** Description changed:
[SRU]
[ Impact ]
Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN.
This can lead to erroneous actions by clients who need to determine
whether a domain name exists or not.
[ Test Plan ]
- In a focal VM, install dnsmasq (apt install dnsmasq-base) if it wasn't
+ In a focal VM, install dnsmasq (apt install dnsmasq) if it wasn't
installed yet.
#0 Disabling systemd-resolved service and enabling resolution through
dnsmasq.
# systemctl disable --now systemd-resolved.service
# rm -f /etc/resolv.conf
# cat > /etc/resolv.conf << __EOF__
nameserver 8.8.8.8
__EOF__
# systemctl start dnsmasq.service
#1 Bad case
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 |
tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
test.foo has no TXT record
test.foo has no SRV record
#2 Good case
#2.1 Installing new package
# ls -1 *.deb
dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq_2.80-1.1ubuntu1.6_all.deb
# dpkg -i *.deb
(Reading database ... 32073 files and directories currently installed.)
Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Selecting previously unselected package dnsmasq-utils.
Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.18) ...
# dpkg -l | grep dnsmasq
ii dnsmasq 2.80-1.1ubuntu1.6 all
Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64
Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64
Utilities for manipulating DHCP leases
#2.2 Testing OK
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 |
tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
[ Where problems could occur ]
- It changes the program's behaviour by classifying as NXDOMAIN what used to be
NODATA in some situations, so if a user had a workaround for this (in the form
of a script or other kind of automatization) it will probably start to
malfunction.
-
- The last rebuilding of the package for Focal was in May, so if any new
dependencies or libs have been upgraded on this Ubuntu series this can impact
the new rebuild.
+ It changes the program's behaviour by classifying as NXDOMAIN what used
+ to be NODATA in some situations, so if a user had a workaround for this
+ (in the form of a script or other kind of automatization) it will
+ probably start to malfunction.
+
+ The last rebuilding of the package for Focal was in May, so if any new
+ dependencies or libs have been upgraded on this Ubuntu series this can
+ impact the new rebuild.
[ Other Info ]
The patch is applied upstream and originated from a bug filed on Fedora
side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067
[Original Report]
---------------------------------------------------
We upgraded our openstack containers which host dnsmasq services from bionic
to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which
introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.
This is already fixed upstream with the following commit [1].
The Ubuntu dnsmasq 2.80 package should get a backport with a release for
the focal packages which includes this bug fix.
[1]
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1995260
Title:
dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug
Status in dnsmasq package in Ubuntu:
Fix Released
Status in dnsmasq source package in Focal:
In Progress
Bug description:
[SRU]
[ Impact ]
Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN.
This can lead to erroneous actions by clients who need to determine
whether a domain name exists or not.
[ Test Plan ]
In a focal VM, install dnsmasq (apt install dnsmasq) if it wasn't
installed yet.
#0 Disabling systemd-resolved service and enabling resolution through
dnsmasq.
# systemctl disable --now systemd-resolved.service
# rm -f /etc/resolv.conf
# cat > /etc/resolv.conf << __EOF__
nameserver 8.8.8.8
__EOF__
# systemctl start dnsmasq.service
#1 Bad case
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 |
tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
test.foo has no TXT record
test.foo has no SRV record
#2 Good case
#2.1 Installing new package
# ls -1 *.deb
dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq_2.80-1.1ubuntu1.6_all.deb
# dpkg -i *.deb
(Reading database ... 32073 files and directories currently installed.)
Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Selecting previously unselected package dnsmasq-utils.
Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.18) ...
# dpkg -l | grep dnsmasq
ii dnsmasq 2.80-1.1ubuntu1.6 all
Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64
Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64
Utilities for manipulating DHCP leases
#2.2 Testing OK
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 |
tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
[ Where problems could occur ]
It changes the program's behaviour by classifying as NXDOMAIN what
used to be NODATA in some situations, so if a user had a workaround
for this (in the form of a script or other kind of automatization) it
will probably start to malfunction.
The last rebuilding of the package for Focal was in May, so if any new
dependencies or libs have been upgraded on this Ubuntu series this can
impact the new rebuild.
[ Other Info ]
The patch is applied upstream and originated from a bug filed on
Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067
[Original Report]
---------------------------------------------------
We upgraded our openstack containers which host dnsmasq services from bionic
to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which
introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.
This is already fixed upstream with the following commit [1].
The Ubuntu dnsmasq 2.80 package should get a backport with a release
for the focal packages which includes this bug fix.
[1]
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1995260/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
