Le jeu. 5 août 2021 à 19:41, Simon Kelley <si...@thekelleys.org.uk> a écrit :
> OK. The problem is here: using local addresses only for domain swtk.info > > That's an easy spot because I just fixed this particular combination. > > I guess you have something like > > local=/swtk.info/ > > and dnsmasq is using this to return NXDOMAIN without checking that it > has more specific data for the query in other types. > > As a workaround, removing that configuration should make things work, at > the expense of extra trips to the upstream servers. > Thank you. The problem is that swtk.info is also declared on .info so (if I understand local= correctly), it would attempt to resolve mqtt.swtk.info on Internet. Which would fail. The local=/swtk.info/ and address=/swtk.info/192.168.10.2 combo fixes this. > > This should already be fixed in the development code: if it's possible > for you to run > https://thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.86test6.tar.gz > that should fix things, and doing so would be a useful test for me. > Unfortunately, since the dnsmasq binary I use is part of a router, I have no way to use another version. Which, as I realize now, will be a major problem anyway since the issue is not a matter of configuration. > > > Cheers, > > > Simon. > > > On 05/08/2021 17:01, Wojtek Swiatek wrote: > > Thank you Simon for the follow-up. > > > > I use dnsmasq on a Ubiquity Edge router (ER-4), the version is > > > > root@ubnt:~# dnsmasq --version > > Dnsmasq version 2.78-23-g9e09429 Copyright (c) 2000-2017 Simon Kelley > > Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua > > TFTP conntrack ipset auth DNSSEC loop-detect inotify > > > > I tried to query the A and AAAA record for a host which is part of my > > internal domain, defined though a wildcard: > > address=/swtk.info/192.168.10.2 <http://swtk.info/192.168.10.2> > > > > The requests are > > > > root@srv ~# dig -t A mqtt.swtk.info <http://mqtt.swtk.info> > > > > ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t A mqtt.swtk.info > > <http://mqtt.swtk.info> > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56145 > > ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: > 0 > > > > ;; QUESTION SECTION: > > ;mqtt.swtk.info <http://mqtt.swtk.info>. IN > A > > > > ;; ANSWER SECTION: > > mqtt.swtk.info <http://mqtt.swtk.info>. 0 IN A > > 192.168.10.2 > > > > ;; Query time: 0 msec > > ;; SERVER: 192.168.10.1#53(192.168.10.1) > > ;; WHEN: Thu Aug 05 17:53:12 CEST 2021 > > ;; MSG SIZE rcvd: 48 > > > > → this is a correct answer, A is present and status is NOERROR > > > > root@srv ~# dig -t AAAA mqtt.swtk.info <http://mqtt.swtk.info> > > > > ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t AAAA mqtt.swtk.info > > <http://mqtt.swtk.info> > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15102 > > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > > > ;; QUESTION SECTION: > > ;mqtt.swtk.info <http://mqtt.swtk.info>. IN > AAAA > > > > ;; Query time: 0 msec > > ;; SERVER: 192.168.10.1#53(192.168.10.1) > > ;; WHEN: Thu Aug 05 17:53:17 CEST 2021 > > ;; MSG SIZE rcvd: 32 > > > > This is an incorrect answer: the AAAA record does not exist and the > > status is NXDOMAIN instead of NODATA > > > > The relevant logs are: > > > > Aug 5 17:52:24 dnsmasq[1007]: started, version 2.78-23-g9e09429 > > cachesize 150 > > Aug 5 17:52:24 dnsmasq[1007]: compile time options: IPv6 GNU-getopt > > DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC > > loop-detect inotify > > Aug 5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.2.30 -- > > 192.168.2.50, lease time 1d > > Aug 5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.10.50 -- > > 192.168.10.254, lease time 1d > > Aug 5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53 for domain > > orange.fr <http://orange.fr> > > Aug 5 17:52:24 dnsmasq[1007]: using nameserver 8.8.4.4#53 > > Aug 5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53 > > Aug 5 17:52:24 dnsmasq[1007]: using nameserver 1.0.0.1#53 > > Aug 5 17:52:24 dnsmasq[1007]: using local addresses only for domain > > swtk.info <http://swtk.info> > > Aug 5 17:52:24 dnsmasq[1007]: using local addresses only for domain > > 10.168.192.in-addr.arpa > > Aug 5 17:52:24 dnsmasq[1007]: read /etc/hosts - 8 addresses > > Aug 5 17:52:32 dnsmasq[1007]: query[AAAA] mqtt.swtk.info > > <http://mqtt.swtk.info> from 192.168.10.2 > > Aug 5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info > > <http://mqtt.swtk.info> is NXDOMAIN > > Aug 5 17:52:32 dnsmasq[1007]: