Add other dnsdist servers until the MTU issue is fixed
https://github.com/PowerDNS/pdns/pull/7410
This commit is contained in:
parent
9f65457b1c
commit
8896787e66
|
@ -134,7 +134,11 @@ func newConfig() Config {
|
|||
LBEstimator: true,
|
||||
BlockedQueryResponse: "hinfo",
|
||||
BrokenImplementations: BrokenImplementationsConfig{
|
||||
FragmentsBlocked: []string{"cisco", "cisco-ipv6", "cisco-familyshield", "quad9-dnscrypt-ip4-filter-alt", "quad9-dnscrypt-ip4-filter-pri", "quad9-dnscrypt-ip4-nofilter-alt", "quad9-dnscrypt-ip4-nofilter-pri", "quad9-dnscrypt-ip6-filter-alt", "quad9-dnscrypt-ip6-filter-pri", "quad9-dnscrypt-ip6-nofilter-alt", "quad9-dnscrypt-ip6-nofilter-pri"},
|
||||
FragmentsBlocked: []string{
|
||||
"cisco", "cisco-ipv6", "cisco-familyshield",
|
||||
"quad9-dnscrypt-ip4-filter-alt", "quad9-dnscrypt-ip4-filter-pri", "quad9-dnscrypt-ip4-nofilter-alt", "quad9-dnscrypt-ip4-nofilter-pri", "quad9-dnscrypt-ip6-filter-alt", "quad9-dnscrypt-ip6-filter-pri", "quad9-dnscrypt-ip6-nofilter-alt", "quad9-dnscrypt-ip6-nofilter-pri",
|
||||
"qualityology.com", "freetsa.org", "ffmuc.net", "opennic-bongobow", "sth-dnscrypt-se", "ams-dnscrypt-nl",
|
||||
},
|
||||
LargerResponsesDropped: []string{"quad9-dnscrypt-ip4-filter-alt", "quad9-dnscrypt-ip4-filter-pri", "quad9-dnscrypt-ip4-nofilter-alt", "quad9-dnscrypt-ip4-nofilter-pri", "quad9-dnscrypt-ip6-filter-alt", "quad9-dnscrypt-ip6-filter-pri", "quad9-dnscrypt-ip6-nofilter-alt", "quad9-dnscrypt-ip6-nofilter-pri"},
|
||||
},
|
||||
}
|
||||
|
|
|
@ -624,13 +624,16 @@ cache_neg_max_ttl = 600
|
|||
|
||||
# Cisco servers currently cannot handle queries larger than 1472 bytes, and don't
|
||||
# truncate reponses larger than questions as expected by the DNSCrypt protocol.
|
||||
# This prevents large responses from being received over UDP and over relays.
|
||||
#
|
||||
# The `dnsdist` server software properly truncates DNSCrypt responses, but
|
||||
# introduced a change in version 1.4.0 that inadvertently broke relaying for the
|
||||
# same reason. They are aware of it and are working on a fix.
|
||||
#
|
||||
# The list below enables workarounds to make non-relayed usage more reliable
|
||||
# until the servers are fixed.
|
||||
|
||||
# This prevents large responses from being received over UDP, and breaks relaying.
|
||||
# A workaround for the first issue will be applied to servers in list below.
|
||||
# Relaying cannot be reliable until the servers are fixed.
|
||||
# Do not change that list until the bugs are fixed server-side.
|
||||
|
||||
fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'quad9-dnscrypt-ip4-filter-alt', 'quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-nofilter-alt', 'quad9-dnscrypt-ip4-nofilter-pri', 'quad9-dnscrypt-ip6-filter-alt', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-nofilter-alt', 'quad9-dnscrypt-ip6-nofilter-pri']
|
||||
fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'quad9-dnscrypt-ip4-filter-alt', 'quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-nofilter-alt', 'quad9-dnscrypt-ip4-nofilter-pri', 'quad9-dnscrypt-ip6-filter-alt', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-nofilter-alt', 'quad9-dnscrypt-ip6-nofilter-pri', 'qualityology.com', 'freetsa.org', 'ffmuc.net', 'opennic-bongobow', 'sth-dnscrypt-se', 'ams-dnscrypt-nl']
|
||||
|
||||
# Quad9 ignores the query instead of sending a truncated response when the
|
||||
# response is larger than the question.
|
||||
|
|
Loading…
Reference in New Issue