-1.9.3.tar.bz2
[6]:
https://downloads.powerdns.com/releases/dnsdist-1.9.3.tar.bz2.sig
[7]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
Hi Holger,
Thanks for reaching out. We have had another report already and are
looking into it. We have already confirmed that reverting a recent
change fixes it [1], and we will release 1.9.3 in a couple hours.
[1]: https://github.com/PowerDNS/pdns/pull/14040/files
Best regards,
--
Remi
[5]:
https://downloads.powerdns.com/releases/dnsdist-1.9.2.tar.bz2
[6]:
https://downloads.powerdns.com/releases/dnsdist-1.9.2.tar.bz2.sig
[7]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital
in case of error reports as everyone would be
able to use the same build artefacts).
We are actually in the process of evaluating several options to do just
that, but I don't have an ETA at this point.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
TP/1.1 if it serves a real purpose, I just don't want to increase the
code complexity and attack surface just to reply to crawlers..
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
___
Hi Christoph,
In addition to the issue mentioned by Otto, it might also be that the
monitoring does not support HTTP/2. The new nghttp2 provider for
incoming DNS over HTTPS does not support HTTP/1.1. In 1.9.x it's still
possible to switch back to the legacy h2o provider but note that it will
://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
/dnsdist-1.9.0.tar.bz2
[17]:
https://downloads.powerdns.com/releases/dnsdist-1.9.0.tar.bz2.sig
[18]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
as the
issue is infrequent, but am I on the right track?
Is it possible to make dnsdist respond with a SERVFAIL for a backend
timeout?
Nope.
[1]: https://dnsdist.org/guides/serverselection.html#setServFailWhenNoServer
Hope that helps,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com
/upgrade_guide.html#x-to-1-9-0-rc1
[6]: https://github.com/PowerDNS/pdns/issues/new/choose
[7]:
https://downloads.powerdns.com/releases/dnsdist-1.9.0-rc1.tar.bz2
[8]:
https://downloads.powerdns.com/releases/dnsdist-1.9.0-rc1.tar.bz2.sig
[9]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
DNS server. Of course most of the
difficulty lies in automated this, which is very specific to every setup.
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
___
dnsdist mailing li
why the LMDB backend has been implemented, along with
lightningstream :)
[1]: https://github.com/PowerDNS/pdns/issues/13374
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
___
with the results.
Best regards,
[1]:
https://dnsdist.org/reference/config.html#DynBlockRulesGroup:setSuffixMatchRule
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
/upgrade_guide.html#x-to-1-8-3
[4]: https://github.com/PowerDNS/pdns/issues/new/choose
[5]:
https://downloads.powerdns.com/releases/dnsdist-1.8.3.tar.bz2
[6]:
https://downloads.powerdns.com/releases/dnsdist-1.8.3.tar.bz2.sig
[7]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https
/upgrade_guide.html#x-to-1-9-0-alpha4
[5]: https://github.com/PowerDNS/pdns/issues/new/choose
[6]:
https://downloads.powerdns.com/releases/dnsdist-1.9.0-alpha4.tar.bz2
[7]:
https://downloads.powerdns.com/releases/dnsdist-1.9.0-alpha4.tar.bz2.sig
[8]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
ua [1].
[1]: https://dnsdist.org/advanced/luaaction.html
Hope that helps,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://
to
compile because of missing symbols. Perhaps there should be an
additional check that TLS is enabled a pre-requisite of QUIC, or a
change so that QUIC automatically implies TLS as well?
I can reproduce that, and this is indeed a bug. I'll get it fixed, thanks!
Best regards,
--
Remi Gacogne
the qdcount==0 behaviour
configurable, to allow dropping or sending a custom response code
(Refused? No Error?) instead of Not Implemented. Opening a feature
request would go a long way to make it happen :)
[1]: https://github.com/PowerDNS/pdns/pull/9991
Best regards,
--
Remi Gacogne
PowerDNS.COM
st regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
/pkgconfig to PKG_CONFIG_PATH for Quiche to be detected.
Can you try setting
PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/lib64/pkgconfig at the end of
your configure line?
