[Dnsmasq-discuss] digging SOA records doesn't work

Simon Kelley simon at thekelleys.org.uk
Thu Mar 20 19:53:52 GMT 2008


Vaidotas Kaminskas wrote:
> Hi,
> 
> I'm using version 2.35-1 from debian etch. I cannot dig for SOA records
> while behind dnsmasq:
> 
> 
> # dig soa google.com
> 
> ; <<>> DiG 9.4.2 <<>> soa google.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45820
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;google.com.			IN	SOA
> 
> ;; Query time: 10 msec
> ;; SERVER: 192.168.0.254#53(192.168.0.254)
> ;; WHEN: Thu Mar 20 21:14:45 2008
> ;; MSG SIZE  rcvd: 28
> 
> # 
> 
> 
> 
> While doing this I'm running tcpdump on the dnsmasqing router like this:
> 
> tcpdump -n -i eth0 udp and port 53
> 
> and it shows no activity. The command below, however, does produce the
> packets requesting google.com's SOA in the tcpdump output.
> 
> 
> 
> # dig @88.223.0.1 soa google.com
> 
> ; <<>> DiG 9.4.2 <<>> @88.223.0.1 soa google.com
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39935
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
> 
> ;; QUESTION SECTION:
> ;google.com.			IN	SOA
> 
> ;; ANSWER SECTION:
> google.com.		54201	IN	SOA	ns1.google.com. dns-admin.google.com.
> 2008031700 7200 1800 1209600 300
> 
> ;; AUTHORITY SECTION:
> google.com.		68055	IN	NS	ns1.google.com.
> google.com.		68055	IN	NS	ns2.google.com.
> google.com.		68055	IN	NS	ns3.google.com.
> google.com.		68055	IN	NS	ns4.google.com.
> 
> ;; ADDITIONAL SECTION:
> ns1.google.com.		49703	IN	A	216.239.32.10
> ns2.google.com.		49703	IN	A	216.239.34.10
> ns3.google.com.		49703	IN	A	216.239.36.10
> ns4.google.com.		49703	IN	A	216.239.38.10
> 
> ;; Query time: 10 msec
> ;; SERVER: 88.223.0.1#53(88.223.0.1)
> ;; WHEN: Thu Mar 20 21:22:32 2008
> ;; MSG SIZE  rcvd: 210
> 
> #
> 
> 
> 
> 
> 88.223.0.1 is the DNS server that the router running dnsmasq uses. So it
> seems that dnsmasq isn't even trying to query for SOA records.
> 

Are you using filterwin2k?

-f, --filterwin2k
       Later  versions of windows make periodic DNS requests which don't 
get sensible answers from the
       public DNS and can cause problems by triggering dial-on-demand 
links. This  flag  turns  on  an
       option  to filter such requests. The requests blocked are for 
records of types SOA and SRV, and
       type ANY where the requested name has underscores, to catch LDAP 
requests.


That would explain things.


Simon.

> 
> Regards,
> Vaidotas
> 
> 
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 




More information about the Dnsmasq-discuss mailing list