[Dnsmasq-discuss] No cache for CNAME records that point to the host's address

Janos.Mattyasovszky at bmw.de Janos.Mattyasovszky at bmw.de
Mon Nov 10 12:55:42 GMT 2014


Hi @all!

We are testing dnsmasq as a local DNS cache for our linux hosts, since some of our use-cases rely on asking DNS over the same records dozens of times in a second.

The setup is pretty simple: bound to localhost only, use only the cache, and forward it to our "upstream" DNS servers.

|| # cat dnsmasq.conf
|| resolv-file= /opt/dnsmasq/conf/resolv.conf
|| pid-file= /opt/dnsmasq/run/dnsmasq.pid
||
|| interface=lo
|| listen-address=127.0.0.1
|| port=53
||
|| cache-size=3000
|| max-cache-ttl=300
|| neg-ttl=60
||
|| log-facility= /opt/dnsmasq/log/dnsmasq.log
|| log-queries # enabled for debugging only

We have a host in the lab, that has one IP Address, and a CNAME : 

|| itavm0002test.muc.      3600    IN      CNAME   itavm0002.muc.
|| itavm0002.muc.          3600    IN      A       10.XXX.XXX.102

However, this IP is also included in the /etc/hosts file, that is being read:

|| # grep itavm0002 /etc/hosts
|| 10.XXX.XXX.102   itavm0002.muc   itavm0002.muc   itavm0002

When I ask dnsmasq for a CNAME record (itavm0002test=>itavm0002), it is getting forwarded to the upstream DNS Server, and is returned as a CNAME and the appropriate IP (that also exists in the hosts file).

However, unless I have no-hosts in the config file, this record is never cached:

|| Nov 10 13:25:12 dnsmasq[25200]: started, version 2.72 cachesize 3000
|| Nov 10 13:25:12 dnsmasq[25200]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ip
|| set auth no-DNSSEC loop-detect
|| Nov 10 13:25:12 dnsmasq[25200]: reading /opt/dnsmasq/conf/resolv.conf
|| Nov 10 13:25:12 dnsmasq[25200]: using nameserver 160.XXX.XXX.2#53
|| Nov 10 13:25:12 dnsmasq[25200]: read /etc/hosts - 8 addresses

Querying local hostname with "dig itavm0002.muc" several times: /etc/hosts is consulted and the result is returned:

|| Nov 10 13:25:20 dnsmasq[25200]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:25:20 dnsmasq[25200]: /etc/hosts itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:25:24 dnsmasq[25200]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:25:24 dnsmasq[25200]: /etc/hosts itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:25:26 dnsmasq[25200]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:25:26 dnsmasq[25200]: /etc/hosts itavm0002.muc is 10.XXX.XXX.102

Now I start to query the CNAME record by "dig itavm0002test", that points to the same 10.XXX.XXX.102 IP via the DNS System:

|| Nov 10 13:25:30 dnsmasq[25200]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:25:30 dnsmasq[25200]: forwarded itavm0002test.muc to 160.XXX.XXX.2
|| Nov 10 13:25:30 dnsmasq[25200]: reply itavm0002test.muc is <CNAME>
|| Nov 10 13:25:30 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:25:32 dnsmasq[25200]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:25:32 dnsmasq[25200]: forwarded itavm0002test.muc to 160.XXX.XXX.2
|| Nov 10 13:25:32 dnsmasq[25200]: reply itavm0002test.muc is <CNAME>
|| Nov 10 13:25:32 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:25:36 dnsmasq[25200]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:25:36 dnsmasq[25200]: forwarded itavm0002test.muc to 160.XXX.XXX.2
|| Nov 10 13:25:36 dnsmasq[25200]: reply itavm0002test.muc is <CNAME>
|| Nov 10 13:25:36 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:25:38 dnsmasq[25200]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:25:38 dnsmasq[25200]: forwarded itavm0002test.muc to 160.XXX.XXX.2
|| Nov 10 13:25:38 dnsmasq[25200]: reply itavm0002test.muc is <CNAME>
|| Nov 10 13:25:38 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102

-> No caching is performed.

