Hi all, I've either got a case of some very very bad luck from my RNG, or a bug on my hands. (Or I'm just being an idiot.)
I noticed that one of my upstream DNS servers has an old entry in its cache:
131.174.78.16: asterix 83904 [...] 2001:610:6d0:75:6c21:5fff:fea1:be1
131.174.78.17: asterix 47314 [...] 2001:610:6d0::6c21:5fff:fea1:be1
2001:4860:4860::8888: asterix 19742 [...] 2001:610:6d0:75:6c21:5fff:fea1:be1
2001:4860:4860::8888: asterix 19687 [...] 2001:610:6d0:75:6c21:5fff:fea1:be1
The second one from 131.174.78.17 is wrong, and was cached by my local dnsmasq.
So I decided to re-start dnsmasq a few times until it had cached the correct
response from one of the right nameservers, so I didn't need to hack things
together to connect to this server.
However, I restarted dnsmasq a few times, and it kept returning the wrong
address. I got interested, and commented out that resolver. This made it return
the right address immediately on every try. I started to re-order the four
addresses in the dnsmasq configuration file. (The relevant parts are
copy-pasted below, but most important is that these four servers are my
resolvers, resolv.conf is not read, and strict-ordering is not enabled.) I
tried moving .17 to the first, keeping it on the second, moving it to the third
and moving it to the fourth position, and did five restarts for each try and
two queries per restart. As expected, every second query gave the same results
as the first. Only when server .17 was in the third position did dnsmasq
provide the IPv6 address with :75: one out of five times.
If I'm correct, the chances of giving the answer without :75: should be 1/4th
over a restart. However, it was only 1/20th. When removing the server with the
old answer, the chances correctly increased to 1/1 as expected. Is this
behaviour extremely bad luck, expected, or a bug? I can reliably reproduce as
long as .17 provides the wrong answer; I can probably fabricate the same
situation again by exposing some timing skills.
Some other information: servers 131.174.78.1{6,7} both do not respond to ping,
but both provide an answer to AAAA asterix.sjorsgielen.nl in 1 msec according
to `dig`. The two v6 servers are Google, they respond to ping in about 8 ms,
and also respond to the DNS query in about 8 ms.
Thanks,
Sjors
$ cat /etc/dnsmasq.conf
conf-dir=/etc/dnsmasq.d
$ ls /etc/dnsmasq.d
01-basic.conf 02-resolvers.conf 03-dhcp.conf 04-dhcp-devices.conf README
$ cat /etc/dnsmasq.d/02-resolvers.conf | grep -v '^#' | grep -v '^$'
no-resolv
server=131.174.78.16
server=131.174.78.17
server=2001:4860:4860::8888
server=2001:4860:4860::8844
$ grep strict-order /etc/dnsmasq.d/*
(no output)
$ ps ax | grep dnsmasq
7700 ? S 0:00 /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u
dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
$ dnsmasq -v
Dnsmasq version 2.62 Copyright (c) 2000-2012 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP
conntrack
This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
