Hello, We've run into a regression between 2.89 and 2.90 that was introduced in https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=f5ef0f064c3f06b250a9eeda36dc239227658b00 which resolved the possible SIGSEGV reported in https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q1/016903.html by Daniel Danzberger.
There's now a difference in behavior when resolving AAAA records when only an IPv4 address (A record) is present in the addn-hosts file for the given hostname. In our setup, when running `dig aaaa @127.0.0.1 localhost`, the message `config error is REFUSED (EDE: not ready)` appears in log files and the user sees a status of REFUSED when running v2.90. Previously (2.80 through 2.89), the logs show `config localhost is NODATA-IPv6` and the user sees a status of NOERROR, which is the behavior our applications expect, since nginx issue requests for both A and AAAA records when resolving hostnames unless told to do otherwise, and will log `Operation not permitted` when receiving REFUSED in response. It's worth mentioning that we can avoid getting REFUSED by using the `domain-needed` directive, but we can't confidently ship with this option enabled due to the possibility that some real-world deployment may rely on forwarding unqualified domain names to upstream DNS servers. I don't know whether the way it worked before was intended or an emergent property of previously undefined behavior, but since we need it to do as it did before, we now need to patch and compile dnsmasq with a revert commit instead of directly consuming upstream Ubuntu packages. I don't have a proposed fix at this time but I will continue to look at this within the next few days. Configuration follows: Platform: Linux (Ubuntu 20.04) amd64 dnsmasq.conf: -- listen-address=127.0.0.1 listen-address=::1 no-hosts addn-hosts=/etc/hosts.dnsmasq strict-order conf-dir=/etc/dnsmasq.d local=// server=/ghe.local/127.0.0.1#8600 -- resolv.conf: -- nameserver 127.0.0.1 options timeout:1 -- hosts.dnsmasq: -- 127.0.0.1 localhost ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters -- Cheers, Casey Tucker Software Engineer, GitHub _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
