On 7/9/2021 17:46, Geert Stappers via Dnsmasq-discuss wrote:
On Fri, Jul 09, 2021 at 02:35:29PM +0200, Petr Menšík wrote:
On 6/16/21 1:26 PM, Trey Sis wrote:
On 6/14/2021 1:43, Trey Sis wrote:
On 6/13/2021 22:01, Geert Stappers wrote:
warning: 1 line adds whitespace errors.
My bad! Fixed. Find the new patch attached to this message.
Hello everyone,
I was wondering if anyone has any suggestions or objections for the
patch?
I still think it would be very valuable for many setups out there to
drop A records. Most OS don't query for AAAA if there is no IPv6
connection. But none don't query for A if there is no IPv4. That often
causes problems with applications that did not (yet) implement happy
eyeballs. Getting this upstream would make it much easier to handle
IPv6-only environments.
What do you think?
Hi Trey,
Are there any specific applications requiring this patch? It seems to me
most of work should be spent on applications not handling IPv4 addresses
correctly. Also, I would implement filtering of both address families if
it is required.
Are there specific applications, where we can help escalate the problem
on their side instead? As you have already said, when they ask for A
address, they should receive one. Whether it is useful or not, clients
should be able to process it. And skipping to IPv6 in case of no IPv4
connectivity should be immediate. We lack full IPv6 connectivity at
office, so far I know only svn is not able to switch to IPv4 only. Which
is solved by switching to git. Filtering of AAAA record would have
solved it too.
Quoting post that started this email thread:
} I have created a patch that adds an option to dnsmasq to filter
} out A record requests. This is particularly suitable for IPv6-only
} environments. Some software (especially NodeJS) will reorder DNS
} requests giving priority to A records, irrespective of IPv4
} connectivity of the host. My patch filters A records, while AAAA
} records are returned.
Short answer to
Do you have examples of applications, where this change would help?
NodeJS
Alright, so I have found the time now to rebase this patch against the
current branch.
I can only repeat that it would be make a lot of folks happy to have
this patch included, even if they're not on this mailing list. It's
mostly NodeJS applications, but other apps as well. It's often not clear
what would work. So this patch would also be helpful in development
environments when testing IPv6 compatibility with software.
I would really love to have some feedback if you are missing some detail.
Cheers,
Treysis
From 4e355f5880066ade0240652f53544b23cb91ae73 Mon Sep 17 00:00:00 2001
From: treysis <trey...@gmx.net>
Date: Sat, 5 Jun 2021 15:27:26 +0200
Subject: [PATCH] Add option to filter A record requests
---
src/dnsmasq.h | 3 ++-
src/option.c | 5 ++++-
src/rfc1035.c | 11 +++++++++++
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 8674823..24d66a6 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -275,7 +275,8 @@ struct event_desc {
#define OPT_UMBRELLA_DEVID 64
#define OPT_CMARK_ALST_EN 65
#define OPT_QUIET_TFTP 66
-#define OPT_LAST 67
+#define OPT_FILTER_A 67
+#define OPT_LAST 68
#define OPTION_BITS (sizeof(unsigned int)*8)
#define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
diff --git a/src/option.c b/src/option.c
index ffce9fc..98bfa32 100644
--- a/src/option.c
+++ b/src/option.c
@@ -174,6 +174,7 @@ struct myoption {
#define LOPT_CMARK_ALST_EN 365
#define LOPT_CMARK_ALST 366
#define LOPT_QUIET_TFTP 367
+#define LOPT_FILTER_A 368
#ifdef HAVE_GETOPT_LONG
static const struct option opts[] =
@@ -351,8 +352,9 @@ static const struct myoption opts[] =
{ "dhcp-ignore-clid", 0, 0, LOPT_IGNORE_CLID },
{ "dynamic-host", 1, 0, LOPT_DYNHOST },
{ "log-debug", 0, 0, LOPT_LOG_DEBUG },
- { "umbrella", 2, 0, LOPT_UMBRELLA },
+ { "umbrella", 2, 0, LOPT_UMBRELLA },
{ "quiet-tftp", 0, 0, LOPT_QUIET_TFTP },
+ { "filter-a", 0, 0, LOPT_FILTER_A },
{ NULL, 0, 0, 0 }
};
@@ -539,6 +541,7 @@ static struct {
{ LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script
when lease expiry changes."), NULL },
{ LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]", gettext_noop("Send Cisco Umbrella
identifiers including remote IP."), NULL },
{ LOPT_QUIET_TFTP, OPT_QUIET_TFTP, NULL, gettext_noop("Do not log routine
TFTP."), NULL },
+ { LOPT_FILTER_A, OPT_FILTER_A, NULL, gettext_noop("Filter all A requests."),
NULL },
{ 0, 0, NULL, NULL, NULL }
};
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 9b87541..422744a 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1987,6 +1987,17 @@ size_t answer_request(struct dns_header *header, char
*limit, size_t qlen,
}
}
+ /* filter A forwards */
+ if (qtype == T_A && option_bool(OPT_FILTER_A))
+ {
+ /* return a null reply */
+ ans = 1;
+ if (!dryrun)
+ log_query(F_CONFIG | F_IPV6 | F_NEG, name, &addr, NULL);
+ break;
+ }
+ /* end of filtering A */
+
if (!ans)
return 0; /* failed to answer a question */
}
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
