[Dnsmasq-discuss] digging SOA records doesn't work
Simon Kelley
simon at thekelleys.org.uk
Thu Mar 20 19:53:52 GMT 2008
Vaidotas Kaminskas wrote:
> Hi,
>
> I'm using version 2.35-1 from debian etch. I cannot dig for SOA records
> while behind dnsmasq:
>
>
> # dig soa google.com
>
> ; <<>> DiG 9.4.2 <<>> soa google.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45820
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;google.com. IN SOA
>
> ;; Query time: 10 msec
> ;; SERVER: 192.168.0.254#53(192.168.0.254)
> ;; WHEN: Thu Mar 20 21:14:45 2008
> ;; MSG SIZE rcvd: 28
>
> #
>
>
>
> While doing this I'm running tcpdump on the dnsmasqing router like this:
>
> tcpdump -n -i eth0 udp and port 53
>
> and it shows no activity. The command below, however, does produce the
> packets requesting google.com's SOA in the tcpdump output.
>
>
>
> # dig @88.223.0.1 soa google.com
>
> ; <<>> DiG 9.4.2 <<>> @88.223.0.1 soa google.com
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39935
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;google.com. IN SOA
>
> ;; ANSWER SECTION:
> google.com. 54201 IN SOA ns1.google.com. dns-admin.google.com.
> 2008031700 7200 1800 1209600 300
>
> ;; AUTHORITY SECTION:
> google.com. 68055 IN NS ns1.google.com.
> google.com. 68055 IN NS ns2.google.com.
> google.com. 68055 IN NS ns3.google.com.
> google.com. 68055 IN NS ns4.google.com.
>
> ;; ADDITIONAL SECTION:
> ns1.google.com. 49703 IN A 216.239.32.10
> ns2.google.com. 49703 IN A 216.239.34.10
> ns3.google.com. 49703 IN A 216.239.36.10
> ns4.google.com. 49703 IN A 216.239.38.10
>
> ;; Query time: 10 msec
> ;; SERVER: 88.223.0.1#53(88.223.0.1)
> ;; WHEN: Thu Mar 20 21:22:32 2008
> ;; MSG SIZE rcvd: 210
>
> #
>
>
>
>
> 88.223.0.1 is the DNS server that the router running dnsmasq uses. So it
> seems that dnsmasq isn't even trying to query for SOA records.
>
Are you using filterwin2k?
-f, --filterwin2k
Later versions of windows make periodic DNS requests which don't
get sensible answers from the
public DNS and can cause problems by triggering dial-on-demand
links. This flag turns on an
option to filter such requests. The requests blocked are for
records of types SOA and SRV, and
type ANY where the requested name has underscores, to catch LDAP
requests.
That would explain things.
Simon.
>
> Regards,
> Vaidotas
>
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list