DNS over TCP works, but UDP doesn't

I want to be able to run coredns on both UDP and TCP port 53. How can do I do that with my fly.toml? I have this currently, but it seems to be listening on TCP only:

[[services]]
  internal_port = 53
  protocol = "udp"

  [[services.ports]]
    port = 53

[[services]]
  internal_port = 53
  protocol = "tcp"

  [[services.ports]]
    port = 53

This should work, but the configuration is a little persnickity.

Can you show us your CoreDNS config? In particular, which IP are you binding to? UDP responses have to come from the fly-global-services IP. That hostname is defined in /etc/hosts. Some libraries that bind to 0.0.0.0 don’t return packets from the right IP, they use the first IP configured on the interface. It’s possible UDP DNS isn’t working for this reason. More details here: UDP reply from unexpected source - #4 by conblem

I’ve gotten CoreDNS running on UDP with this config:

. {
    health
    bind 0.0.0.0
    bind ::
    whoami
    log
    errors

    redis {
        address localhost:6379
        prefix fly-dns:
    }
}

Here’s my Corefile: fly-coredns/Corefile at fancybits · fancybits/fly-coredns · GitHub

@michael Does that work over both TCP and UDP? I have it working with UDP with the default GitHub - fly-apps/coredns: Authoritative CoreDNS on Fly.io example, but I want to bind to both TCP and UDP

@tmm1 I just tried with the CoreDNS sample and got both TCP and UDP working. The bind :: is no longer needed it seems.

Here’s the fly.toml file

app = "damp-bird-1643"

kill_signal  = "SIGINT"
kill_timeout = 5

[[services]]
internal_port = 53
protocol      = "udp"

  [[services.ports]]
  port = 53

[[services]]
internal_port = 53
protocol      = "tcp"

  [[services.ports]]
  port = 53

Run dig with a UDP and TCP query:

dig +notcp @damp-bird-1643.fly.dev example.com
dig +tcp @damp-bird-1643.fly.dev example.com

And in the app logs

2021-10-26T16:26:02.050 app[a5cc1204] sea [info] [INFO] 219.64.132.129:59459 - 3852 "A IN www.example.com. udp 44 false 4096" NOERROR qr,aa,rd 144 0.000142654s
2021-10-26T16:26:03.278 app[a5cc1204] sea [info] [INFO] 185.201.121.211:51766 - 50882 "A IN www.example.com. tcp 44 false 65535" NOERROR qr,aa,rd 144 0.00013316s

I tried it again and its working this time. Not sure what happened before, but I appreciate the help!

2 Likes

If you get errors from UDP lookups again, will you post back here? I’m glad it’s working now! I’d like to make sure it continues. :slight_smile:

1 Like