date:20210805

Re: [Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

2021-08-05 Thread Simon Kelley

There's lots of code in dnsmasq which tries to get this right.

eg.

forward  upstream
upstream replies with NXDOMAIN
dnsmasq checks if it knows data for other record types like A and if so
rewrites NXDOMAIN to NODATA.

TLDR; We though of this, and we think it works correctly. If you've
found a specific case where it isn't working, we'll need more
information on exactly what that case is, and what version of dnsmasq
you're running.

Setting --log-queries, demonstrating the problem, then sending the logs,
would be a good start.

cheers,

Simon.

On 04/08/2021 20:42, Wojtek Swiatek wrote:
> Hello everyone
> 
> I noticed that my dnsmasq server is sending an NXDOMAIN instead of
> a NODATA when I query it for  records it does not have.
> 
> This is, I believe, not the correct behaviour
> (https://datatracker.ietf.org/doc/html/rfc2308
>  - see 1 Terminology →
> NODATA) and that response breaks queries that otherwise would have tried
> the A record. See for
> instance 
> https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST
> 
> 
> As a workaround: is there a way to automatically populate 
> records together with the A ones (from DHCP)?
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> 

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

2021-08-05 Thread Wojtek Swiatek

Thank you Simon for the follow-up.

I use dnsmasq on a Ubiquity Edge router (ER-4), the version is

root@ubnt:~# dnsmasq --version
Dnsmasq version 2.78-23-g9e09429  Copyright (c) 2000-2017 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP
conntrack ipset auth DNSSEC loop-detect inotify

I tried to query the A and  record for a host which is part of my
internal domain, defined though a wildcard:
address=/swtk.info/192.168.10.2

The requests are

root@srv ~# dig -t A mqtt.swtk.info

; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t A mqtt.swtk.info
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56145
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mqtt.swtk.info.IN  A

;; ANSWER SECTION:
mqtt.swtk.info. 0   IN  A   192.168.10.2

;; Query time: 0 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Thu Aug 05 17:53:12 CEST 2021
;; MSG SIZE  rcvd: 48

→ this is a correct answer, A is present and status is NOERROR

root@srv ~# dig -t  mqtt.swtk.info

; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t  mqtt.swtk.info
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15102
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mqtt.swtk.info.IN  

;; Query time: 0 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Thu Aug 05 17:53:17 CEST 2021
;; MSG SIZE  rcvd: 32

This is an incorrect answer: the  record does not exist and the status
is NXDOMAIN instead of NODATA

The relevant logs are:

Aug  5 17:52:24 dnsmasq[1007]: started, version 2.78-23-g9e09429 cachesize
150
Aug  5 17:52:24 dnsmasq[1007]: compile time options: IPv6 GNU-getopt DBus
i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect
inotify
Aug  5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.2.30 --
192.168.2.50, lease time 1d
Aug  5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.10.50 --
192.168.10.254, lease time 1d
Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53 for domain
orange.fr
Aug  5 17:52:24 dnsmasq[1007]: using nameserver 8.8.4.4#53
Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53
Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.0.0.1#53
Aug  5 17:52:24 dnsmasq[1007]: using local addresses only for domain
swtk.info
Aug  5 17:52:24 dnsmasq[1007]: using local addresses only for domain
10.168.192.in-addr.arpa
Aug  5 17:52:24 dnsmasq[1007]: read /etc/hosts - 8 addresses
Aug  5 17:52:32 dnsmasq[1007]: query[] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN
Aug  5 17:52:32 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2
Aug  5 17:52:32 dnsmasq[1007]: query[] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN
Aug  5 17:52:32 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: query[] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN
Aug  5 17:52:33 dnsmasq[1007]: query[] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN
Aug  5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: query[] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN
Aug  5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2


Would anything else be of interest?

Thank you!









