Show threadrvstaverenJan 23

Plugging that bind CVE in the venerable #dnsdist with

addAction(OrRule({QTypeRule(67),QTypeRule(68)}),DropAction())

For now

DasSkelettJan 10
Today's open source bug report day I guess
https://github.com/PowerDNS/pdns/issues/16712
#PowerDNS #dnsdist
Server address inserted as client into ring buffer for DoQ on packet cache hits, server address being blocked as result · Issue #16712 · PowerDNS/pdns

This is not a support question, I have read about opensource and will send support questions to the IRC channel, GitHub Discussions or the mailing list. I have read and understood the 'out in the o...

GitHub
Max ResingAug 8, 2025

There's an interesting conversation going on on the #NANOG #mailinglist. It's about running a #DNS resolver for a medium-sized service provider network:

Recommended DNS server for a medium 20-30k users isp

I particularly love that the people from @quad9dns chipped in, and revealed how they split their front- and backend with #dnsdist. Splitting the front- and backend of internet-facing services is something that I already learned in University as a best-practice.

Recommended DNS server for a medium 20-30k users isp - NANOG - lists.nanog.org

Stefan SchmidtApr 29, 2025

PowerDNS Security Advisory 2025-02 for DNSdist: Denial of service via crafted DoH exchange

Impact: Denial of service
Exploit: This problem can be triggered by an attacker crafting a DoH exchange

CVE-2025-30194

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-02.html

#dnsdist

PowerDNS Security Advisory 2025-02 for DNSdist: Denial of service via crafted DoH exchange — dnsdist documentation

Beni HB9HNTApr 18, 2025
I'm not sure whether I'm holding ChatGPT wrong. Whenever someone convinces me to give it another try, I ask something along the line "Generate a config file for X so that is does Y and Z". ChatGPT spits out a configuration with undocumented options. I ask back for a source for the used options. ChatGPT tells me that I'm right and those options do not exist and spits out an alternative config which is correct but completely misses the point of the original question... Then I don't use it again for a few month until another colleague tells me it got a lot better now. #ai #dnsdist config....
patproMar 29, 2025
I’ve just upgraded my pi-hole 5.x to 6.y. Very nice evolution!

(and I’m currnetly testing #dnsdist)

#DNS #pihole
Show threadStéphane BortzmeyerFeb 1, 2025

The goal was to shrink #dnsdist to fit in a CPE router, using OpenWRT on small hardware.

#FOSDEM

Show threadStéphane BortzmeyerFeb 1, 2025

And to end the day at the #DNS devroom, "Honey, I shrunk DNSdist" by @habbie (replacing @rgacogne, the maintainer who is sick without even the fault of the FOSDEM)

Disclaimer: #dnsdist is used by the public DNS resolver {doh,dot,doq}.bortzmeyer.fr

#FOSDEM

Show threadGuillaume-Jean HerbietJun 7, 2024
@SIDNlabs Thanks for contributing to the #DNS resolution diversity.
The original part is that you use many proxies (@PowerDNS #dnsdist ) and only a few backends (@nlnetlabs #unbound ). I know by experience that both work well together (esp. with PROXYv2).
What were the advantages (practical, technical, financial) that lead to this setup?
Also, do you share cache between nodes either at the proxy or backend (cachedb)?
ItzTrainMay 30, 2024

The Custom API widget from #hompage is super dope! I can now see some stats from #dnsdist and my other #dns server that it doesn't have integrations for.

#homelab #selfhosted #selfhosting