From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTP id 4B7BA5A004F for ; Wed, 24 Jul 2024 11:47:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1721814420; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=de/1mxcVTqE2nbik3Nan/bRdj3R8KiDuq1ZdQBw087E=; b=ONDFDFn3KLHL+gfKY+XtOlADOwOVxy+reY6lpxTbKVrc3jZa4kkClav4BE40qlQ9xD/SR8 MO46RITejnJES65HPz8dDj1z5icCPe6zJK4Q5QgF/zIP59Xm7wSL0bgAqlTS3/vwauGvBA SgoY5sKKzZ6wgqvy7g+jVUR3PP9nD/A= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-137-TzZ-UFEGNk-QoHAScMI7Mw-1; Wed, 24 Jul 2024 05:41:47 -0400 X-MC-Unique: TzZ-UFEGNk-QoHAScMI7Mw-1 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-36831948d94so3667856f8f.0 for ; Wed, 24 Jul 2024 02:41:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721814106; x=1722418906; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=de/1mxcVTqE2nbik3Nan/bRdj3R8KiDuq1ZdQBw087E=; b=jQpN7zus0JB/fGgfMezMPyehS5xTrIjls2PFfk19DpJewJ3JaSKqsCf0MdFho4Gy3P kyySeqXgc3xicQzFdIChUieeHGcKQrraAedZjiLRmObnNYk9wLq4M5w3pWTmC0jf1gNP DEZWapYNBP2OI1XD980ZeUi2SswmLL7D3Fpd6Gy/d1qnDqgfaDqA+dxSPpfMlK4by4e0 r4um/24NDUYc3I78fvRZgnlyWOFKaPkQdjb0goAEn6/pAb2sBy6yS1hEVI9VIpPc20a+ oWh+5ByxLmrFsoQaZ9toHJxB2z40JejGyFzgK1eUSFNN5NYsoAH+AAB3/xlmzdenzWKE dJkg== X-Forwarded-Encrypted: i=1; AJvYcCWv4fR1TXVAT3TRU6/Ry4OM5jkw1nXGxaJox1+Fj/2lHmRTfuqBUdhYJLadXDY0zG7cCqz8cJONvfLFxs1TZtyHzECn X-Gm-Message-State: AOJu0Ywr9su5xLR8X/jpX5Rhiw7ISxfmfCAHSeT3Fyr4Ejx6CY6WIs6q GnujRo5QJATI9SkSJS1zDRdIsB+EvsqY1iAoTTUq/rqEMTjuhuvkOLiiWdfBDVEMjWTKLPc0hPt Duv0BlwzpfpK2r41YtDSXh8nePa2CwzPeYjK92QUUUFkjqlKAAw== X-Received: by 2002:adf:cd05:0:b0:367:91d8:a1d2 with SMTP id ffacd0b85a97d-369f5b3467emr1120021f8f.30.1721814106091; Wed, 24 Jul 2024 02:41:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEkC3rz2O/fXysr19T4FafGI5TB/JDjJl3ws4M0H+Ib1pPsq+KzmbMLVkEumXCoBmUYs4CvlA== X-Received: by 2002:adf:cd05:0:b0:367:91d8:a1d2 with SMTP id ffacd0b85a97d-369f5b3467emr1120001f8f.30.1721814105640; Wed, 24 Jul 2024 02:41:45 -0700 (PDT) Received: from [192.168.188.25] ([80.243.52.134]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3687868ac48sm13841078f8f.29.2024.07.24.02.41.44 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 24 Jul 2024 02:41:45 -0700 (PDT) Message-ID: <9c98f64f-9c71-4f98-8d37-8456c85e89f6@redhat.com> Date: Wed, 24 Jul 2024 11:41:44 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 2/2] fwd: Broaden what we consider for DNS specific forwarding rules To: David Gibson , passt-dev@passt.top, Stefano Brivio References: <20240724075112.1279868-1-david@gibson.dropbear.id.au> <20240724075112.1279868-3-david@gibson.dropbear.id.au> From: Paul Holzinger In-Reply-To: <20240724075112.1279868-3-david@gibson.dropbear.id.au> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: BJP6GEYVGOGOA5DJ5SOQPZZKO5KQUQ6X X-Message-ID-Hash: BJP6GEYVGOGOA5DJ5SOQPZZKO5KQUQ6X X-MailFrom: pholzing@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hi, On 24/07/2024 09:51, David Gibson wrote: > passt/pasta has options to redirect DNS requests from the guest to a > different server address on the host side. Currently, however, only UDP > packets to port 53 are considered "DNS requests". This ignores DNS > requests over TCP - less common, but certainly possible. It also ignores > encrypted DNS requests on port 853. > > Extend the DNS forwarding logic to handle both of those cases. The question here is if it handles DoT should it handle DoH as well, i.e. https (443)? > > Link: https://github.com/containers/podman/issues/23239 > > Signed-off-by: David Gibson Tested-by: Paul Holzinger I tested both dns over tcp and dns over tls with dig. -- Paul