[1]:
https://github.com/PowerDNS/pdns/blob/master/builder-support/specs/dnsdist.spec#L108
--
Remi Gacogne
PowerDNS.COM BV - https
dnsdist.org/rules-actions.html#MaxQPSIPRule
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
/dnsdist-1.9.0-alpha3.tar.bz2
[11]:
https://downloads.powerdns.com/releases/dnsdist-1.9.0-alpha3.tar.bz2.sig
[12]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
to match queries sent to a specific of listening addresses,
setting the 'src' parameter of 'NetmaskGroupRule'[1] to false should do
what you want.
[1]:
https://dnsdist.org/rules-actions.html?highlight=suffixmatch#NetmaskGroupRule
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com
://downloads.powerdns.com/releases/dnsdist-1.7.5.tar.bz2
[7]:
https://downloads.powerdns.com/releases/dnsdist-1.8.2.tar.bz2
[8]:
https://downloads.powerdns.com/releases/dnsdist-1.7.5.tar.bz2.sig
[9]:
https://downloads.powerdns.com/releases/dnsdist-1.8.2.tar.bz2.sig
[10]: https://repo.powerdns.com
Best regards,
--
Remi
so I would be really interested in seeing the perf output if you can get
it.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsd
RD No Error. 0 answers
does "T.O" in the Lat. column stand for timeout?
Yes, it means that dnsdist believes it did not get a response from the
backend in time.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
_
the dnsdist console set up, you can use grepq('1000ms') to look at
all queries that took more than 1 second, which is usually indicative of
a problem, or even grepq('2000ms'), as dnsdist records timeouts with a
very high response time.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https
is
that we were not expecting as much scrutiny over the DoT/DoH latency as
with the UDP one. I am very willing to add latency-bucket for DoT, DoH
and the upcoming DoQ, so I have put the issue you opened into the 1.9
milestone.
Thanks!
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com
) then running
'perf record --call-graph dwarf -p -o
' for a few dozens of seconds to collect a trace,
stopping it with Ctrl+C and finally getting a report with "perf report
-i --stdio". It should tell us where the CPU
usage is going.
Best regards,
--
Remi Gacogne
PowerDNS.COM
applications/stub
resolvers will retry quite quickly over UDP, often before 2 seconds
which is the default value of setUDPTimeout, and thus it does not make
sense to increase the load on the backend.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
/issues/new/choose
[6]:
https://downloads.powerdns.com/releases/dnsdist-1.9.0-alpha1.tar.bz2
[7]:
https://downloads.powerdns.com/releases/dnsdist-1.9.0-alpha1.tar.bz2.sig
[8]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com
point of view there was no need for
more TCP connections, apparently. Do you enable out-of-order processing,
via 'maxInFlight' on `newServer`? If so, are you sure that the backend
actually supports it?
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdn
it work,
which is why it's not mentioned in the documentation.
We will of course accept pull requests updating the documentation if you
find out that some parts could use some words, though :)
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
://repo.powerdns.com
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
On 15/07/2023 09:42, Otto Moerbeek via dnsdist wrote:
This is likely https://github.com/PowerDNS/pdns/pull/12726
ATM this is not marked for backporting to 1.8.x. Don't know if that is
an omission.
It was, I added the 'backport to dnsdist-1.8.x' flag in the meantime.
Thanks!
--
Remi Gacogne
the
excludeDomains directive apply to these rules to prevent a domain and
its children from being blocked.
So you cannot exclude an IP or a range from
setSuffixMatchRule/setSuffixMatchRuleFFI, and neither can you exclude a
domain from the other rules.
I hope that helps!
Best regards,
--
Remi Gacogne
received over DoT and DoH are forwarded in the same
way. I wonder why the latency numbers are so different. Perhaps we are
seeing different query patterns between DoT and DoH clients?
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signatur
has been configured as TCP-only, DoT or DoH. So it might be why
you are seeing a difference, although this usually tends to be the other
way around with DoH being faster than DoT because DNS servers have
historically been optimized for UDP.
--
Remi Gacogne
PowerDNS.COM BV - http
ill be used to reach the backend, but this will not not work
if you want to use more than one source port using the 'sockets'
parameter, and more importantly will prevent dnsdist from opening more
than one TCP connection to the backend which is very likely not what you
want.