query[A] mqtt.swtk.info > > <http://mqtt.swtk.info> from 192.168.10.2 > > Aug 5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info > > <http://mqtt.swtk.info> is 192.168.10.2 > > Aug 5 17:52:32 dnsmasq[1007]: query[AAAA] mqtt.swtk.info > > <http://mqtt.swtk.info> from 192.168.10.2 > > Aug 5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info > > <http://mqtt.swtk.info> is NXDOMAIN > > Aug 5 17:52:32 dnsmasq[1007]: query[A] mqtt.swtk.info > > <http://mqtt.swtk.info> from 192.168.10.2 > > Aug 5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info > > <http://mqtt.swtk.info> is 192.168.10.2 > > Aug 5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info > > <http://mqtt.swtk.info> from 192.168.10.2 > > Aug 5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info > > <http://mqtt.swtk.info> is 192.168.10.2 > > Aug 5 17:52:33 dnsmasq[1007]: query[AAAA] mqtt.swtk.info > > <http://mqtt.swtk.info> from 192.168.10.2 > > Aug 5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info > > <http://mqtt.swtk.info> is NXDOMAIN > > Aug 5 17:52:33 dnsmasq[1007]: query[AAAA] mqtt.swtk.info > > <http://mqtt.swtk.info> from 192.168.10.2 > > Aug 5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info > > <http://mqtt.swtk.info> is NXDOMAIN > > Aug 5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info > > <http://mqtt.swtk.info> from 192.168.10.2 > > Aug 5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info > > <http://mqtt.swtk.info> is 192.168.10.2 > > Aug 5 17:52:33 dnsmasq[1007]: query[AAAA] mqtt.swtk.info > > <http://mqtt.swtk.info> from 192.168.10.2 > > Aug 5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info > > <http://mqtt.swtk.info> is NXDOMAIN > > Aug 5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info > > <http://mqtt.swtk.info> from 192.168.10.2 > > Aug 5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info > > <http://mqtt.swtk.info> is 192.168.10.2 > > > > > > Would anything else be of interest? > > > > Thank you! > > > > > > > > > > > > > > > > > > > > Le jeu. 5 août 2021 à 17:09, Simon Kelley <si...@thekelleys.org.uk > > <mailto:si...@thekelleys.org.uk>> a écrit : > > > > There's lots of code in dnsmasq which tries to get this right. > > > > eg. > > > > forward AAAA upstream > > upstream replies with NXDOMAIN > > dnsmasq checks if it knows data for other record types like A and if > so > > rewrites NXDOMAIN to NODATA. > > > > TLDR; We though of this, and we think it works correctly. If you've > > found a specific case where it isn't working, we'll need more > > information on exactly what that case is, and what version of dnsmasq > > you're running. > > > > Setting --log-queries, demonstrating the problem, then sending the > logs, > > would be a good start. > > > > > > cheers, > > > > Simon. > > > > > > On 04/08/2021 20:42, Wojtek Swiatek wrote: > > > Hello everyone > > > > > > I noticed that my dnsmasq server is sending an NXDOMAIN instead of > > > a NODATA when I query it for AAAA records it does not have. > > > > > > This is, I believe, not the correct behaviour > > > (https://datatracker.ietf.org/doc/html/rfc2308 > > <https://datatracker.ietf.org/doc/html/rfc2308> > > > <https://datatracker.ietf.org/doc/html/rfc2308 > > <https://datatracker.ietf.org/doc/html/rfc2308>> - see 1 > Terminology → > > > NODATA) and that response breaks queries that otherwise would have > > tried > > > the A record. See for > > > > > instance > https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST > > < > https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST> > > > > > < > https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST > > < > https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST>> > > > > > > As a workaround: is there a way to automatically populate AAAA > > > records together with the A ones (from DHCP)? > > > > > > _______________________________________________ > > > Dnsmasq-discuss mailing list > > > Dnsmasq-discuss@lists.thekelleys.org.uk > > <mailto:Dnsmasq-discuss@lists.thekelleys.org.uk> > > > > > > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss > > < > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss> > > > > > > > _______________________________________________ > > Dnsmasq-discuss mailing list > > Dnsmasq-discuss@lists.thekelleys.org.uk > > <mailto:Dnsmasq-discuss@lists.thekelleys.org.uk> > > > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss > > < > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss> > > >
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
