search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
4.27k stars 418 forks source link

[Feature Request] Using multiple forward protocols at the same time #564

Closed CDN18 closed 1 year ago

CDN18 commented 1 year ago

Upstream DNS from different sources may only support one DNS protocol. This means that after enabling forward for one protocol, DNS using other protocols cannot be added.

ShreyasZare commented 1 year ago

Thanks for the post. This is done by design to prevent misconfiguration for safety reasons i.e. to prevent mixing of forwarders that use unencrypted protocols with forwarders that use encrypted protocols.

If you still wish to use different protocols for the forwarders then you can do that by creating a conditional forwarder zone with name as . (root zone) and then add more that one FWD records where you can specify different forwarders with different protocols.

CDN18 commented 1 year ago

Thanks for the explanation, The conditional forwarder zone was more powerful than I expected!

However the server constantly returns failure after I migrated from universal forwarder in settings to the conditional forwarder zone:

My zone configuration: image

The error my local server returns:

{
  "Metadata": {
    "NameServer": "my-windows (127.0.0.1)",
    "Protocol": "Tcp",
    "DatagramSize": "61 bytes",
    "RoundTripTime": "1.03 ms"
  },
  "EDNS": {
    "UdpPayloadSize": 1232,
    "ExtendedRCODE": "ServerFailure",
    "Version": 0,
    "Flags": "None",
    "Options": [
      {
        "Code": "EXTENDED_DNS_ERROR",
        "Length": "18 bytes",
        "Data": {
          "InfoCode": "Other",
          "ExtraText": "Server exception"
        }
      }
    ]
  },
  "DnsClientExtendedErrors": [
    {
      "InfoCode": "NetworkError",
      "ExtraText": "my-windows (127.0.0.1) returned RCODE=ServerFailure for google.com. A IN"
    }
  ],
  "Identifier": 52623,
  "IsResponse": true,
  "OPCODE": "StandardQuery",
  "AuthoritativeAnswer": false,
  "Truncation": false,
  "RecursionDesired": true,
  "RecursionAvailable": true,
  "Z": 0,
  "AuthenticData": false,
  "CheckingDisabled": true,
  "RCODE": "ServerFailure",
  "QDCOUNT": 1,
  "ANCOUNT": 0,
  "NSCOUNT": 0,
  "ARCOUNT": 1,
  "Question": [
    {
      "Name": "google.com",
      "Type": "A",
      "Class": "IN"
    }
  ],
  "Answer": [],
  "Authority": [],
  "Additional": [
    {
      "Name": "",
      "Type": "OPT",
      "Class": "1232",
      "TTL": "0 (0 sec)",
      "RDLENGTH": "22 bytes",
      "RDATA": {
        "Options": [
          {
            "Code": "EXTENDED_DNS_ERROR",
            "Length": "18 bytes",
            "Data": {
              "InfoCode": "Other",
              "ExtraText": "Server exception"
            }
          }
        ]
      },
      "DnssecStatus": "Disabled"
    }
  ]
}

I left the universal forwarder setting with blank: image

ShreyasZare commented 1 year ago

Thanks for the feedback. Check your DNS server logs from the web panel and check what the error message says. It could be that your host OS does not support QUIC protocol or you may need to install dependencies to be able to use QUIC on Linux. Do share the error log here and the details of your host OS.

CDN18 commented 1 year ago

Sorry, I just forgot to attach the log:

[2023-02-25 09:30:04 UTC] DNS Server failed to resolve the request with QNAME: google.com; QTYPE: A; QCLASS: IN; Forwarders: dns.adguard-dns.com:853 (94.140.14.15);

DnsServerCore.Dns.DnsServerException: DNS Server received a response with RCODE=Refused from: unknown

   at DnsServerCore.Dns.DnsServer.RecursiveResolveAsync(DnsQuestionRecord question, NetworkAddress eDnsClientSubnet, IReadOnlyList`1 conditionalForwarders, Boolean dnssecValidation, Boolean cachePrefetchOperation, Boolean cacheRefreshOperation, Boolean skipDnsAppAuthoritativeRequestHandlers, TaskCompletionSource`1 taskCompletionSource) in Z:\Technitium\Projects\DnsServer\DnsServerCore\Dns\DnsServer.cs:line 2900

I also tried dns-over-tls and dns-over-https with other providers, the server returned the same error. It seems that the error is related to the forwarder-zone, as I can resolve domains without error using the same dns in the dns-clients section: image

Below are details of my host OS: image image

ShreyasZare commented 1 year ago

Thanks for the details. There is a bug causing this issue. Good thing is that the bug is fixed and the update scheduled for today will include it. Will post here once the update is available.

CDN18 commented 1 year ago

Thanks for the fix and your effort, looking forward to the update.

ShreyasZare commented 1 year ago

Technitium DNS Server v11.0.1 is now available that fixes this issue. Do update and let me know your feedback.

CDN18 commented 1 year ago

The problem was solved after the upgrade and the server can now return resolved results with different protocols. Thanks a lot!

ShreyasZare commented 1 year ago

Thanks for letting me know!