Best regards,
--
Remi
Hi Christoph,
On 14/04/2023 17:04, Christoph via dnsdist wrote:
here is our dnsdist.conf,
maybe it helps to reproduce the issue.
If I'm not mistaken, you are mostly dealing with DoT and DoH queries,
not UDP ones?
I'm asking because since 1.8 these latency metrics are now only updated
for
ur FreeBSD servers, not our Debian based dnsdist
instances.
That's weird. Would you be able to share the prometheus output, or the
dumpStats() one, so we know if this is the same bug or a related one?
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP
st regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
Hello!
We are very happy to release the third candidate of what will become
dnsdist 1.8.0!
This release contains fixes for several issues that were found in the
second release candidate.
- #12641: Use the correct source address when harvesting failed
- #12639: Fix a race when a
]:
https://downloads.powerdns.com/releases/dnsdist-1.8.0-rc2.tar.bz2.sig
[7]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing
], and the fix in [2])? If so, we will release -rc2 next week.
[1]: https://github.com/PowerDNS/pdns/issues/12581
[2]: https://github.com/PowerDNS/pdns/pull/12586
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
and will issue a rc2 somewhere next week.
Thanks!
[1]: https://github.com/PowerDNS/pdns/issues/12581
[2]: https://github.com/PowerDNS/pdns/pull/12586
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
/upgrade_guide.html#x-to-1-8-0
[8]: https://github.com/PowerDNS/pdns/issues/new/choose
[9]:
https://downloads.powerdns.com/releases/dnsdist-1.7.2.tar.bz2
[10]:
https://downloads.powerdns.com/releases/dnsdist-1.7.2.tar.bz2.sig
[11]: https://repo.powerdns.com
--
Remi Gacogne
PowerDNS.COM BV - https
that I would like to
implement in dnsdist. It will likely have to wait until 1.9, so around
Q3 this year, unless someone beats me to it :)
Please report back with your findings, as it is really helpful to hear
about different setups than the ones we already do our performance
testing on.
-
involve disabling IRQ balance
and directly assigning the IRQ affinity for the NIC queues)
Hope that helps,
[1]: https://dnsdist.org/reference/tuning.html#setUDPSocketBufferSizes
[2]: see the cpus option on
https://dnsdist.org/reference/config.html#addLocal
--
Remi Gacogne
PowerDNS.COM BV - https
a feature request on GH [1] so we can track this?
I would also happily merge a corresponding pull request, of course :)
Thanks!
[1]: https://github.com/PowerDNS/pdns/issues/new/choose
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenP
the result on a hit
- forward the query to an available server in the selected pool, if any
- return a ServFail response if there is no available server in the
selected pool
[1]:
https://dnsdist.org/guides/serverselection.html?#setServFailWhenNoServer
--
Remi Gacogne
PowerDNS.COM BV - https
t as it
touches the way dnsdist matches the responses received to the backend
against the outstanding queries, so that logic is quite deep in the core
code of dnsdist.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signatur
he list of all the existing pools, though. Would you
mind opening a feature request on GH so that idea doesn't get lost?
Cheers,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
_
e to avoid breaking compatibility with existing setups, both for the
configuration files and for the metrics, but we might have to make a
breaking change in a new major version.
[1]: https://dnsdist.org/quickstart.html#changing-server-settings
--
Remi Gacogne
PowerDNS.COM BV - https://www.po
into this quickly.
If you, or someone else, wants to tackle it and open a pull request I
think the second option I listed in the ticket should be fairly
straight-forward to implement.
[1]: https://github.com/PowerDNS/pdns/issues/12061
Cheers,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com
e using [1] to make sure that
this is really the root cause of your issue.
[1]:
https://dnsdist.org/reference/config.html#DynBlockRulesGroup:excludeRange
Best,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital
not share the version of the recursor you are
using, but in recent version this warning is only written to the logs
when 'log-common-errors' is set to 'yes'.
[1]:
https://dnsdist.org/reference/tuning.html#setMaxCachedTCPConnectionsPerDownstream
--
Remi Gacogne
PowerDNS.COM BV - https
, only falling back to TCP if the answer is
truncated, but this will not be before 1.9 so somewhere next year.
