[Dnsmasq-discuss] opcode: QUERY, status: REFUSED

Simon Kelley simon at thekelleys.org.uk
Fri Jan 25 11:46:49 GMT 2008


Carlos Carvalho wrote:
> Mike Wright (mike.wright at mailinator.com) wrote on 22 January 2008 12:24:
>  >Running dnsmasq-2.38-1.fc6.i386.rpm on fedora core 6.
>  >
>  >I'm trying to block adservers.  I think I have the config file setup 
>  >correctly but dnsmasq is not acting as I expect.
>  >
>  >I've made these changes to dnsmasq.conf:
>  >
>  >   interface=lo
>  >   log-queries
>  >   address=/mediaplex.com/127.0.0.1
>  >
>  >iptables is not running on the local machine
>  >
>  >Examples (for brevity only status shown):
>  >
>  >1)  dig @lo www.yahoo.com. any
>  >
>  >       opcode: QUERY, status: NOERROR
>  >
>  >2)  dig @lo mediaplex.com. any
>  >
>  >       opcode: QUERY, status: REFUSED
>  >
>  >3)  dig @dns mediaplex.com. any
>  >
>  >       opcode: QUERY, status: NOERROR
>  >
>  >example 1 acts as expected, passing the query through to the recursive 
>  >name server.
>  >
>  >example 2 should be answered with NOERROR and address 127.0.0.1 but 
>  >instead is refused.
> 
> Hasn't this been corrected in a later version? From the changelog for v2.41:
> 
>       Fix a bug where NXDOMAIN could be returned for a query
>       even if the name's value was known for a different query
>       type. This bug could be prodded with 
>       --local=/domain/ --address=/name.domain/1.2.3.4 
>       An IPv6 query for name.domain would return NXDOMAIN, and
>       not the correct NOERROR. Thanks to Lars Nooden for
>       spotting the bug and Jima for diagnosis of the problem.
> 

It's a different bug, in the same, horrible code.

Fix embodied in dnsmasq-2.41test33.tar.gz

Thanks to all for finding the bug.

BTW, Mike, this only affects ANY queries, I'd expect you adserver
blocking (A queries) to be unaffected.


Cheers,

Simon.



More information about the Dnsmasq-discuss mailing list