[Dnsmasq-discuss] Forwarding UDP requests to TCP, some other concerns
Corey Minyard
corey at minyard.net
Mon Aug 19 16:38:32 UTC 2024
On Mon, Aug 19, 2024 at 8:58 AM Buck Horn via Dnsmasq-discuss <
dnsmasq-discuss at lists.thekelleys.org.uk> wrote:
> On 19.08.24 06:25, Corey Minyard wrote:
>
> > I have dnsmasq mostly working, but I'm having one big problem. It seems
> > that requests received from UDP are only forwarded to UDP, they cannot
> > be forwarded to TCP. I'm running DNS over TLS on the server, so I have
> > to be able to do TCP, but requests come in from clients on UDP and TCP.
> > What can I do about this?
>
>
> DNS would communicate on port 53 UDP by default.
> It would only switch to port 53 TCP if messages would exceed a size
> threshold (512 bytes), and in some edge cases like zone transfers.
>
> DNS-over-TLS (DoT), on the other hand, would communicate via port 853 TCP.
>
> It's not entirely clear from your description, but if your goal would be
> to have dnsmasq forward DNS requests to a DoT server, then dnsmasq can't
> do that: It fully supports DNS (port 53 UDP/TCP), but does not support
> DoT (port 853 TCP) at all. You would need a DoT proxy between dnsmasq
> and your DoT server for that use case.
>
That's my overall goal, but I have stunnel which will take a TCP connection
and forward it over TLS. It would be nice if dnsmasq would support DoT,
but I'm ok that it doesn't. bind doesn't, either.
What I want is for dnsmasq to be able to take received UDP requests and
forward them to a TCP server. From what I can tell, dnsmasq will take UDP
requests and only forward them to UDP servers and TCP requests and only
forward them to TCP servers.
I've looked over the code a little more, and dnsmasq spawns children to
handle each TCP connection. So it may be a little more complicated to have
dnsmasq do this.
Thanks,
-corey
>
> Kind regards,
> Buck
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20240819/3671139c/attachment.htm>
More information about the Dnsmasq-discuss
mailing list