>>>>>>>>>"The blockFilter() also gets passed read/writable copy of the
>>>>>>>>>>>DNS Header. If you invoke setQR(1) on that, dnsdist knows you
>>>>>>>>>>>turned the packet into a response, and will send the answer
>>>>>>>>>>>directly to the original client.
>>>>>>>>>>>
>>>>>>>>>>>If you also called setTC(1), this will tell the remote client to
>>>>>>>>>>>move to TCP/IP, and in this way you can implement ANY-to-TCP
>>>>>>>>>>>even for downstream servers that lack this feature.?
>>>>>>>>>>>
>>>>>>>>>>>See:
https://github.com/PowerDNS/pdns/blob/master/pdns/README-dnsdist.md#any-or-whatever-to-tc
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>just call setQR(1) and setTC(1) on the header field of
>>>>>>>>>>>blockFilter() and you are done.
>>>>>>>>>>>
>>>>>>>>>>>Good luck!
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>Best Regards
>>>>>>>>>>>>Burak Ozalp
>>>>>>>>>>>>
>>>>>>>>>>>>Alinti bert hubert <bert.hub...@powerdns.com>
>>>>>>>>>>>>
>>>>>>>>>>>>>Hi Burak,
>>>>>>>>>>>>>
>>>>>>>>>>>>>dnsdist can do this easily, please see http://dnsdist.org/
>>>>>>>>>>>>>for more details.
>>>>>>>>>>>>>It can set TC on any criterium.
>>>>>>>>>>>>>
>>>>>>>>>>>>>Good luck!
>>>>>>>>>>>>>
>>>>>>>>>>>>> Bert
>>>>>>>>>>>>>
>>>>>>>>>>>>>On Tue, Aug 25, 2015 at 09:59:12AM +0300, Burak Ozalp wrote:
>>>>>>>>>>>>>>Dear Tuomi,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>Yes it works.Does it possible to force all UDP request with
>>>>>>>>>>>>>>truncated packet, and force all to use TCP ?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>Best Regards
>>>>>>>>>>>>>>Burak Ozalp
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>Alinti Aki Tuomi <cmo...@youzen.ext.b2.fi>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>On Mon, Aug 24, 2015 at 03:36:02PM +0300, Burak Ozalp wrote:
>>>>>>>>>>>>>>>>I install PowerDNS with MySql backend from here.I
>>>>>would like to set
>>>>>>>>>>>>>>>>any-to-tcp=yes for PowerDNS Server. I tried to configure
>>>>>>>>>>>>>>>>/etc/powerdns/pdns.conf file and add a line
>>>>>"any-to-tcp=yes". This
>>>>>>>>>>>>>>>>option should reject UDP request from client and
>>>>>force to use tcp.
>>>>>>>>>>>>>>>>But when i run dig @127.0.0.1 it
>>>>>>>>>>>>>>>>doesn't set the truncated bit in
>>>>>>>>>>>>>>>>response, so it doesn't work.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>How to set correctly any-to-tcp option ?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>It only truncates ANY query, try dig any domain.com
@localhost
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>_______________________________________________
>>>>>>>>>>>>>>>>Pdns-dev mailing list
>>>>>>>>>>>>>>>>Pdns-dev@mailman.powerdns.com
>>>>>>>>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>_______________________________________________
>>>>>>>>>>>>>>Pdns-dev mailing list
>>>>>>>>>>>>>>Pdns-dev@mailman.powerdns.com
>>>>>>>>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>_______________________________________________
>>>>>>>Pdns-dev mailing list
>>>>>>>Pdns-dev@mailman.powerdns.com
>>>>>>>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>>
>>
>
>
>
>
>_______________________________________________
>Pdns-dev mailing list
>Pdns-dev@mailman.powerdns.com
>http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>
