[Dnsmasq-discuss] issue seems to be fixed
Peter Mattern
matternp at arcor.de
Tue Oct 29 19:47:31 GMT 2013
The problem has indeed gone in 2.68test1.
By the way I meanwhile saw that it can be triggered by any DNS lookup,
e. g. Firefox or whatever, not only by running ssh.
As you said you couldn't quite reproduce I thought maybe I should post
some more verbose logging:
Same conditions as described in my first mail except that I tested against
two upstream nameservers. First one was dnsmasq 2.66 on another
Arch box, second an elderly "FRITZ!Box" completely unaware of IPv6,
the first taking the latter as its upstream nameserver. Not using IPv6
in the LAN.
2.67 (queried right after starting) shows
query[A] foo.bar.invalid from 127.0.0.1
/etc/hosts foo.bar.invalid is 10.1.2.3
query[AAAA] foo.bar.invalid from 127.0.0.1
config foo.bar.invalid is NODATA-IPv6
query[MX] foo.bar.invalid from 127.0.0.1
config foo.bar.invalid is NODATA
query[A] bar.invalid from 127.0.0.1
config bar.invalid is <CNAME>
/etc/hosts foo.bar.invalid is 10.1.2.3
query[AAAA] foo.bar.invalid from 127.0.0.1
config foo.bar.invalid is NODATA-IPv6
query[MX] foo.bar.invalid from 127.0.0.1
config foo.bar.invalid is NODATA
query[A] www.thekelleys.org from 127.0.0.1
forwarded www.thekelleys.org to <IP>
reply ghs.l.google.com is 173.194.70.121
query[AAAA] ghs.l.google.com from 127.0.0.1
forwarded ghs.l.google.com to <IP>
reply ghs.l.google.com is 2a00:1450:4001:c02::79
query[MX] ghs.l.google.com from 127.0.0.1
forwarded ghs.l.google.com to <IP>
query[A] foo.bar.invalid from 127.0.0.1
/etc/hosts foo.bar.invalid is 10.1.2.3
query[AAAA] foo.bar.invalid from 127.0.0.1
config foo.bar.invalid is NODATA-IPv6
query[MX] foo.bar.invalid from 127.0.0.1
config foo.bar.invalid is NODATA
query[A] bar.invalid from 127.0.0.1
config bar.invalid is NXDOMAIN-IPv4
query[A] bar.invalid.<domain> from 127.0.0.1
forwarded bar.invalid.<domain> to <IP>
reply bar.invalid.<domain> is NXDOMAIN-IPv4
The last line could only be seen with the FritzBox as upstream
nameserver.
With 2.68test1 there were no differences in queries one to four, but the
last one was the same as the second. Thus this time both queries of
bar.invalid were the same.
As for security, it's no problem to go on using 2.66 for a while, is it?
Regards.
More information about the Dnsmasq-discuss
mailing list