Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dnsdist: No responses when DNStap is enabled with DoH3 and DoQ #13672

Closed
dmachard opened this issue Dec 29, 2023 · 4 comments · Fixed by #13716
Closed

dnsdist: No responses when DNStap is enabled with DoH3 and DoQ #13672

dmachard opened this issue Dec 29, 2023 · 4 comments · Fixed by #13716
Labels
defect dnsdist
Milestone
dnsdist-1.9

Comments

@dmachard
Copy link
Contributor

  • Program: dnsdist
  • Issue type: Bug report

Short description

When DNStap logging is enabled in config, DNS resolutions failed with DoQ and DoH3.

Environment

  • Software source: dnsdist 1.9.0 alpha4

Steps to reproduce

Configuration used

setLocal('0.0.0.0:53', { reusePort=true })
addDOQLocal('0.0.0.0:853', '/etc/dnsdist/cert.pem', '/etc/dnsdist/key.pem')
addDOH3Local('0.0.0.0:443', '/etc/dnsdist/cert.pem', '/etc/dnsdist/key.pem')

fstl = newFrameStreamTcpLogger("192.168.1.17:6000")
addAction(AllRule(), DnstapLogAction("dnsdist-tcp", fstl))

The following appears

Got an error while parsing a TCP query from 192.168.1.210:48434, id 30750: Unhandled protocol for dnstap: DNS over HTTP/3
Got an error while parsing a TCP query from 192.168.1.210:48435, id 30751: Unhandled protocol for dnstap: DNS over QUIC

Other information

For DoQ I did the minimal changes in code with success

in dnsdist-lua-actions.cc

else if (protocol == dnsdist::Protocol::DoQ) {
	return DnstapMessage::ProtocolType::DoQ;
}

in dnstap.hh , in the enum class ProtocolType I add DoQ = 7
For DoH3, what are you planned, reuse the DoH type or just UDP or a new one ?

PS: I can do a PR if you want.
@hlindqvist
Copy link
Contributor

For DoH3, what are you planned, reuse the DoH type or just UDP or a new one ?

I think "UDP" would be very misleading, and while there is indeed a type for DoQ (as per https://github.com/dnstap/dnstap.pb/blob/master/dnstap.proto#L67 ) there is no specific type for "DoH3", which presumably should just be recorded as DoH.

@rgacogne rgacogne added this to the dnsdist-1.9 milestone Dec 29, 2023
@rgacogne
Copy link
Member

Nice catch, thanks! For DoH3 I think it would be good to open an issue on https://github.com/dnstap/dnstap.pb/issues asking what the preferred way is. I'm currently leaning toward adding a new value, but they might have a different opinion.

@dmachard
Copy link
Contributor Author

Issue opened dnstap/dnstap.pb#20

@edmonds
Copy link
Contributor

edmonds commented Dec 29, 2023

Hey @dmachard thanks for bringing this up on the dnstap.pb repo. I left my thoughts in a longer comment there, basically I'm suggesting a new optional HttpProtocol field that would indicate the HTTP version separately from how the semantics of how the HTTP protocol is used for DNS transport (whether that be RFC 8484 DoH or something else in the future).

dnstap/dnstap.pb#20 (comment)

The dnstap.proto specification basically operates on community consensus so if this looks good to the PowerDNS folks it would be great if someone could chime in on dnstap/dnstap.pb#20. It would also be great if another DNS server implementation that currently generates .socket_protocol = DOH dnstap payloads could chime in as well :-)

Thanks!

@chbruyand chbruyand mentioned this issue Jan 15, 2024
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect dnsdist
Projects
None yet
Milestone
dnsdist-1.9
Development

Successfully merging a pull request may close this issue.

dnsdist: properly set protocol when logging chbruyand/pdns
4 participants
@edmonds @rgacogne @hlindqvist @dmachard