Re: [dnsdist] DOH configuration issue
Oops, ignore this. My mistake. -Otto On Sun, Mar 19, 2023 at 09:14:40PM +0100, Otto Moerbeek via dnsdist wrote: > On Sun, Mar 19, 2023 at 09:09:47PM +0100, Chandra wrote: > > > Thank you. It seems I missed that one. :) > > It's good form to reply to the list. > > -Otto > > > > > On Sun, Mar 19, 2023, at 21:06, Otto Moerbeek wrote: > > > On Sun, Mar 19, 2023 at 04:54:19PM +0100, Chandra via dnsdist wrote: > > > > > > > Hello all, > > > > > > > > I am trying to configure DOH over HTTP and I can't seem to figure out > > > > what I'm doing wrong. I have a nginx proxying the incoming request and > > > > don't need it on HTTPS. Here's my config > > > > > > > > *--- doh over http* > > > > setACL({"0.0.0.0/0", "::/0"}) > > > > addLocal('0.0.0.0:7070') > > > > webserver("127.0.0.1:8083") > > > > > > > > newServer({address="1.1.1.1", > > > > pool="pub-unsafe-tier1",name="cloudflare"}) > > > > newServer({address="8.8.8.8", pool="pub-unsafe-tier1",name="google"}) > > > > newServer({address="194.242.2.2",pool="pub-safe-tier1",name="mullvad-noadblock",checkInterval=60}) > > > > newServer({address="84.200.69.80", > > > > pool="pub-safe-tier2",name="dnswatch1",checkInterval=60}) > > > > newServer({address="84.200.70.40", > > > > pool="pub-safe-tier2",name="dnswatch2",checkInterval=60}) > > > > > > > > > > > > addDOHLocal("0.0.0.0:9090",nil,nil, "/dns-query", { reusePort=true, > > > > trustForwardedForHeader=true }) > > > > ``` > > > > > > > > When testing on the locally, here's what I get: > > > > > > > > $ curl -H 'accept: application/dns-message' > > > > 'http://localhost:9090/dns-query?dns=AAABAAABA3d3dwdleGFtcGxlA2NvbQAAAQAB' > > > > > > > > dns query not allowed > > > > > > > > $ ... > > > > > > > > > > > > Where am I going wrong? > > > > > > You have no policy defined. The default policy is to send packets to > > > the default pool (named ""). Your default pool is empty. So the query > > > gets refused, since no policy applies. > > > > > > -Otto > > > > ___ > dnsdist mailing list > dnsdist@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/dnsdist ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] DOH configuration issue
On Sun, Mar 19, 2023 at 09:09:47PM +0100, Chandra wrote: > Thank you. It seems I missed that one. :) It's good form to reply to the list. -Otto > > On Sun, Mar 19, 2023, at 21:06, Otto Moerbeek wrote: > > On Sun, Mar 19, 2023 at 04:54:19PM +0100, Chandra via dnsdist wrote: > > > > > Hello all, > > > > > > I am trying to configure DOH over HTTP and I can't seem to figure out > > > what I'm doing wrong. I have a nginx proxying the incoming request and > > > don't need it on HTTPS. Here's my config > > > > > > *--- doh over http* > > > setACL({"0.0.0.0/0", "::/0"}) > > > addLocal('0.0.0.0:7070') > > > webserver("127.0.0.1:8083") > > > > > > newServer({address="1.1.1.1", pool="pub-unsafe-tier1",name="cloudflare"}) > > > newServer({address="8.8.8.8", pool="pub-unsafe-tier1",name="google"}) > > > newServer({address="194.242.2.2",pool="pub-safe-tier1",name="mullvad-noadblock",checkInterval=60}) > > > newServer({address="84.200.69.80", > > > pool="pub-safe-tier2",name="dnswatch1",checkInterval=60}) > > > newServer({address="84.200.70.40", > > > pool="pub-safe-tier2",name="dnswatch2",checkInterval=60}) > > > > > > > > > addDOHLocal("0.0.0.0:9090",nil,nil, "/dns-query", { reusePort=true, > > > trustForwardedForHeader=true }) > > > ``` > > > > > > When testing on the locally, here's what I get: > > > > > > $ curl -H 'accept: application/dns-message' > > > 'http://localhost:9090/dns-query?dns=AAABAAABA3d3dwdleGFtcGxlA2NvbQAAAQAB' > > > > > > dns query not allowed > > > > > > $ ... > > > > > > > > > Where am I going wrong? > > > > You have no policy defined. The default policy is to send packets to > > the default pool (named ""). Your default pool is empty. So the query > > gets refused, since no policy applies. > > > > -Otto > > ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] DOH configuration issue
