Re: [dnsdist] DOH configuration issue
Oops, ignore this. My mistake.
-Otto
On Sun, Mar 19, 2023 at 09:14:40PM +0100, Otto Moerbeek via dnsdist wrote:
> On Sun, Mar 19, 2023 at 09:09:47PM +0100, Chandra wrote:
>
> > Thank you. It seems I missed that one. :)
>
> It's good form to reply to the list.
>
> -Otto
>
> >
> > On Sun, Mar 19, 2023, at 21:06, Otto Moerbeek wrote:
> > > On Sun, Mar 19, 2023 at 04:54:19PM +0100, Chandra via dnsdist wrote:
> > >
> > > > Hello all,
> > > >
> > > > I am trying to configure DOH over HTTP and I can't seem to figure out
> > > > what I'm doing wrong. I have a nginx proxying the incoming request and
> > > > don't need it on HTTPS. Here's my config
> > > >
> > > > *--- doh over http*
> > > > setACL({"0.0.0.0/0", "::/0"})
> > > > addLocal('0.0.0.0:7070')
> > > > webserver("127.0.0.1:8083")
> > > >
> > > > newServer({address="1.1.1.1",
> > > > pool="pub-unsafe-tier1",name="cloudflare"})
> > > > newServer({address="8.8.8.8", pool="pub-unsafe-tier1",name="google"})
> > > > newServer({address="194.242.2.2",pool="pub-safe-tier1",name="mullvad-noadblock",checkInterval=60})
> > > > newServer({address="84.200.69.80",
> > > > pool="pub-safe-tier2",name="dnswatch1",checkInterval=60})
> > > > newServer({address="84.200.70.40",
> > > > pool="pub-safe-tier2",name="dnswatch2",checkInterval=60})
> > > >
> > > >
> > > > addDOHLocal("0.0.0.0:9090",nil,nil, "/dns-query", { reusePort=true,
> > > > trustForwardedForHeader=true })
> > > > ```
> > > >
> > > > When testing on the locally, here's what I get:
> > > >
> > > > $ curl -H 'accept: application/dns-message'
> > > > 'http://localhost:9090/dns-query?dns=AAABAAABA3d3dwdleGFtcGxlA2NvbQAAAQAB'
> > > >
> > > > dns query not allowed
> > > >
> > > > $ ...
> > > >
> > > >
> > > > Where am I going wrong?
> > >
> > > You have no policy defined. The default policy is to send packets to
> > > the default pool (named ""). Your default pool is empty. So the query
> > > gets refused, since no policy applies.
> > >
> > > -Otto
> > >
> ___
> dnsdist mailing list
> dnsdist@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] DOH configuration issue
On Sun, Mar 19, 2023 at 09:09:47PM +0100, Chandra wrote:
> Thank you. It seems I missed that one. :)
It's good form to reply to the list.
-Otto
>
> On Sun, Mar 19, 2023, at 21:06, Otto Moerbeek wrote:
> > On Sun, Mar 19, 2023 at 04:54:19PM +0100, Chandra via dnsdist wrote:
> >
> > > Hello all,
> > >
> > > I am trying to configure DOH over HTTP and I can't seem to figure out
> > > what I'm doing wrong. I have a nginx proxying the incoming request and
> > > don't need it on HTTPS. Here's my config
> > >
> > > *--- doh over http*
> > > setACL({"0.0.0.0/0", "::/0"})
> > > addLocal('0.0.0.0:7070')
> > > webserver("127.0.0.1:8083")
> > >
> > > newServer({address="1.1.1.1", pool="pub-unsafe-tier1",name="cloudflare"})
> > > newServer({address="8.8.8.8", pool="pub-unsafe-tier1",name="google"})
> > > newServer({address="194.242.2.2",pool="pub-safe-tier1",name="mullvad-noadblock",checkInterval=60})
> > > newServer({address="84.200.69.80",
> > > pool="pub-safe-tier2",name="dnswatch1",checkInterval=60})
> > > newServer({address="84.200.70.40",
> > > pool="pub-safe-tier2",name="dnswatch2",checkInterval=60})
> > >
> > >
> > > addDOHLocal("0.0.0.0:9090",nil,nil, "/dns-query", { reusePort=true,
> > > trustForwardedForHeader=true })
> > > ```
> > >
> > > When testing on the locally, here's what I get:
> > >
> > > $ curl -H 'accept: application/dns-message'
> > > 'http://localhost:9090/dns-query?dns=AAABAAABA3d3dwdleGFtcGxlA2NvbQAAAQAB'
> > >
> > > dns query not allowed
> > >
> > > $ ...
> > >
> > >
> > > Where am I going wrong?
> >
> > You have no policy defined. The default policy is to send packets to
> > the default pool (named ""). Your default pool is empty. So the query
> > gets refused, since no policy applies.