I can however confirm, that with the option "no-hosts" this is not observed:

|| Nov 10 13:36:20 dnsmasq[26071]: started, version 2.72 cachesize 3000
|| Nov 10 13:36:20 dnsmasq[26071]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ip
|| set auth no-DNSSEC loop-detect
|| Nov 10 13:36:20 dnsmasq[26071]: reading /opt/dnsmasq/conf/resolv.conf
|| Nov 10 13:36:20 dnsmasq[26071]: using nameserver 160.XXX.XXX.2#53
|| Nov 10 13:36:20 dnsmasq[26071]: cleared cache

Now we ask even our own hostname (and FQDN) from the upstream DNS Server, and since we don't use hosts, the first query gets forwarded, the upcoming ones are served from the cache:

|| Nov 10 13:36:26 dnsmasq[26071]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:36:26 dnsmasq[26071]: forwarded itavm0002.muc to 160.XXX.XXX.2
|| Nov 10 13:36:29 dnsmasq[26071]: reply itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:36:29 dnsmasq[26071]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:36:29 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:36:35 dnsmasq[26071]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:36:35 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102

Now we ask the CNAME present in the DNS, and the first is returned from upstream, and the later queries are again served from cache:

|| Nov 10 13:36:39 dnsmasq[26071]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:36:39 dnsmasq[26071]: forwarded itavm0002test.muc to 160.XXX.XXX.2
|| Nov 10 13:36:39 dnsmasq[26071]: reply itavm0002test.muc is <CNAME>
|| Nov 10 13:36:39 dnsmasq[26071]: reply itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:36:41 dnsmasq[26071]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:36:41 dnsmasq[26071]: cached itavm0002test.muc is <CNAME>
|| Nov 10 13:36:41 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:36:42 dnsmasq[26071]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:36:42 dnsmasq[26071]: cached itavm0002test.muc is <CNAME>
|| Nov 10 13:36:42 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102

This however has the problem, that the addresses "localhost" & co. are not resolved properly, since the resolv.conf is only using 127.0.0.1 as the namesever, and this address is not resolvable by the DNS System.

|| Nov 10 13:40:32 dnsmasq[26071]: query[A] localhost from 127.0.0.1
|| Nov 10 13:40:32 dnsmasq[26071]: forwarded localhost to 160.XXX.XXX.2
|| Nov 10 13:40:32 dnsmasq[26071]: reply localhost is NXDOMAIN

If I leave the no-hosts option, this is served from the /etc/hosts file:

|| Nov 10 13:52:19 dnsmasq[26907]: query[A] localhost from 127.0.0.1
|| Nov 10 13:52:19 dnsmasq[26907]: /etc/hosts localhost is 127.0.0.1
|| Nov 10 13:52:19 dnsmasq[26907]: query[AAAA] localhost from 127.0.0.1
|| Nov 10 13:52:19 dnsmasq[26907]: /etc/hosts localhost is ::1

An ugly workaroung would be of course to create a customized hosts file, where one would get rid of the entries of the host, and only keep localhost&co, and provide that with addn-hosts, but I'd not consider that...

I have tested with the latest 2.72.

Could you / someone please confirm and explain this behavior? It this designed to behave like this or is this a bug?

Thanks in advance,

Regards,
Janos Mattyasovszky

-- 
BMW Group
Janos Mattyasovszky
Linux Solutions
FG-941 Unix/Linux Server Infrastructure

Postanschrift:
Bremer Strasse 6
80788 München

Tel: +49-89-382-13280
Mail: janos.mattyasovszky at bmw.de
Web: http://www.bmwgroup.com/
--------------------------------------------------------------------
Bayerische Motoren Werke Aktiengesellschaft
Vorstand: Norbert Reithofer, Vorsitzender,
Milagros Caiña Carreiro-Andree,
Herbert Diess, Klaus Draeger, Friedrich Eichiner,
Harald Krüger, Ian Robertson, Peter Schwarzenbauer.
Vorsitzender des Aufsichtsrats: Joachim Milberg
Sitz und Registergericht: München HRB 42243
--------------------------------------------------------------------




More information about the Dnsmasq-discuss mailing list