Best,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing
://downloads.powerdns.com/releases/dnsdist-1.7.2.tar.bz2.sig
[6]: https://repo.powerdns.com
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
]:
https://downloads.powerdns.com/releases/dnsdist-1.7.1.tar.bz2.sig
[7]: https://repo.powerdns.com
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist
d use-case, of
course, so please feel free to open a feature request on GitHub and I'll
try to implement that in the next version.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital
to do
better, unless you can find something in the initial TCP packets or TLS
handshake that can be used to identify that traffic.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
uld I contact to get pricing
details?
The easiest option is likely to go to
https://www.open-xchange.com/products/dnsdist/?hsLang=en and click
"Contact OX", and someone from our team should get back to you quickly.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.pow
t (C) 1994-2022 Lua.org, PUC-Rio
> a = true
> print(a)
true
> a = True
> print(a)
nil
>
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
al services.
[1]:
https://dnsdist.org/reference/config.html#DynBlockRulesGroup:setRCodeRate
[2]:
https://dnsdist.org/reference/config.html#DynBlockRulesGroup:setRCodeRatio
[3]: https://github.com/PowerDNS/pdns/pull/10498
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
://github.com/PowerDNS/pdns/issues/10769
- https://github.com/PowerDNS/pdns/issues/9690
- https://github.com/PowerDNS/pdns/issues/11261
Please drop a comment either here or directly on the related GitHub
issue if you start working on something to avoid duplicated work.
I tried to contact Remi Gacogne
ad, but it might also be caused by a network
issue, like a link reaching its maximum capacity, or by dnsdist itself
being overwhelmed and needing tuning (like increasing the number of
newServer() directives, see [1]).
[1]:
https://dnsdist.org/advanced/tuning.html#udp-and-incoming-dns-over-https
st already helps a lot :)
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
but that's a different matter :)
Hope that helps,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
point me in the right direction?
Well it is, usually, as simple as that, so if that's not working for you
I'm afraid you will have to tell us more about your exact setup. Sharing
the configurations of both dnsdist and pdns would be a good start.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV
]: https://dnsdist.org/reference/config.html?highlight=setup#Server:setUp
[2]:
https://dnsdist.org/guides/webserver.html?highlight=api#get--api-v1-servers-localhost-pool?name=pool-name
[3]: https://dnsdist.org/guides/serverselection.html#setServFailWhenNoServer
Best regards,
--
Remi Gacogne
PowerDNS.COM
e second one if you want to be able to
alter the list at runtime, via the console.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
directory :-)
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
es/dnsdist-1.7.0.tar.bz2
[5]:
https://downloads.powerdns.com/releases/dnsdist-1.7.0.tar.bz2.sig
[6]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital
as the client uses?
If we are in the rare position to know the client's timeout.
(dnsdist is not under heavy load)
It would make sense if you know the client's timeout duration and do
understand why the backend takes so long to answer, yes.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https
does not properly respond to
health-check queries, provided that setServFailWhenNoServer is set [1].
In that case both the 'no-policy' and 'frontend-servfail' counters will
be increased.
[1]: https://dnsdist.org/guides/serverselection.html#setServFailWhenNoServer
Hope that helps,
--
Remi Gacogne
is my config, modified to avoid public addresses:
setLocal('10.150.33.2')
addLocal('2001:xxx::33::2')
Did you change the default ACL? It allows 10.0.0.0/8 but only a few IPv6
prefixes:
- ::1/128
- fc00::/7
- fe80::/10
https://dnsdist.org/advanced/acl.html
Best regards,
--
Remi Gacogne
://downloads.powerdns.com/releases/dnsdist-1.7.0-rc1.tar.bz2
[5]:
hhttps://downloads.powerdns.com/releases/dnsdist-1.7.0-rc1.tar.bz2.sig
[6]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
/advanced/luaaction.html
[2]: https://dnsdist.org/reference/constants.html#dnsaction
[3]:
https://github.com/PowerDNS/pdns/blob/7285a16693f67287c0d8151afbcefb7190b63cf3/regression-tests.dnsdist/test_Spoofing.py#L406
[4]: https://dnsdist.org/reference/kvs.html
Hope that helps,
--
Remi Gacogne
https://dnsdist.org/reference/config.html?highlight=setrcode#DynBlockRulesGroup:setRCodeRatio
Hope that helps,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist
cketBufferSize
[3]:
https://dnsdist.org/advanced/tuning.html#udp-and-incoming-dns-over-https
Best,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.p
]: https://github.com/PowerDNS/pdns/issues/new/choose
[4]:
https://downloads.powerdns.com/releases/dnsdist-1.7.0-beta2.tar.bz2
[5]:
hhttps://downloads.powerdns.com/releases/dnsdist-1.7.0-beta2.tar.bz2.sig
[6]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https
/issues/new/choose
[4]:
https://downloads.powerdns.com/releases/dnsdist-1.7.0-beta1.tar.bz2
[5]:
hhttps://downloads.powerdns.com/releases/dnsdist-1.7.0-beta1.tar.bz2.sig
[6]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
nal
timing or duration factor though, as I've not yet been able to
trigger the issue on demand.