Le jeu. 5 août 2021 à 17:09, Simon Kelley  a
écrit :

> There's lots of code in dnsmasq which tries to get this right.
>
> eg.
>
> forward  upstream
> upstream replies with NXDOMAIN
> dnsmasq checks if it knows data for other record types like A and if so
> rewrites NXDOMAIN to NODATA.
>
> TLDR; We though of this, and we think it works correctly. If you've
> found a specific case where it isn't working, we'll need more
> information on exactly what that case is, and what version of dnsmasq
> you're running.
>
> Setting --log-queries, demonstrating the problem, then sending the logs,
> would be a good start.
>
>
> cheers,
>
> Simon.
>
>
> On 04/08/2021 20:42, Wojtek Swiatek wrote:
> > Hello everyone
> >
> > I noticed that my dnsmasq server is sending an NXDOMAIN instead of
> > a NODATA when I query it for  records it does not have.
> >
> > This is, I believe, not the correct b

Re: [Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

2021-08-05 Thread Simon Kelley

OK. The problem is here: using local addresses only for domain swtk.info

That's an easy spot because I just fixed this particular combination.

I guess you have something like

local=/swtk.info/

and dnsmasq is using this to return NXDOMAIN without checking that it
has more specific data for the query in other  types.

As a workaround, removing that configuration should make things work, at
the expense of extra trips to the upstream servers.

This should already be fixed in the development code: if it's possible
for you to run
https://thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.86test6.tar.gz
that should fix things, and doing so would be a useful test for me.


Cheers,


Simon.


On 05/08/2021 17:01, Wojtek Swiatek wrote:
> Thank you Simon for the follow-up.
> 
> I use dnsmasq on a Ubiquity Edge router (ER-4), the version is 
> 
> root@ubnt:~# dnsmasq --version
> Dnsmasq version 2.78-23-g9e09429  Copyright (c) 2000-2017 Simon Kelley
> Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua
> TFTP conntrack ipset auth DNSSEC loop-detect inotify
> 
> I tried to query the A and  record for a host which is part of my
> internal domain, defined though a wildcard:
> address=/swtk.info/192.168.10.2 
> 
> The requests are
> 
> root@srv ~# dig -t A mqtt.swtk.info 
> 
> ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t A mqtt.swtk.info
> 
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56145
> ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;mqtt.swtk.info .                        IN      A
> 
> ;; ANSWER SECTION:
> mqtt.swtk.info .         0       IN      A      
> 192.168.10.2
> 
> ;; Query time: 0 msec
> ;; SERVER: 192.168.10.1#53(192.168.10.1)
> ;; WHEN: Thu Aug 05 17:53:12 CEST 2021
> ;; MSG SIZE  rcvd: 48
> 
> → this is a correct answer, A is present and status is NOERROR
> 
> root@srv ~# dig -t  mqtt.swtk.info 
> 
> ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t  mqtt.swtk.info
> 
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15102
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;mqtt.swtk.info .                        IN      
> 
> ;; Query time: 0 msec
> ;; SERVER: 192.168.10.1#53(192.168.10.1)
> ;; WHEN: Thu Aug 05 17:53:17 CEST 2021
> ;; MSG SIZE  rcvd: 32
> 
> This is an incorrect answer: the  record does not exist and the
> status is NXDOMAIN instead of NODATA
> 
> The relevant logs are:
> 
> Aug  5 17:52:24 dnsmasq[1007]: started, version 2.78-23-g9e09429
> cachesize 150
> Aug  5 17:52:24 dnsmasq[1007]: compile time options: IPv6 GNU-getopt
> DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC
> loop-detect inotify
> Aug  5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.2.30 --
> 192.168.2.50, lease time 1d
> Aug  5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.10.50 --
> 192.168.10.254, lease time 1d
> Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53 for domain
> orange.fr 
> Aug  5 17:52:24 dnsmasq[1007]: using nameserver 8.8.4.4#53
> Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53
> Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.0.0.1#53
> Aug  5 17:52:24 dnsmasq[1007]: using local addresses only for domain
> swtk.info 
> Aug  5 17:52:24 dnsmasq[1007]: using local addresses only for domain
> 10.168.192.in-addr.arpa
> Aug  5 17:52:24 dnsmasq[1007]: read /etc/hosts - 8 addresses
> Aug  5 17:52:32 dnsmasq[1007]: query[] mqtt.swtk.info
>  from 192.168.10.2
> Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info
>  is NXDOMAIN
> Aug  5 17:52:32 dnsmasq[1007]: query[A] mqtt.swtk.info
>  from 192.168.10.2
> Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info
>  is 192.168.10.2
> Aug  5 17:52:32 dnsmasq[1007]: query[] mqtt.swtk.info
>  from 192.168.10.2
> Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info
>  is NXDOMAIN
> Aug  5 17:52:32 dnsmasq[1007]: query[A] mqtt.swtk.info
>  from 192.168.10.2
> Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info
>  is 192.168.10.2
> Aug  5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info
>  from 192.168.10.2
> Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info
>  is 192.168.10.2
> Aug  5 17:52:33 dnsmasq[1007]: query[] mqtt.swtk.info
>  from 192.168.10.2
> Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info
>  is NXDOMAIN
> Aug  5 17:52:33 dnsmasq[1007]: query[] mqtt