> >
> > -Otto
> >
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] DOH configuration issue
Thank you. It seems I missed that one. :)
On Sun, Mar 19, 2023, at 21:06, Otto Moerbeek wrote:
> On Sun, Mar 19, 2023 at 04:54:19PM +0100, Chandra via dnsdist wrote:
>
> > Hello all,
> >
> > I am trying to configure DOH over HTTP and I can't seem to figure out what
> > I'm doing wrong. I have a nginx proxying the incoming request and don't
> > need it on HTTPS. Here's my config
> >
> > *--- doh over http*
> > setACL({"0.0.0.0/0", "::/0"})
> > addLocal('0.0.0.0:7070')
> > webserver("127.0.0.1:8083")
> >
> > newServer({address="1.1.1.1", pool="pub-unsafe-tier1",name="cloudflare"})
> > newServer({address="8.8.8.8", pool="pub-unsafe-tier1",name="google"})
> > newServer({address="194.242.2.2",pool="pub-safe-tier1",name="mullvad-noadblock",checkInterval=60})
> > newServer({address="84.200.69.80",
> > pool="pub-safe-tier2",name="dnswatch1",checkInterval=60})
> > newServer({address="84.200.70.40",
> > pool="pub-safe-tier2",name="dnswatch2",checkInterval=60})
> >
> >
> > addDOHLocal("0.0.0.0:9090",nil,nil, "/dns-query", { reusePort=true,
> > trustForwardedForHeader=true })
> > ```
> >
> > When testing on the locally, here's what I get:
> >
> > $ curl -H 'accept: application/dns-message'
> > 'http://localhost:9090/dns-query?dns=AAABAAABA3d3dwdleGFtcGxlA2NvbQAAAQAB'
> >
> > dns query not allowed
> >
> > $ ...
> >
> >
> > Where am I going wrong?
>
> You have no policy defined. The default policy is to send packets to
> the default pool (named ""). Your default pool is empty. So the query
> gets refused, since no policy applies.
>
> -Otto
>
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] DOH configuration issue
On Sun, Mar 19, 2023 at 04:54:19PM +0100, Chandra via dnsdist wrote:
> Hello all,
>
> I am trying to configure DOH over HTTP and I can't seem to figure out what
> I'm doing wrong. I have a nginx proxying the incoming request and don't need
> it on HTTPS. Here's my config
>
> *--- doh over http*
> setACL({"0.0.0.0/0", "::/0"})
> addLocal('0.0.0.0:7070')
> webserver("127.0.0.1:8083")
>
> newServer({address="1.1.1.1", pool="pub-unsafe-tier1",name="cloudflare"})
> newServer({address="8.8.8.8", pool="pub-unsafe-tier1",name="google"})
> newServer({address="194.242.2.2",pool="pub-safe-tier1",name="mullvad-noadblock",checkInterval=60})
> newServer({address="84.200.69.80",
> pool="pub-safe-tier2",name="dnswatch1",checkInterval=60})
> newServer({address="84.200.70.40",
> pool="pub-safe-tier2",name="dnswatch2",checkInterval=60})
>
>
> addDOHLocal("0.0.0.0:9090",nil,nil, "/dns-query", { reusePort=true,
> trustForwardedForHeader=true })
> ```
>
> When testing on the locally, here's what I get:
>
> $ curl -H 'accept: application/dns-message'
> 'http://localhost:9090/dns-query?dns=AAABAAABA3d3dwdleGFtcGxlA2NvbQAAAQAB'
>
> dns query not allowed
>
> $ ...
>
>
> Where am I going wrong?
You have no policy defined. The default policy is to send packets to
the default pool (named ""). Your default pool is empty. So the query
gets refused, since no policy applies.
-Otto
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
[dnsdist] DOH configuration issue
Hello all,
I am trying to configure DOH over HTTP and I can't seem to figure out what I'm
doing wrong. I have a nginx proxying the incoming request and don't need it on
HTTPS. Here's my config
*--- doh over http*
setACL({"0.0.0.0/0", "::/0"})
addLocal('0.0.0.0:7070')
webserver("127.0.0.1:8083")
newServer({address="1.1.1.1", pool="pub-unsafe-tier1",name="cloudflare"})
newServer({address="8.8.8.8", pool="pub-unsafe-tier1",name="google"})
newServer({address="194.242.2.2",pool="pub-safe-tier1",name="mullvad-noadblock",checkInterval=60})
newServer({address="84.200.69.80",
pool="pub-safe-tier2",name="dnswatch1",checkInterval=60})
newServer({address="84.200.70.40",
pool="pub-safe-tier2",name="dnswatch2",checkInterval=60})
addDOHLocal("0.0.0.0:9090",nil,nil, "/dns-query", { reusePort=true,
trustForwardedForHeader=true })
```
When testing on the locally, here's what I get:
$ curl -H 'accept: application/dns-message'
'http://localhost:9090/dns-query?dns=AAABAAABA3d3dwdleGFtcGxlA2NvbQAAAQAB'
dns query not allowed
$ ...
Where am I going wrong?
Best,
Chandra
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
