You have to tell dig to use DoH `+https=/dns-query` for https `+http-plain=/dns-query` for http
On Mon, Nov 17, 2025 at 11:51 AM ROGER VIncent via Pdns-users < [email protected]> wrote: > Hi, > > I intend to access dnsdist via DoH with an apache reverse proxy, but first > I can't get dnsdist respond to queries : > > ➜ ~ dig -t aaaa powerdns.com @127.0.0.1 -p 5300 +short +nocookie > ;; communications error to 127.0.0.1#5300: connection refused > ;; communications error to 127.0.0.1#5300: connection refused > ;; communications error to 127.0.0.1#5300: connection refused > > ; <<>> DiG 9.20.15-1~deb13u1-Debian <<>> -t aaaa powerdns.com @127.0.0.1 > -p 5300 +short +nocookie > ;; global options: +cmd > ;; no servers could be reached > > Here is my dnsdist.conf : > > -- disable security status polling via DNS > setSecurityPollSuffix("") > > setACL("127.0.0.1/8") > > -- Define upstream DNS server (Pi-hole) > newServer({address="192.168.0.26:53", name="Pi2-hole", checkInterval=60, > mustResolve=true}) > newServer({address="192.168.0.24:53", name="Pi1-hole", checkInterval=60, > mustResolve=true}) > > -- Set the load balancing policy > setServerPolicy(roundrobin) > > -- Create local DOH server listener in DNS over HTTP mode, otherwise the > information coming from nginx won't be processed well > addDOHLocal("127.0.0.1:5300", nil, nil, "/dns-query", {reusePort=true, > trustForwardedForHeader=false, keepIncomingHeaders=true}) > > dnsdist is listening port 5300 though : > > ➜ ~ sudo netstat -tapn | grep 5300 > tcp 0 0 127.0.0.1:5300 0.0.0.0:* > LISTEN 508356/dnsdist > > What is my mistake here ? > > > -- > ROGER Vincent > > _______________________________________________ > Pdns-users mailing list > [email protected] > https://mailman.powerdns.com/mailman/listinfo/pdns-users >
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
