Re: [Dnsmasq-discuss] Infinite loop in dnsmasq v2.86?

Mon, 17 Jan 2022 14:50:52 -0800 

After much messing about, I finally realized I'd gotten to the point where I 
could write a simple script to attempt to generate the problem and did so. I'be 
now reproduced the problem on x86 Linux with v2.86 tag in the git repo, which 
made things much easier.

The attached tar ball contains the script, my config file, my Makefile. The 
directories success and failure contain a capture of a v2.86 failure and 
success. The DNSSEC reply causing the failure is interesting.

failure: 19 0.098203 8.8.4.4 0.0.0.0 DNS 319 Standard query response 0x2b96 DS 
admanmedia.com<http://admanmedia.com> CNAME 
admanmedia.com.edgekey.net<http://admanmedia.com.edgekey.net> RRSIG CNAME 
e11261.dscd.akamaiedge.net<http://e11261.dscd.akamaiedge.net> SOA 
n0dscd.akamaiedge.net<http://n0dscd.akamaiedge.net> OPT

success: 19 7.418939 8.8.4.4 0.0.0.0 DNS 888 Standard query response 0xff70 DS 
admanmedia.com<http://admanmedia.com> NSEC3 RRSIG SOA 
a.gtld-servers.net<http://a.gtld-servers.net> RRSIG NSEC3 RRSIG OPT

The directory new contains a capture of sequence that caused the failure 
against 2.87test5-16-g27ce754 and dnsmasq abandoned the validation and did not 
loop. Certainly better than what it used to do, but is it correct?

Jan 17 13:53:17 dnsmasq[143548]: dumping UDP packet 15 mask 0x0001
Jan 17 13:53:17 dnsmasq[143548]: query[A] 
cs.admanmedia.com<http://cs.admanmedia.com> from 127.0.0.1
Jan 17 13:53:17 dnsmasq[143548]: dumping UDP packet 16 mask 0x0004
Jan 17 13:53:17 dnsmasq[143548]: forwarded 
cs.admanmedia.com<http://cs.admanmedia.com> to 8.8.4.4
Jan 17 13:53:17 dnsmasq[143548]: dumping UDP packet 17 mask 0x0008
Jan 17 13:53:17 dnsmasq[143548]: dumping UDP packet 18 mask 0x0010
Jan 17 13:53:17 dnsmasq[143548]: dnssec-query[DS] 
admanmedia.com<http://admanmedia.com> to 8.8.4.4
Jan 17 13:53:17 dnsmasq[143548]: dumping UDP packet 19 mask 0x0020
Jan 17 13:53:17 dnsmasq[143548]: detected DNSSEC dependency loop involving 
admanmedia.com<http://admanmedia.com>
Jan 17 13:53:17 dnsmasq[143548]: validation 
cs.admanmedia.com<http://cs.admanmedia.com> is ABANDONED
Jan 17 13:53:17 dnsmasq[143548]: reply 
cs.admanmedia.com<http://cs.admanmedia.com> is 88.214.206.247
Jan 17 13:53:17 dnsmasq[143548]: dumping UDP packet 20 mask 0x0002

Attachment: loop.tgz
Description: loop.tgz

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Reply via email to