<div dir="ltr"><div dir="ltr">On Mon, Aug 19, 2024 at 8:58 AM Buck Horn via Dnsmasq-discuss <<a href="mailto:dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">dnsmasq-discuss@lists.thekelleys.org.uk</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 19.08.24 06:25, Corey Minyard wrote:<br>
<br>
> I have dnsmasq mostly working, but I'm having one big problem. It seems<br>
> that requests received from UDP are only forwarded to UDP, they cannot<br>
> be forwarded to TCP. I'm running DNS over TLS on the server, so I have<br>
> to be able to do TCP, but requests come in from clients on UDP and TCP.<br>
> What can I do about this?<br>
<br>
<br>
DNS would communicate on port 53 UDP by default.<br>
It would only switch to port 53 TCP if messages would exceed a size<br>
threshold (512 bytes), and in some edge cases like zone transfers.<br>
<br>
DNS-over-TLS (DoT), on the other hand, would communicate via port 853 TCP.<br>
<br>
It's not entirely clear from your description, but if your goal would be<br>
to have dnsmasq forward DNS requests to a DoT server, then dnsmasq can't<br>
do that: It fully supports DNS (port 53 UDP/TCP), but does not support<br>
DoT (port 853 TCP) at all. You would need a DoT proxy between dnsmasq<br>
and your DoT server for that use case.<br></blockquote><div><br></div><div>That's my overall goal, but I have stunnel which will take a TCP connection and forward it over TLS. It would be nice if dnsmasq would support DoT, but I'm ok that it doesn't. bind doesn't, either.</div><div><br></div><div>What I want is for dnsmasq to be able to take received UDP requests and forward them to a TCP server. From what I can tell, dnsmasq will take UDP requests and only forward them to UDP servers and TCP requests and only forward them to TCP servers.</div><div><br></div><div>I've looked over the code a little more, and dnsmasq spawns children to handle each TCP connection. So it may be a little more complicated to have dnsmasq do this.</div><div><br></div><div>Thanks,</div><div><br></div><div>-corey</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Kind regards,<br>
Buck<br>
<br>
<br>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a><br>
</blockquote></div></div>