Hosting public DNS on UDP/53

I am not able to get UDP port 53 to work.
I am trying to set up a dnsdist DNS server facing public internet - my dnsdist.conf has
setLocal(“0.0.0.0”)

My Dockerfile has
EXPOSE 53/udp 53/tcp

My fly.toml
[[services]]
internal_port = 53
protocol = “udp”

[[services.ports]]
port = 53
handlers =
force_https = false

[[services]]
internal_port = 53
protocol = “tcp”

[[services.ports]]
port = 53
handlers =

I have configured a public static ipv4 (x.x.x.x)

tcp works fine:
$ dig @x.x.x.x -p 53 google.com +tcp
google.com. 300 IN A 142.250.102.100

but UDP times out
$ dig @x.x.x.x -p 53 google.com
;; communications error to x.x.x.x#53: timed out

What am I doing wrong?

UDP services require your app to bind on exactly the address fly-global-services. This is in fact an entry in /etc/hosts that resolves to a special “udp service” address for each machine. Because this may change, apps should always use the fly-global-services alias. However, the TCP side of your app should bind to 0.0.0.0 and NOT fly-global-services.

Do you mean I shoud look up the IP in /etc/host and at startup update the dnsdist.conf to use that IP?

Regarding it may change - do you mean it can change while the machine is running - or would checking at startup be safe?

Edit: I’m stuck with trying to configure dnsdist to separate tcp and udp - maybe to use fly.io we would need to move to another resolver

No, usually this should just work as an argument to bind() because it does the lookup internally.

Is it possible to maybe launch 2 different machines, one for TCP and one for UDP, using process groups? I know this is a massive hack and really not optimal, but it might be what you’ll need to get this working for now. We’re looking into improvements to how UDP services are implemented soon.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.