Re: [Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

2021-08-05 Thread Wojtek Swiatek

Le jeu. 5 août 2021 à 19:41, Simon Kelley  a
écrit :

> OK. The problem is here: using local addresses only for domain swtk.info
>
> That's an easy spot because I just fixed this particular combination.
>
> I guess you have something like
>
> local=/swtk.info/
>
> and dnsmasq is using this to return NXDOMAIN without checking that it
> has more specific data for the query in other  types.
>
> As a workaround, removing that configuration should make things work, at
> the expense of extra trips to the upstream servers.
>

Thank you. The problem is that swtk.info is also declared on .info so (if I
understand local= correctly), it would attempt to resolve mqtt.swtk.info on
Internet. Which would fail.

The local=/swtk.info/ and address=/swtk.info/192.168.10.2 combo fixes this.


>
> This should already be fixed in the development code: if it's possible
> for you to run
> https://thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.86test6.tar.gz
> that should fix things, and doing so would be a useful test for me.
>

Unfortunately, since the dnsmasq binary I use is part of a router, I have
no way to use another version. Which, as I realize now, will be a major
problem anyway since the issue is not a matter of configuration.


>
>
> Cheers,
>
>
> Simon.
>
>
> On 05/08/2021 17:01, Wojtek Swiatek wrote:
> > Thank you Simon for the follow-up.
> >
> > I use dnsmasq on a Ubiquity Edge router (ER-4), the version is
> >
> > root@ubnt:~# dnsmasq --version
> > Dnsmasq version 2.78-23-g9e09429  Copyright (c) 2000-2017 Simon Kelley
> > Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua
> > TFTP conntrack ipset auth DNSSEC loop-detect inotify
> >
> > I tried to query the A and  record for a host which is part of my
> > internal domain, defined though a wildcard:
> > address=/swtk.info/192.168.10.2 
> >
> > The requests are
> >
> > root@srv ~# dig -t A mqtt.swtk.info 
> >
> > ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t A mqtt.swtk.info
> > 
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56145
> > ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:
> 0
> >
> > ;; QUESTION SECTION:
> > ;mqtt.swtk.info .IN
>  A
> >
> > ;; ANSWER SECTION:
> > mqtt.swtk.info . 0   IN  A
> > 192.168.10.2
> >
> > ;; Query time: 0 msec
> > ;; SERVER: 192.168.10.1#53(192.168.10.1)
> > ;; WHEN: Thu Aug 05 17:53:12 CEST 2021
> > ;; MSG SIZE  rcvd: 48
> >
> > → this is a correct answer, A is present and status is NOERROR
> >
> > root@srv ~# dig -t  mqtt.swtk.info 
> >
> > ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t  mqtt.swtk.info
> > 
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15102
> > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;mqtt.swtk.info .IN
>  
> >
> > ;; Query time: 0 msec
> > ;; SERVER: 192.168.10.1#53(192.168.10.1)
> > ;; WHEN: Thu Aug 05 17:53:17 CEST 2021
> > ;; MSG SIZE  rcvd: 32
> >
> > This is an incorrect answer: the  record does not exist and the
> > status is NXDOMAIN instead of NODATA
> >
> > The relevant logs are:
> >
> > Aug  5 17:52:24 dnsmasq[1007]: started, version 2.78-23-g9e09429
> > cachesize 150
> > Aug  5 17:52:24 dnsmasq[1007]: compile time options: IPv6 GNU-getopt
> > DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC
> > loop-detect inotify
> > Aug  5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.2.30 --
> > 192.168.2.50, lease time 1d
> > Aug  5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.10.50 --
> > 192.168.10.254, lease time 1d
> > Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53 for domain
> > orange.fr 
> > Aug  5 17:52:24 dnsmasq[1007]: using nameserver 8.8.4.4#53
> > Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53
> > Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.0.0.1#53
> > Aug  5 17:52:24 dnsmasq[1007]: using local addresses only for domain
> > swtk.info 
> > Aug  5 17:52:24 dnsmasq[1007]: using local addresses only for domain
> > 10.168.192.in-addr.arpa
> > Aug  5 17:52:24 dnsmasq[1007]: read /etc/hosts - 8 addresses
> > Aug  5 17:52:32 dnsmasq[1007]: query[] mqtt.swtk.info
> >  from 192.168.10.2
> > Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info
> >  is NXDOMAIN
> > Aug  5 17:52:32 dnsmasq[1007]: query[A] mqtt.swtk.info
> >  from 192.168.10.2
> > Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info
> >  is 192.168.10.2
> > Aug  5 17:52:32 dnsmasq[1007]: query[] mqtt.swtk.info
> >  from 192.168.10.2
> > Aug

Re: [Dnsmasq-discuss] [EXTERNAL] Re: Badly formatted "dhcp-boot=" line crashes dnsmsaq 2.85

2021-08-05 Thread Greg Wickham

Hi Matthias,

The OS is CentOS 7.9 on x86_64

Today I tried to re-create the issue and as you found it wasn't reproducible. I 
had made substantial changes to the dnsmasq.conf since the issue was reported.

I ran out of time today, but I'll have another go early next week and try to 
find the root (configuration) cause.

   -greg

-Original Message-
From: Dnsmasq-discuss  on 
behalf of Matthias Andree 
Date: Wednesday, 4 August 2021 at 7:01 pm
To: "dnsmasq-discuss@lists.thekelleys.org.uk" 

Subject: [EXTERNAL] Re: [Dnsmasq-discuss] Badly formatted "dhcp-boot=" line 
crashes dnsmsaq 2.85

.
> But I did also try 2.85 before submitting this report and it crashes
> whilst parsing the configuration file:
>
> # /tmp/dnsmasq-2.85/src/dnsmasq -k -p0
>
> Segmentation fault
>
> #
>

Greg, this appears to be insufficient information to reproduce the issue
for me. What else is in your configuration? What operating system,
version, architecture etc. are you on? What distribution?

--

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

2021-08-05 Thread Simon Kelley



On 05/08/2021 19:24, Wojtek Swiatek wrote:
> 
> 
> Le jeu. 5 août 2021 à 19:41, Simon Kelley  > a écrit :
> 
> OK. The problem is here: using local addresses only for domain
> swtk.info 
> 
> That's an easy spot because I just fixed this particular combination.
> 
> I guess you have something like
> 
> local=/swtk.info/ 
> 
> and dnsmasq is using this to return NXDOMAIN without checking that it
> has more specific data for the query in other  types.
> 
> As a workaround, removing that configuration should make things work, at
> the expense of extra trips to the upstream servers.
> 
> 
> Thank you. The problem is that swtk.info  is also
> declared on .info so (if I understand local= correctly), it would
> attempt to resolve mqtt.swtk.info  on Internet.
> Which would fail.

