Hi, I am running into a bug in the following circumstances.
When the config has a mix of the below (e.g. pick any 2 of 3, or pick all 3): 1. dynamic-host entries with only IPv4 address fragments specified. 2. dynamic-host entries with only IPv6 address fragments specified. 3. dynamic-host entries with both IPv4 and IPv6 address fragments specified. Then the following occurs when querying DNS for PTR records: - For IPv6 PTR records from dynamic-host, only IPv6 addresses whose dynamic-host entries are before the first IPv4-only dynamic-host entry can be resolved to name. All IPv6 addresses whose entry is after the first IPv4-only entry cannot be resolved to name. - For IPv4 PTR records from dynamic-host, only IPv4 addresses whose dynamic-host entries are before the first IPv6-only dynamic-host entry can be resolved to name. All IPv4 addresses whose entry is after the first IPv6-only entry cannot be resolved to name. The man page entry for dynamic-host shows both [IPv4-address] and [IPv6-address] in square brackets [], suggesting that it's perfectly acceptable to specify entries with only IPv4, only IPv6, or both IPv4+IPv6. I haven't seen anything suggesting that they should not be mixed and matched. This seems vaguely similar to the issue fixed by commit f4c87b504b444efb05892b8c7fc295e886f70789 <https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=f4c87b504b444efb05892b8c7fc295e886f70789> back in February (I was originally testing with dnsmasq 2.85 before this fix and ran into this issue myself). However I have confirmed this issue using dnsmasq from the Git repo as of 2022-07-22 (on both Raspberry Pi OS bullseye and Debian Sid) - well after this commit. For context, the reason that I personally am running into this scenario is because I am using dnsmasq for DHCPv6 and DNS. So I have: (a) Some devices where I add a dhcp-host entry for IPv6 + a dynamic-host entry for only IPv4. (I would be using host-record instead of dynamic-host as my IPv4 prefix is fixed, but I'm currently using dynamic-host as a workaround to another issue identified on this mailing list: With auth-zone enabled, DNS response only provides DHCPv6 IP and ignores IPv4 address/host-record entries <https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg16336.html> ) (b) Other devices where I add a single dynamic-host entry for both IPv4 and IPv6. The first (a) entry breaks reverse lookup for all IPv6 addresses in (b) entries. PTR records added by other means work fine - for example from ptr-record or dhcp-host. Therefore manually adding ptr-records is a workaround (although very tedious for IPv6!) More detail and steps to reproduce: (0) Consider the configuration below, with a mix of IPv4-only and IPv4+IPv6 entries: no-resolv dynamic-host=Computer1.example.org, 0.0.0.1, ::1, eth0 dynamic-host=Computer2.example.org, 0.0.0.2, eth0 dynamic-host=Computer3.example.org, 0.0.0.3, ::3, eth0 dynamic-host=Computer4.example.org, 0.0.0.4, eth0 dynamic-host=Computer5.example.org, 0.0.0.5, ::5, eth0 Assume the local network is 10.0.0.0/24 and fd50::/64, and eth0 is configured with IPs in these ranges. (1) Looking up A records for all 5 names will return results for all 5 computers - as expected $ dig @10.0.0.1 +short A Computer1.example.org Computer2.example.org Computer3.example.org Computer4.example.org Computer5.example.org 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.5 (2) Looking up AAAA records for all 5 names will return results for Computer1, Computer3, and Computer5 - as expected dig @10.0.0.1 +short AAAA Computer1.example.org Computer2.example.org Computer3.example.org Computer4.example.org Computer5.example.org fd50::1 fd50::3 fd50::5 (3) Looking up PTR records for all 5 IPv4 addresses will return names for all 5 computers - as expected $ dig @10.0.0.1 +short -x 10.0.0.1 -x 10.0.0.2 -x 10.0.0.3 -x 10.0.0.4 -x 10.0.0.5 Computer1.example.org. Computer2.example.org. Computer3.example.org. Computer4.example.org. Computer5.example.org. (4) However, looking up PTR records for all 3 IPv6 addresses will *only* return the name for Computer1. This is not expected - all three names should be returned. $ dig @10.0.0.1 +short -x fd50::1 -x fd50::3 -xfd50::5 Computer1.example.org. What is happening is the existence and position of the entry for Computer2 is breaking reverse DNS lookup for Computer3/Computer5. The behaviour is entirely affected by the order of the dynamic-host entries in the file. For example, if you reverse the order of the dynamic-host entries in the config in (0), then only the name for Computer 5 is returned. $ dig @10.0.0.1 +short -x fd50::1 -x fd50::3 -x fd50::5 Computer5.example.org. If you change the order so all IPv4+IPv6 entries are first (i.e. Computer1 > Computer3 > Computer5 > Computer2 > Computer4), then all IPv6 addresses can resolve to names: $ dig @10.0.0.1 +short -x fd50::1 -x fd50::3 -x fd50::5 Computer1.example.org. Computer3.example.org. Computer5.example.org. If you change the order so all IPv4-only entries are first (i.e. Computer 2 > Computer 4 > Computer 1 > Computer 3 > Computer 5), then no IPv6 addresses can resolve to names at all. $ dig @10.0.0.1 +short -x fd50::1 -x fd50::3 -x fd50::5 (5) For the reverse of (0)-(4) - a mix of IPv6-only and IPv4+IPv6 entries - the reverse problem occurs: Config: no-resolv dynamic-host=Computer1.example.org, 0.0.0.1, ::1, eth0 dynamic-host=Computer2.example.org, ::2, eth0 dynamic-host=Computer3.example.org, 0.0.0.3, ::3, eth0 dynamic-host=Computer4.example.org, ::4, eth0 dynamic-host=Computer5.example.org, 0.0.0.5, ::5, eth0 IPv4 PTR records broken (only returns those before Computer2) $ dig @10.0.0.1 +short -x 10.0.0.1 -x 10.0.0.3 -x 10.0.0.5 Computer1.example.org. (7) For a mix of IPv4-only and IPv6-only entries, the same problem occurs for both: Config: no-resolv dynamic-host=Computer1.example.org, ::1, eth0 dynamic-host=Computer2.example.org, 0.0.0.2, eth0 dynamic-host=Computer3.example.org, ::3, eth0 dynamic-host=Computer4.example.org, 0.0.0.4, eth0 dynamic-host=Computer5.example.org, ::5, eth0 IPv4 PTR records broken (only returns those before Computer1 - i.e. none) $ dig @10.0.0.1 +short -x 10.0.0.2 -x 10.0.0.4 IPv6 PTR records broken (only returns those before Computer2) $ dig @10.0.0.1 +short -x fd50::1 -x fd50::3 -x fd50::5 Computer1.example.org. Hope this is all clear! Kind regards, ryt51v
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
