[Dnsmasq-discuss] Dnsmasq does not cache a authoritative response from upstream ?

Simon Kelley simon at thekelleys.org.uk
Fri Oct 16 22:32:58 BST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Tracing this through the code, it turns out that what's inhibiting
caching is not that the upstream server is authoritative. Rather, the
problem is that it's NOT recursive.

There's even a relevant comment in the code that explains why.

/*
 Don't cache replies from non-recursive nameservers, since we may get a
 reply containing a CNAME but not its target, even though the target
 does exist. */


I guess that it would be possible to finnesse that to only inhibit
caching when the answer does include a CNAME.


Cheers,

Simon.


On 14/10/15 23:35, Akash wrote:
>> So, you're saying that an AA bit in an answer stops dnsmasq from 
>> caching that answer? It's no-trivial for me to test that just
>> now, but I'm not aware of any reason why dnsmasq should behave in
>> that way, and A quick grep of the code shows no obvious use of
>> the AA flag to do _anything_ to do with caching.
> 
> Yes that is what I meant. Its easy to test. When you run this
> command:
> 
> root at noname:~# dnsmasq -h -R -d -q -S 8.8.8.8
> 
> and query the server running above command for yahoo.com, you see
> the following output. As 8.8.8.8 is not authoritative for
> yahoo.com, dnsmasq is caching the results:
> 
> dnsmasq: started, version 2.62 cachesize 150 dnsmasq: compile time
> options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP
> conntrack dnsmasq: using nameserver 8.8.8.8#53 dnsmasq: cleared
> cache dnsmasq: query[A] yahoo.com from 67.222.132.211 dnsmasq:
> forwarded yahoo.com to 8.8.8.8 dnsmasq: reply yahoo.com is
> 206.190.36.45 dnsmasq: reply yahoo.com is 98.138.253.109 dnsmasq:
> reply yahoo.com is 98.139.183.24 dnsmasq: query[A] yahoo.com from
> 67.222.132.211 dnsmasq: cached yahoo.com is 98.139.183.24 dnsmasq:
> cached yahoo.com is 98.138.253.109 dnsmasq: cached yahoo.com is
> 206.190.36.45 dnsmasq: query[A] yahoo.com from 67.222.132.211 
> dnsmasq: cached yahoo.com is 206.190.36.45 dnsmasq: cached
> yahoo.com is 98.139.183.24 dnsmasq: cached yahoo.com is
> 98.138.253.109
> 
> Running same command but instead of 8.8.8.8 using 119.160.247.124
> now which is authoritative for yahoo.com:
> 
> root at noname:~# dnsmasq -h -R -d -q -S 119.160.247.124
> 
> when queries are sent again for yahoo.com, they are always
> forwarded and not cached:
> 
> dnsmasq: started, version 2.62 cachesize 150 dnsmasq: compile time
> options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP
> conntrack dnsmasq: using nameserver 119.160.247.124#53 dnsmasq:
> cleared cache dnsmasq: query[NS] yahoo.com from 67.222.132.211 
> dnsmasq: forwarded yahoo.com to 119.160.247.124 dnsmasq: query[A]
> yahoo.com from 67.222.132.211 dnsmasq: forwarded yahoo.com to
> 119.160.247.124 dnsmasq: reply yahoo.com is 98.139.183.24 dnsmasq:
> reply yahoo.com is 98.138.253.109 dnsmasq: reply yahoo.com is
> 206.190.36.45 dnsmasq: query[A] yahoo.com from 67.222.132.211 
> dnsmasq: forwarded yahoo.com to 119.160.247.124 dnsmasq: reply
> yahoo.com is 98.138.253.109 dnsmasq: reply yahoo.com is
> 206.190.36.45 dnsmasq: reply yahoo.com is 98.139.183.24 dnsmasq:
> query[A] yahoo.com from 67.222.132.211 dnsmasq: forwarded yahoo.com
> to 119.160.247.124 dnsmasq: reply yahoo.com is 98.138.253.109 
> dnsmasq: reply yahoo.com is 206.190.36.45 dnsmasq: reply yahoo.com
> is 98.139.183.24
> 
> -Akash
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJWIW0KAAoJEBXN2mrhkTWiDUUP/3JbbXCPXgL5K4CmUecviAQh
6Ec5s6G/A2qjCFoDe+H+QL5+EI6/ZCp1GIrXo5yLhc5OE2OIGqUs1JQ6J4kdewfM
qxTw6MltOwnXLOUYwiCLlxBRTxLbcO7+7KyEMRoVYTHsscoJTL0K2Hhc0nWHp7iT
gfiaboVGBUiyL3IGXkGfGCXuwtW1eORaOVoZEKE9fWXN2gHDOCj0+29cZwdx0YND
f9WJ2TFruHSmBFKw7fps8s50qsPfzITzDYyolCsPmWrmOFS32wkwETKv/SDFmpJK
EkpXhDemxekibj9nTAN2sqP6G5tPyL3GbF2+IS7Q/c7y6q8s4wA0LLKyzMhIrfj8
l+yoCpaWYa9aBVIylqHDWNBzdUhYUE25wqk+OlHCGO0UvSgRvMRqC51UHy3HA+Dj
sJq9j+Zq9tRLIPb2WB/yIYuMsbIYkHEmH+x99xFWq0BxIhbSvzBk1eoKo+DG5Mu+
pcbRmuFozSObpFHxMgji19Z696SByFc60sSSWgi6ob9fYzvTxGBYV5IdkGbObfFh
k28jzNSpdN988p1po9/p0FbHA7imz1Y1c3HmQmhuHbocuR3vVRd9vT3zRn20Ymjj
iVn4EXfX+0iPO4g21UNC4V6tC0d5M0+wGKE8yOSkKkpPWqgWZ803Wgui4Pzw+ZKy
neb1Ma9n8hc0rhtMnZUU
=tHIT
-----END PGP SIGNATURE-----



More information about the Dnsmasq-discuss mailing list