search

lancachenet / lancache-dns

DNS Docker service for a lancache.
https://hub.docker.com/r/lancachenet/lancache-dns/
MIT License
282 stars 74 forks source link

With dnssec validation turned on all dns resolution fails if dns is firewalled #62

Closed VibroAxe closed 5 years ago

VibroAxe commented 5 years ago

Issue Description:

Scenario

steamcache-dns running in a network which has firewalled port 53

Expected results

Setting UPSTREAM_DNS to a whitelisted dns server will result in correct dns forwarding and name resolution

Observed results

Due to dnssec-validation auto after receiving a forwarded result bind9 attempts to validate the dns record with the root servers. This requires access to the root zones which are not available due to the port 53 block. Setting dnssec-validation no fixes this behaviour

Suggested Fix

Either disable dnssec-validation permanently or provide an environment variable which allows it to be disabled on a case by case basis.

Docker Run Command:

docker run --rm -e UPSTREAM_DNS=10.20.10.153 -e STEAMCACHE_IP=10.20.10.81 --name steamcache-dns -p 10.20.10.11:53:53/udp steamcache-dns
VibroAxe commented 5 years ago

tcpdump on the host shows that the upstream dns is being queried and a result being returned, however bind9 then returns SERVFAIL to the client.

VibroAxe commented 5 years ago

Resolved by #63