[Dnsmasq-discuss] Forwarding UDP requests to TCP, some other concerns
imnozi at gmail.com
imnozi at gmail.com
Mon Aug 19 08:11:11 UTC 2024
On Sun, 18 Aug 2024 23:25:02 -0500
Corey Minyard <corey at minyard.net> wrote:
> ...
> I have dnsmasq mostly working, but I'm having one big problem. It seems
> that requests received from UDP are only forwarded to UDP, they cannot
> be forwarded to TCP. I'm running DNS over TLS on the server, so I have
> to be able to do TCP, but requests come in from clients on UDP and TCP.
> What can I do about this?
TCP and UDP are different protocols; they cannot talk to each other.
Some possible solutions:
1. You could configure/program a proxy that 'bridges' incoming UDP requests
to an always-open TCP connection to the server's resolver. But this leaves
UDP requests and responses unencrypted.
2. You could configure/program clients and server to send requests over
DTLS (Datagram TLS). This may be more trouble than it's worth.
3. You could configure clients and server to use DNSSEC. I've never used it
and don't know how steep its learning curve is.
4. You could configure clients and server to use OE (Opportunistic
Encryption). But OE is point-to-point; a gateway/router in the middle
would complicate things.
5. You could configure clients to use only TCP for DNS.
Neal
More information about the Dnsmasq-discuss
mailing list