Thank you Simon for the follow-up. I use dnsmasq on a Ubiquity Edge router (ER-4), the version is
root@ubnt:~# dnsmasq --version Dnsmasq version 2.78-23-g9e09429 Copyright (c) 2000-2017 Simon Kelley Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify I tried to query the A and AAAA record for a host which is part of my internal domain, defined though a wildcard: address=/swtk.info/192.168.10.2 The requests are root@srv ~# dig -t A mqtt.swtk.info ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t A mqtt.swtk.info ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56145 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mqtt.swtk.info. IN A ;; ANSWER SECTION: mqtt.swtk.info. 0 IN A 192.168.10.2 ;; Query time: 0 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Thu Aug 05 17:53:12 CEST 2021 ;; MSG SIZE rcvd: 48 → this is a correct answer, A is present and status is NOERROR root@srv ~# dig -t AAAA mqtt.swtk.info ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t AAAA mqtt.swtk.info ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15102 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mqtt.swtk.info. IN AAAA ;; Query time: 0 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Thu Aug 05 17:53:17 CEST 2021 ;; MSG SIZE rcvd: 32 This is an incorrect answer: the AAAA record does not exist and the status is NXDOMAIN instead of NODATA The relevant logs are: Aug 5 17:52:24 dnsmasq[1007]: started, version 2.78-23-g9e09429 cachesize 150 Aug 5 17:52:24 dnsmasq[1007]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify Aug 5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.2.30 -- 192.168.2.50, lease time 1d Aug 5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.10.50 -- 192.168.10.254, lease time 1d Aug 5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53 for domain orange.fr Aug 5 17:52:24 dnsmasq[1007]: using nameserver 8.8.4.4#53 Aug 5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53 Aug 5 17:52:24 dnsmasq[1007]: using nameserver 1.0.0.1#53 Aug 5 17:52:24 dnsmasq[1007]: using local addresses only for domain swtk.info Aug 5 17:52:24 dnsmasq[1007]: using local addresses only for domain 10.168.192.in-addr.arpa Aug 5 17:52:24 dnsmasq[1007]: read /etc/hosts - 8 addresses Aug 5 17:52:32 dnsmasq[1007]: query[AAAA] mqtt.swtk.info from 192.168.10.2 Aug 5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN Aug 5 17:52:32 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2 Aug 5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2 Aug 5 17:52:32 dnsmasq[1007]: query[AAAA] mqtt.swtk.info from 192.168.10.2 Aug 5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN Aug 5 17:52:32 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2 Aug 5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2 Aug 5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2 Aug 5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2 Aug 5 17:52:33 dnsmasq[1007]: query[AAAA] mqtt.swtk.info from 192.168.10.2 Aug 5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN Aug 5 17:52:33 dnsmasq[1007]: query[AAAA] mqtt.swtk.info from 192.168.10.2 Aug 5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN Aug 5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2 Aug 5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2 Aug 5 17:52:33 dnsmasq[1007]: query[AAAA] mqtt.swtk.info from 192.168.10.2 Aug 5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN Aug 5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2 Aug 5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2 Would anything else be of interest? Thank you! Le jeu. 5 août 2021 à 17:09, Simon Kelley <si...@thekelleys.org.uk> a écrit : > There's lots of code in dnsmasq which tries to get this right. > > eg. > > forward AAAA upstream > upstream replies with NXDOMAIN > dnsmasq checks if it knows data for other record types like A and if so > rewrites NXDOMAIN to NODATA. > > TLDR; We though of this, and we think it works correctly. If you've > found a specific case where it isn't working, we'll need more > information on exactly what that case is, and what version of dnsmasq > you're running. > > Setting --log-queries, demonstrating the problem, then sending the logs, > would be a good start. > > > cheers, > > Simon. > > > On 04/08/2021 20:42, Wojtek Swiatek wrote: > > Hello everyone > > > > I noticed that my dnsmasq server is sending an NXDOMAIN instead of > > a NODATA when I query it for AAAA records it does not have. > > > > This is, I believe, not the correct behaviour > > (https://datatracker.ietf.org/doc/html/rfc2308 > > <https://datatracker.ietf.org/doc/html/rfc2308> - see 1 Terminology → > > NODATA) and that response breaks queries that otherwise would have tried > > the A record. See for > > instance > https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST > > <https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST > > > > > > As a workaround: is there a way to automatically populate AAAA > > records together with the A ones (from DHCP)? > > > > _______________________________________________ > > Dnsmasq-discuss mailing list > > Dnsmasq-discuss@lists.thekelleys.org.uk > > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss > > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss >
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
