[Dnsmasq-discuss] issue seems to be fixed

Simon Kelley simon at thekelleys.org.uk
Wed Oct 30 12:05:34 GMT 2013


On 29/10/13 19:47, Peter Mattern wrote:
> The problem has indeed gone in 2.68test1.
>
> By the way I meanwhile saw that it can be triggered by any DNS lookup,
> e. g. Firefox or whatever, not only by running ssh.
>
> As you said you couldn't quite reproduce I thought maybe I should post
> some more verbose logging:
> Same conditions as described in my first mail except that I tested against
> two upstream nameservers. First one was dnsmasq 2.66 on another
> Arch box, second an elderly "FRITZ!Box" completely unaware of IPv6,
> the first taking the latter as its upstream nameserver. Not using IPv6
> in the LAN.
>
> 2.67 (queried right after starting) shows
>
> query[A] foo.bar.invalid from 127.0.0.1
> /etc/hosts foo.bar.invalid is 10.1.2.3
> query[AAAA] foo.bar.invalid from 127.0.0.1
> config foo.bar.invalid is NODATA-IPv6
> query[MX] foo.bar.invalid from 127.0.0.1
> config foo.bar.invalid is NODATA
>
> query[A] bar.invalid from 127.0.0.1
> config bar.invalid is <CNAME>
> /etc/hosts foo.bar.invalid is 10.1.2.3
> query[AAAA] foo.bar.invalid from 127.0.0.1
> config foo.bar.invalid is NODATA-IPv6
> query[MX] foo.bar.invalid from 127.0.0.1
> config foo.bar.invalid is NODATA
>
> query[A] www.thekelleys.org from 127.0.0.1
> forwarded www.thekelleys.org to <IP>
> reply ghs.l.google.com is 173.194.70.121
> query[AAAA] ghs.l.google.com from 127.0.0.1
> forwarded ghs.l.google.com to <IP>
> reply ghs.l.google.com is 2a00:1450:4001:c02::79
> query[MX] ghs.l.google.com from 127.0.0.1
> forwarded ghs.l.google.com to <IP>
>
> query[A] foo.bar.invalid from 127.0.0.1
> /etc/hosts foo.bar.invalid is 10.1.2.3
> query[AAAA] foo.bar.invalid from 127.0.0.1
> config foo.bar.invalid is NODATA-IPv6
> query[MX] foo.bar.invalid from 127.0.0.1
> config foo.bar.invalid is NODATA
>
> query[A] bar.invalid from 127.0.0.1
> config bar.invalid is NXDOMAIN-IPv4
> query[A] bar.invalid.<domain> from 127.0.0.1
> forwarded bar.invalid.<domain> to <IP>
> reply bar.invalid.<domain> is NXDOMAIN-IPv4
>
> The last line could only be seen with the FritzBox as upstream
> nameserver.
> With 2.68test1 there were no differences in queries one to four, but the
> last one was the same as the second. Thus this time both queries of
> bar.invalid were the same.


OK, I've diagnosed the problem right and fixed it. Many thanks.
>
> As for security, it's no problem to go on using 2.66 for a while, is it?
>

No known security problems in 2.66. This is a bad enough bug to make me 
want to release 2.68 soonish, but I'll see wait a while to see if 
anything else turns up first.


Cheers,

Simon.




More information about the Dnsmasq-discuss mailing list