That's fine. mqtt.swtk.info resolves to NXDOMAIN (at least it does here)
and when dnsmasq gets that answer back, it will change it into NODATA.
because it has an A record for mqtt.swtk.info derived from a DHCP
record. That should be functional in 2.78.
> 
> The local=/swtk.info/  and
> address=/swtk.info/192.168.10.2  combo
> fixes this.
>  
> 
> 
> This should already be fixed in the development code: if it's possible
> for you to run
> https://thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.86test6.tar.gz
> 
> that should fix things, and doing so would be a useful test for me.
> 
> 
> Unfortunately, since the dnsmasq binary I use is part of a router, I
> have no way to use another version. Which, as I realize now, will be a
> major problem anyway since the issue is not a matter of configuration.
>  

This is a major defect in the state of the world. Routers should be
updated as often and as easily as desktops and laptops, but frequently
aren't and can't be.

Cheers,

Simon.


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

2021-08-05 Thread Andrew Miskell via Dnsmasq-discuss

> On Aug 5, 2021, at 2:45 PM, Simon Kelley  wrote:
> 
> 
> 
> On 05/08/2021 19:24, Wojtek Swiatek wrote:
>> 
>> 
>> Le jeu. 5 août 2021 à 19:41, Simon Kelley > > a écrit :
>> 
>>OK. The problem is here: using local addresses only for domain
>>swtk.info 
>> 
>>That's an easy spot because I just fixed this particular combination.
>> 
>>I guess you have something like
>> 
>>local=/swtk.info/ 
>> 
>>and dnsmasq is using this to return NXDOMAIN without checking that it
>>has more specific data for the query in other  types.
>> 
>>As a workaround, removing that configuration should make things work, at
>>the expense of extra trips to the upstream servers.
>> 
>> 
>> Thank you. The problem is that swtk.info  is also
>> declared on .info so (if I understand local= correctly), it would
>> attempt to resolve mqtt.swtk.info  on Internet.
>> Which would fail.
> 
> That's fine. mqtt.swtk.info resolves to NXDOMAIN (at least it does here)
> and when dnsmasq gets that answer back, it will change it into NODATA.
> because it has an A record for mqtt.swtk.info derived from a DHCP
> record. That should be functional in 2.78.
>> 
>> The local=/swtk.info/  and
>> address=/swtk.info/192.168.10.2  combo
>> fixes this.
>>  
>> 
>> 
>>This should already be fixed in the development code: if it's possible
>>for you to run
>>https://thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.86test6.tar.gz
>>
>>that should fix things, and doing so would be a useful test for me.
>> 
>> 
>> Unfortunately, since the dnsmasq binary I use is part of a router, I
>> have no way to use another version. Which, as I realize now, will be a
>> major problem anyway since the issue is not a matter of configuration.
>>  
> 
> This is a major defect in the state of the world. Routers should be
> updated as often and as easily as desktops and laptops, but frequently
> aren't and can't be.
> 
> Cheers,
> 
> Simon.
> 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

UI updates the EdgeRouter firmware quite often, but on the EdgeMAX line of 
devices they tend to be more conservative about updating the underlying 
components (due to being billed as carrier grade devices). e.g. they released 
v2.0.9-hotfix.2 in June and back ported the fixes for DNSMasq for CVE-2021-3448.

UI is much more aggressive on the UniFi (consumer) side of the house, they’ve 
upgraded dnsmasq in their firmware much more often and usually to the latest 
version available (latest firmware on the UDM platform run 2.85).

Just depends on their update strategy for the underlying components. Same with 
operating systems like RHEL, they tend to favor back porting security fixes to 
a specific version instead of upgrading to a whole new release of the component.___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

Re: [Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

Re: [Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

Re: [Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

Re: [Dnsmasq-discuss] [EXTERNAL] Re: Badly formatted "dhcp-boot=" line crashes dnsmsaq 2.85

Re: [Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

Re: [Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

7 matches

Site Navigation

Mail list logo

Footer information