[Dnsmasq-discuss] [patch] don't cache NODATA when upstream doesn't support recursion

Simon Kelley simon at thekelleys.org.uk
Fri Apr 6 08:33:20 BST 2012

On 06/04/12 07:35, Ben Winslow wrote:
> Hello,
> After a very confusing ordeal with dnsmasq, I've discovered that it will
> cache a negative result when it does not find an acceptable answer in
> the reply even if the upstream server does not support recursion. This
> is particularly nasty if you're using --server to send some requests to
> a server which does not support recursion, since a CNAME response can
> then poison (well, somewhere between poison and delete) an arbitrary name.

The patch looks sensible, thanks. Will apply next week when I'm back 
from holiday. Sorry for your ordeal, in our defence we never claimed tp 
be able to talk to non-recursive nameservers, do log a very clear 
warning when we try.



More information about the Dnsmasq-discuss mailing list