Thank you. It seems I missed that one. :) On Sun, Mar 19, 2023, at 21:06, Otto Moerbeek wrote: > On Sun, Mar 19, 2023 at 04:54:19PM +0100, Chandra via dnsdist wrote: > > > Hello all, > > > > I am trying to configure DOH over HTTP and I can't seem to figure out what > > I'm doing wrong. I have a nginx proxying the incoming request and don't > > need it on HTTPS. Here's my config > > > > *--- doh over http* > > setACL({"0.0.0.0/0", "::/0"}) > > addLocal('0.0.0.0:7070') > > webserver("127.0.0.1:8083") > > > > newServer({address="1.1.1.1", pool="pub-unsafe-tier1",name="cloudflare"}) > > newServer({address="8.8.8.8", pool="pub-unsafe-tier1",name="google"}) > > newServer({address="194.242.2.2",pool="pub-safe-tier1",name="mullvad-noadblock",checkInterval=60}) > > newServer({address="84.200.69.80", > > pool="pub-safe-tier2",name="dnswatch1",checkInterval=60}) > > newServer({address="84.200.70.40", > > pool="pub-safe-tier2",name="dnswatch2",checkInterval=60}) > > > > > > addDOHLocal("0.0.0.0:9090",nil,nil, "/dns-query", { reusePort=true, > > trustForwardedForHeader=true }) > > ``` > > > > When testing on the locally, here's what I get: > > > > $ curl -H 'accept: application/dns-message' > > 'http://localhost:9090/dns-query?dns=AAABAAABA3d3dwdleGFtcGxlA2NvbQAAAQAB' > > > > dns query not allowed > > > > $ ... > > > > > > Where am I going wrong? > > You have no policy defined. The default policy is to send packets to > the default pool (named ""). Your default pool is empty. So the query > gets refused, since no policy applies. > > -Otto > ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] DOH configuration issue
On Sun, Mar 19, 2023 at 04:54:19PM +0100, Chandra via dnsdist wrote: > Hello all, > > I am trying to configure DOH over HTTP and I can't seem to figure out what > I'm doing wrong. I have a nginx proxying the incoming request and don't need > it on HTTPS. Here's my config > > *--- doh over http* > setACL({"0.0.0.0/0", "::/0"}) > addLocal('0.0.0.0:7070') > webserver("127.0.0.1:8083") > > newServer({address="1.1.1.1", pool="pub-unsafe-tier1",name="cloudflare"}) > newServer({address="8.8.8.8", pool="pub-unsafe-tier1",name="google"}) > newServer({address="194.242.2.2",pool="pub-safe-tier1",name="mullvad-noadblock",checkInterval=60}) > newServer({address="84.200.69.80", > pool="pub-safe-tier2",name="dnswatch1",checkInterval=60}) > newServer({address="84.200.70.40", > pool="pub-safe-tier2",name="dnswatch2",checkInterval=60}) > > > addDOHLocal("0.0.0.0:9090",nil,nil, "/dns-query", { reusePort=true, > trustForwardedForHeader=true }) > ``` > > When testing on the locally, here's what I get: > > $ curl -H 'accept: application/dns-message' > 'http://localhost:9090/dns-query?dns=AAABAAABA3d3dwdleGFtcGxlA2NvbQAAAQAB' > > dns query not allowed > > $ ... > > > Where am I going wrong? You have no policy defined. The default policy is to send packets to the default pool (named ""). Your default pool is empty. So the query gets refused, since no policy applies. -Otto ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
[dnsdist] DOH configuration issue
Hello all, I am trying to configure DOH over HTTP and I can't seem to figure out what I'm doing wrong. I have a nginx proxying the incoming request and don't need it on HTTPS. Here's my config *--- doh over http* setACL({"0.0.0.0/0", "::/0"}) addLocal('0.0.0.0:7070') webserver("127.0.0.1:8083") newServer({address="1.1.1.1", pool="pub-unsafe-tier1",name="cloudflare"}) newServer({address="8.8.8.8", pool="pub-unsafe-tier1",name="google"}) newServer({address="194.242.2.2",pool="pub-safe-tier1",name="mullvad-noadblock",checkInterval=60}) newServer({address="84.200.69.80", pool="pub-safe-tier2",name="dnswatch1",checkInterval=60}) newServer({address="84.200.70.40", pool="pub-safe-tier2",name="dnswatch2",checkInterval=60}) addDOHLocal("0.0.0.0:9090",nil,nil, "/dns-query", { reusePort=true, trustForwardedForHeader=true }) ``` When testing on the locally, here's what I get: $ curl -H 'accept: application/dns-message' 'http://localhost:9090/dns-query?dns=AAABAAABA3d3dwdleGFtcGxlA2NvbQAAAQAB' dns query not allowed $ ... Where am I going wrong? Best, Chandra ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist