[Dnsmasq-discuss] Problems using 'split horizon' approach

Dave Ewart davee at ceu.ox.ac.uk
Thu Aug 4 13:29:59 BST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday, 04.08.2005 at 11:55 +0100, Simon Kelley wrote:

> >In /etc/hosts in our dnsmasq host (on the 10.a.b.c network), there is an
> >entry for apollo:
> >
> >10.99.0.2  apollo.ceu.ox.ac.uk apollo smtp.ceu.ox.ac.uk smtp 
> >imap.ceu.ox.ac.uk imap
> 
> >Generally, this works fine, e.g.
> >
> >$ host apollo
> >apollo.ceu.ox.ac.uk has address 10.99.0.2
> >
> >The aliases work properly too:
> >
> >$ host imap
> >imap.ceu.ox.ac.uk has address 10.99.0.2
> >
> >and so on.
> >
> >However, after running live for a few minutes/hours (it varies), the
> >host lookups return the following:
> >
> >$ host apollo
> >apollo.ceu.ox.ac.uk has address 163.1.168.2
> >apollo.ceu.ox.ac.uk has address 10.99.0.2
> >$ host apollo
> >apollo.ceu.ox.ac.uk has address 10.99.0.2
> >apollo.ceu.ox.ac.uk has address 163.1.168.2
> 
> >Clearly, the dnsmasq cache is being 'contaminated' by information from
> >the upstream DNS, but what I don't understand is why that server is even
> >*consulted* for a host which exists in the local /etc/hosts ...
> >
> >Can anyone shed any light on what's going on here?
> 
> There's one scenario which could explain this: Does there exist a CNAME 
> which isn't in /etc/hosts on the dnsmasq machine, but which points to 
> one of the names which is getting "contaminated"? If so then looking up 
> the CNAME will result in the query being forwarded and the result will 
> be the non-shadowed value of the target of the CNAME. That behaviour is 
> actually documented somewhere. The non-shadowed value of the CNAME 
> target shouldn't go into the cache, (I just looked, and the code seems 
> to exist to stop it) so if this then affects subsequent searches then 
> it's a bug which should be fixed.
> 
> The workaround is to add the CNAME to /etc/hosts on the dnsmasq machine, 
> so that it gets answered locally.

Well, I don't *think* that's happening, since there are no
publically-defined CNAMEs which don't also exist in /etc/hosts.  I've
restarted dnsmasq, which clears the 'contamination' and have started
tcpdump on port 53 with a shed load of verbosity, so hopefully I can
find out what requests are making this happen.

> The reason you are seeing the two addresses alternate is so that 
> load-balancing via DNS will work - the order in which multiple A records 
> for the same domain get returned is permuted on every cache lookup.

That makes sense and is as I suspected ...

Cheers,

Dave.
- -- 
Dave Ewart
davee at ceu.ox.ac.uk
Computing Manager, Cancer Epidemiology Unit
Cancer Research UK / Oxford University
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
N 51.7518, W 1.2016
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC8gpHbpQs/WlN43ARArsKAJ0WjQTAh6H9u9PBqwKQSc6qFmoSyACcCLcF
sZRQ0flQEDGa8vUrrD1dqTQ=
=uI8W
-----END PGP SIGNATURE-----



More information about the Dnsmasq-discuss mailing list