Depending on how quickly that happens when you bound the backend up and
down, do you think you might be able to strace the dnsdist process at
the same time?
Best regards,
--
Remi Gacogne
PowerDNS.COM
] (which is much more efficient than a regular
expression) combined with a MaxQPSRule [2], for example.
[1]: https://dnsdist.org/rules-actions.html#SuffixMatchNodeRule
[2]: https://dnsdist.org/rules-actions.html#MaxQPSRule
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com
On 10/29/21 15:32, Adam Bishop via dnsdist wrote:
On 29 Oct 2021, at 13:38, Remi Gacogne via dnsdist
wrote:
Would you mind checking that you still have IPv6 addresses on that interface? I
see you still have some on the incoming interface, though, since we receive a
query over IPv6 on file
On 10/29/21 13:04, Adam Bishop via dnsdist wrote:
On 29 Oct 2021, at 11:33, Remi Gacogne via dnsdist
wrote:
would you mind getting the output of "lsof -n -p " while the
issue is still happening? A full backtrace with gdb might also be good to have
Sure that's fine, output fol
Hi Adam,
On 10/29/21 12:10, Adam Bishop via dnsdist wrote:
On 13 Sep 2021, at 13:47, Adam Bishop wrote:
On 13 Sep 2021, at 13:31, Remi Gacogne via dnsdist
wrote:
That's very weird, I don't have any clue to what might be happening. Would you
mind sharing the whole configuration
, of course :-/
Best,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
://downloads.powerdns.com/releases/dnsdist-1.7.0-alpha2.tar.bz2
[5]:
hhttps://downloads.powerdns.com/releases/dnsdist-1.7.0-alpha2.tar.bz2.sig
[6]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
hanks a lot!
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
Hi Denis,
On 10/1/21 09:07, dmachard via dnsdist wrote:
I am trying to use DoH backends the new alpha release of dnsdist 1.7.0
I had a behavior I don’t understand with the packet cache, here the
configuration used:
[...]
With this configuration, I don’t succeed to use the packet cache with
configuration?
Please we aware that we need to have enough queries and responses in our
ring buffers to get consistent results, at described by Denis Machard in
[1]. Perhaps that might be your issue?
[1]:
https://mailman.powerdns.com/pipermail/dnsdist/2021-September/001111.html
Best regards,
Hi Antoine,
On 9/27/21 14:00, antoine blin via dnsdist wrote:
I'm using the rule : "addAction(MaxQPSIPRule(5), DropAction())" and I'm
wondering if it is possible to see, through the console API or other
API, the list of subnet in which rate limit rule is applied.
Not directly, I'm afraid,
not happen that way.
I hope that helps.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
/choose
[4]:
https://downloads.powerdns.com/releases/dnsdist-1.7.0-alpha1.tar.bz2
[5]:
hhttps://downloads.powerdns.com/releases/dnsdist-1.7.0-alpha1.tar.bz2.sig
[6]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Descriptio
]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman
can spare the time, of course :)
By the way, many thanks for this great product!
You are welcome, and many thanks to you for helping make it even better!
Best
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital
Hi Adam,
On 9/10/21 00:50, Adam Bishop via dnsdist wrote:
After running for some amount of time (seems to be days), our dnsdist
instances suddenly start trying to talk to the backends using the
loopback address as the source:
# tcpdump -i ens192 -nn port 53 dropped privs to tcpdump tcpdump:
1 - 100 of 261 matches
Mail list logo