Hello, I found the commit 627056febbf1b08e3028700184ee2f6c7ae799c6 breaks
the legacy support of ipset. Here is my config to reproduce the problem.
# /tmp/dnsmasq.conf
port=30000
server=8.8.8.8
server=/google.com/1.1.1.1
ipset=/google.com/test
I use dig to query google.com, expecting to add DNS to an ipset named
'test'.
$ sudo ipset create test hash:ip
$ sudo src/dnsmasq -d -C /tmp/dnsmasq.conf -q
$ dig @localhost -p30000 google.com
In commit cbd76447fd46b7ed60c63dab95d7119f2420fc23 (parent of 627056febb),
everything works fine:
dnsmasq: started, version 2.86test2-9-gcbd7644 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n
no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-cryptohash
no-DNSSEC loop-detect inotify dumpfile
dnsmasq: using nameserver 1.1.1.1#53 for domain google.com
dnsmasq: using nameserver 8.8.8.8#53
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 1.1.1.1#53 for domain google.com
dnsmasq: using nameserver 8.8.8.8#53
dnsmasq: using nameserver 127.0.0.53#53
dnsmasq: read /etc/hosts - 8 addresses
dnsmasq: query[A] google.com from 127.0.0.1
dnsmasq: forwarded google.com to 1.1.1.1
dnsmasq: ipset add test 172.217.26.142 google.com
dnsmasq: reply google.com is 172.217.26.142
In commit 627056febbf1b08e3028700184ee2f6c7ae799c6, answers could not be
added to ipset.
dnsmasq: started, version 2.86test2-11-g9731298 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n
no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-cryptohash
no-DNSSEC loop-detect inotify dumpfile
dnsmasq: using nameserver 1.1.1.1#53 for domain google.com
dnsmasq: using nameserver 8.8.8.8#53
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 1.1.1.1#53 for domain google.com
dnsmasq: using nameserver 8.8.8.8#53
dnsmasq: using nameserver 127.0.0.53#53
dnsmasq: read /etc/hosts - 8 addresses
dnsmasq: query[A] google.com from 127.0.0.1
dnsmasq: forwarded google.com to 1.1.1.1
dnsmasq: reply google.com is 142.250.66.46
I added printf() to locate the problem(in function process_reply(), src
file = forward.c)
#ifdef HAVE_IPSET
if (daemon->ipsets && extract_request(header, n, daemon->namebuff, NULL))
{
printf("searching ipset now\n");
/* Similar algorithm to search_servers. */
struct ipsets *ipset_pos;
unsigned int namelen = strlen(daemon->namebuff);
unsigned int matchlen = 0;
for (ipset_pos = daemon->ipsets; ipset_pos; ipset_pos = ipset_pos->next)
In commit 627056febb there is no "searching ipset now" in running logs. The
return value of extract_request() is 0. It is possible that forwarded DNS
queries are not allowed to be added to ipset.
Can I use legacy ipset support in feature releases?
Regards,
Xingcong Li
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
