Hi Thibaud, On 30/09/2022 15:18, Thib D via dnsdist wrote:
Use case here is for authoritative DNS, not DoH.As far as my understanding goes (and backed up by a tcpdump test),a UDP query on the frontend will result on a UDP query to the backend server, and a TCP query on the frontend will result on a TCP query to the backend.
That's correct.
Is there a way to force dnsdist to make UDP queries to the backend or is this just not possible?
I'm afraid it's currently not possible to force dnsdist to make an outgoing query over UDP when the incoming query was received over TCP (the opposite is possible since 1.7.0 with the tcpOnly option on newServer). I do not really want to implement that since the client would be confused by TC=1 replies received over TCP, DoT or DoH. I am instead considering implementing a mode where all outgoing queries are sent over UDP by default, only falling back to TCP if the answer is truncated, but this will not be before 1.9 so somewhere next year.
Best, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
