Hi Casey, On Fri, 2024-08-30 at 13:42 -0700, Casey Tucker via Dnsmasq-discuss wrote: > Hello, > > We've run into a regression between 2.89 and 2.90 that was introduced > in > https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=f5ef0f064c3f06b250a9eeda36dc239227658b00 > which resolved the possible SIGSEGV reported in > https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q1/016903.html > by Daniel Danzberger. > > There's now a difference in behavior when resolving AAAA records when > only an IPv4 address (A record) is present in the addn-hosts file for > the given hostname. In our setup, when running `dig aaaa @127.0.0.1 > localhost`, the message `config error is REFUSED (EDE: not ready)` > appears in log files and the user sees a status of REFUSED when > running v2.90. > > Previously (2.80 through 2.89), the logs show `config localhost is > NODATA-IPv6` and the user sees a status of NOERROR, which is the > behavior our applications expect, since nginx issue requests for both > A and AAAA records when resolving hostnames unless told to do > otherwise, and will log `Operation not permitted` when receiving > REFUSED in response. > > It's worth mentioning that we can avoid getting REFUSED by using the > `domain-needed` directive, but we can't confidently ship with this > option enabled due to the possibility that some real-world deployment > may rely on forwarding unqualified domain names to upstream DNS > servers. > > I don't know whether the way it worked before was intended or an > emergent property of previously undefined behavior, but since we need > it to do as it did before, we now need to patch and compile dnsmasq > with a revert commit instead of directly consuming upstream Ubuntu > packages. I don't have a proposed fix at this time but I will > continue > to look at this within the next few days. > > Configuration follows: > > Platform: Linux (Ubuntu 20.04) amd64 > > dnsmasq.conf: > -- > listen-address=127.0.0.1 > listen-address=::1 > no-hosts > addn-hosts=/etc/hosts.dnsmasq > strict-order > conf-dir=/etc/dnsmasq.d > local=// > server=/ghe.local/127.0.0.1#8600 > -- > > resolv.conf: > -- > nameserver 127.0.0.1 > options timeout:1 > -- > > hosts.dnsmasq: > -- > 127.0.0.1 localhost > ::1 ip6-localhost ip6-loopback > fe00::0 ip6-localnet > ff00::0 ip6-mcastprefix > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > -- >
Did you try to alter the hosts.dnsmasq file like this? 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters Note the repeated 'localhost' with ::1. Cheers, Sven > Cheers, > > Casey Tucker > Software Engineer, GitHub > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss -- GPG Fingerprint 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
