[Touch-packages] [Bug 1995260] Re: dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

Miriam España Acebal Wed, 23 Nov 2022 09:40:55 -0800

** Description changed:

  [SRU]
  
  [ Impact ]
  
- Sometimes dnsmasq is incorrectly is returning NODATA instead of
- NXDOMAIN. This can lead to erroneous actions by clients who need to
- determine whether a domain name exists or not.
+ Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN.
+ This can lead to erroneous actions by clients who need to determine
+ whether a domain name exists or not.
  
  [ Test Plan ]
  
  In a focal VM, install dnsmasq (apt install dnsmasq-base) if it wasn't
  installed yet.
  
- 
- #0 Disabling systemd-resolved service and enabling resolution through dnsmasq.
+ #0 Disabling systemd-resolved service and enabling resolution through
+ dnsmasq.
  
  # systemctl disable --now systemd-resolved.service
  # rm -f /etc/resolv.conf
  # cat > /etc/resolv.conf << __EOF__
  nameserver 8.8.8.8
  __EOF__
  # systemctl start dnsmasq.service
- 
  
  #1 Bad case
  
  # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  test.foo has no TXT record
  test.foo has no SRV record
  
  #2 Good case
  
  #2.1 Installing new package
  
  # ls -1 *.deb
  dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq_2.80-1.1ubuntu1.6_all.deb
  
  # dpkg -i *.deb
  (Reading database ... 32073 files and directories currently installed.)
  Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Selecting previously unselected package dnsmasq-utils.
  Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
  Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
  Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
  Processing triggers for man-db (2.9.1-1) ...
  Processing triggers for systemd (245.4-4ubuntu3.18) ...
  
- 
  # dpkg -l | grep dnsmasq
  ii  dnsmasq                        2.80-1.1ubuntu1.6                 all      
    Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-base                   2.80-1.1ubuntu1.6                 amd64    
    Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-utils                  2.80-1.1ubuntu1.6                 amd64    
    Utilities for manipulating DHCP leases
  
  #2.2 Testing OK
  
  # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  
  [ Where problems could occur ]
  
- It correctly changes the program's behaviour in this kind of situation,
- so users that didn't recognize this as an error can see an increment in
- their dns cached records, so, in the end, it's not a problem.
+ It changes the program's behaviour by classifying as NXDOMAIN what used to be 
NODATA in some situations, so if a user had a workaround for this (in the form 
of a script or other kind of automatization) it will probably start to 
malfunction.
+  
+ The last rebuilding of the package for Focal was in May, so if any new 
dependencies or libs have been upgraded on this Ubuntu series this can impact 
the new rebuild.
  
  [ Other Info ]
  
  The patch is applied upstream and originated from a bug filed on Fedora
  side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067
  
  [Original Report]
  ---------------------------------------------------
  We upgraded our openstack containers which host dnsmasq services from bionic 
to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which 
introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.
  
  This is already fixed upstream with the following commit [1].
  
  The Ubuntu dnsmasq 2.80 package should get a backport with a release for
  the focal packages which includes this bug fix.
  
  [1]
  
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10


-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1995260

Title:
  dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

Status in dnsmasq package in Ubuntu:
  Fix Released
Status in dnsmasq source package in Focal:
  In Progress

Bug description:
  [SRU]

  [ Impact ]

  Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN.
  This can lead to erroneous actions by clients who need to determine
  whether a domain name exists or not.

  [ Test Plan ]

  In a focal VM, install dnsmasq (apt install dnsmasq-base) if it wasn't
  installed yet.

  #0 Disabling systemd-resolved service and enabling resolution through
  dnsmasq.

  # systemctl disable --now systemd-resolved.service
  # rm -f /etc/resolv.conf
  # cat > /etc/resolv.conf << __EOF__
  nameserver 8.8.8.8
  __EOF__
  # systemctl start dnsmasq.service

  #1 Bad case

  # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  test.foo has no TXT record
  test.foo has no SRV record

  #2 Good case

  #2.1 Installing new package

  # ls -1 *.deb
  dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq_2.80-1.1ubuntu1.6_all.deb

  # dpkg -i *.deb
  (Reading database ... 32073 files and directories currently installed.)
  Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Selecting previously unselected package dnsmasq-utils.
  Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
  Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
  Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
  Processing triggers for man-db (2.9.1-1) ...
  Processing triggers for systemd (245.4-4ubuntu3.18) ...

  # dpkg -l | grep dnsmasq
  ii  dnsmasq                        2.80-1.1ubuntu1.6                 all      
    Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-base                   2.80-1.1ubuntu1.6                 amd64    
    Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-utils                  2.80-1.1ubuntu1.6                 amd64    
    Utilities for manipulating DHCP leases

  #2.2 Testing OK

  # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)

  [ Where problems could occur ]

  It changes the program's behaviour by classifying as NXDOMAIN what used to be 
NODATA in some situations, so if a user had a workaround for this (in the form 
of a script or other kind of automatization) it will probably start to 
malfunction.
   
  The last rebuilding of the package for Focal was in May, so if any new 
dependencies or libs have been upgraded on this Ubuntu series this can impact 
the new rebuild.

  [ Other Info ]

  The patch is applied upstream and originated from a bug filed on
  Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067

  [Original Report]
  ---------------------------------------------------
  We upgraded our openstack containers which host dnsmasq services from bionic 
to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which 
introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.

  This is already fixed upstream with the following commit [1].

  The Ubuntu dnsmasq 2.80 package should get a backport with a release
  for the focal packages which includes this bug fix.

  [1]
  
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1995260/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1995260] Re: dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

Reply via email to