[dnsdist] PROXY support for incoming requests

[Ask Bjørn Hansen]

Has there been any work or consideration for supporting the haproxy PROXY 
protocol on incoming tcp connections?


Ask

-- 
http://askask.com/
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] dnsdist and Let's Encrypt (ACME)

[Ask Bjørn Hansen]

> On Sep 15, 2019, at 1:40 AM, Stephane Bortzmeyer  wrote:
> 
> DNS challenges? I don't really want to switch my zones to a dynamic
> setup.


For places where adding or changing http was cumbersome or impossible, I setup 
a single dynamic zone just for the acme process.

From the “real” zone you can CNAME the challenge name into the dynamic zone, so 
you don’t have to switch your “real” data to be managed dynamically.


Ask___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Cache, chrome and dns tunneling

[Ask Bjørn Hansen]

> On May 3, 2018, at 17:25, Nico  wrote:
> 
> After some tcpdumping and testing we found that chrome and dns tunneling were 
> filing the cache,
> even if the percent of this queries was very low in the total.

What do those queries look like?


Ask

-- 
http://askask.com/
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Match CAA queries

[Ask Bjørn Hansen]

> On Jan 3, 2018, at 3:56, Christian Elmerot  wrote:
> 
> makeRule matches suffixes i.e. com. IIRC

That’s what I wanted though. :-) (example.org and all names under that).

Ask
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] Match CAA queries

[Ask Bjørn Hansen]

> On Aug 18, 2017, at 2:49, Remi Gacogne  wrote:
> 
> A simple QTypeRule(dnsdist.CAA) should match, so something like:
> 
> addAction(QTypeRule(dnsdist.CAA), PoolAction("mypool"))
> 
> should be enough to route it to a different pool, for example. I think
> you should be able to use RCodeAction to make a NOERROR answer too.

Great, that worked indeed.

Now I wanted to make it also match a domain — so “example.org and qtype=CAA”.

I tried

addAction(AndRule({“example.org.”, QTypeRule(dnsdist.CAA)}), 
RCodeAction(dnsdist.NOERROR))

but it gives me an error saying

“Unable to convert parameter from table to 
St6vectorISt4pairIiSt10shared_ptrI7DNSRuleEESaIS4_EE”


If I wrap “example.org.” in makeRule() it seems to work. Is that right?


Ask

p.s. there’s a small typo in 
https://dnsdist.org/rules-actions.html#convience-functions (convience => 
convenience).
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist