Re: [dnsdist] Client query id in the dq-object?
Hi Tom,
On 04/11/2022 08:02, Tom via dnsdist wrote:
So the idea was to set a dnsdist rule on which I can set the
AllowedDebugSRC (the admin's IP, to prevent, that anybody else could
trigger the debug), check the QueryID and then send this kind of
requests to a debug-enabled BIND, which then write a debug log from the
received query. Someting like this:
AllowedDebugSRC = newNMG()
AllowedDebugSRC:addMask("1.2.3.4/32")
function qidlog(dq)
if(AllowedDebugSRC:match(dq.remoteaddr) and == 0) then
print("Debugging from " .. dq.remoteaddr:toString() ..
" with query id" .. )
return DNSAction.Pool, "bind-querylog"
end
end
addAction(AllRule(), LuaAction(qidlog))
I'm afraid there is currently no way in dnsdist to influence the query
ID in outgoing queries. This would not be easy to implement as it
touches the way dnsdist matches the responses received to the backend
against the outstanding queries, so that logic is quite deep in the core
code of dnsdist.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] Client query id in the dq-object?
On 11/3/22 15:38, Otto Moerbeek wrote:
On Wed, Nov 02, 2022 at 05:19:54PM +0100, Tom via dnsdist wrote:
Hi list
A few months ago, I've asked the question below and wasn't able to find a
solution in the meantime. Does someone has a hint, how to achieve this?
Many thanks in advance.
Tom
On 7/28/22 11:17, Tom wrote:
Hi
Using dnsdist-1.7.2, I'm trying to get the query id from the
client-query, but I can't find the matching parameter in the dq-object.
My goal is to find a specific query-id (ex. ) and then use this
(same) specific query-id also for the outbound query from dnsdist to the
backend server.
Any hints how to achieve this?
Many thanks.
Tom
There is no API to get the queryid. It could maybe be added, but
*setting* the query id four outgoing queries is something else.
Keeping track of query-id's is a complex problem, think about multiple
clients, multiple backends, many queries in-flight. This is not
something to be done from Lua, but a job for dnsdist itself.
To ask a more general question: what problem are you trying to solve?
Since BIND-9.18.0 there's a feature which turns on query-debugging for
requests with query ID 0
(https://gitlab.isc.org/isc-projects/bind9/-/issues/1851). DIG supports
setting the query ID with "+qid=0". This means querying BIND with
"+qid=0" provides me a debug log of the appropriate query.
So, if a BIND is behind dnsdist, then I'm not able to trigger this
query-debugging via dnsdist, because dnsdist uses random query IDs
against a backend server. A way could be to query BIND directly (without
dnsdist), but perhaps I'm not able to do so (firewall...).
So the idea was to set a dnsdist rule on which I can set the
AllowedDebugSRC (the admin's IP, to prevent, that anybody else could
trigger the debug), check the QueryID and then send this kind of
requests to a debug-enabled BIND, which then write a debug log from the
received query. Someting like this:
AllowedDebugSRC = newNMG()
AllowedDebugSRC:addMask("1.2.3.4/32")
function qidlog(dq)
if(AllowedDebugSRC:match(dq.remoteaddr) and == 0) then
print("Debugging from " .. dq.remoteaddr:toString() ..
" with query id" .. )
return DNSAction.Pool, "bind-querylog"
end
end
addAction(AllRule(), LuaAction(qidlog))
Thanks a lot.
Tom
If we would have more insight in that, we can maybe suggest an
alternative approach to solve your problem.
-Otto
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] Client query id in the dq-object?
On Wed, Nov 02, 2022 at 05:19:54PM +0100, Tom via dnsdist wrote: > Hi list > > A few months ago, I've asked the question below and wasn't able to find a > solution in the meantime. Does someone has a hint, how to achieve this? > > Many thanks in advance. > Tom > > > On 7/28/22 11:17, Tom wrote: > > Hi > > > > Using dnsdist-1.7.2, I'm trying to get the query id from the > > client-query, but I can't find the matching parameter in the dq-object. > > My goal is to find a specific query-id (ex. ) and then use this > > (same) specific query-id also for the outbound query from dnsdist to the > > backend server. > > > > Any hints how to achieve this? > > > > Many thanks. > > Tom There is no API to get the queryid. It could maybe be added, but *setting* the query id four outgoing queries is something else. Keeping track of query-id's is a complex problem, think about multiple clients, multiple backends, many queries in-flight. This is not something to be done from Lua, but a job for dnsdist itself. To ask a more general question: what problem are you trying to solve? If we would have more insight in that, we can maybe suggest an alternative approach to solve your problem. -Otto ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] Client query id in the dq-object?
Hi list A few months ago, I've asked the question below and wasn't able to find a solution in the meantime. Does someone has a hint, how to achieve this? Many thanks in advance. Tom On 7/28/22 11:17, Tom wrote: Hi Using dnsdist-1.7.2, I'm trying to get the query id from the client-query, but I can't find the matching parameter in the dq-object. My goal is to find a specific query-id (ex. ) and then use this (same) specific query-id also for the outbound query from dnsdist to the backend server. Any hints how to achieve this? Many thanks. Tom ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
[dnsdist] Client query id in the dq-object?
Hi Using dnsdist-1.7.2, I'm trying to get the query id from the client-query, but I can't find the matching parameter in the dq-object. My goal is to find a specific query-id (ex. ) and then use this (same) specific query-id also for the outbound query from dnsdist to the backend server. Any hints how to achieve this? Many thanks. Tom ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
