[Dnsmasq-discuss] Dnsmasq doesn't reply to queries made over (link-local) IPv6

Toke Høiland-Jørgensen toke at toke.dk
Sun Sep 4 12:14:30 BST 2016


Simon Kelley <simon at thekelleys.org.uk> writes:

> OK, naive attempts to reproduce this have failed entirely, it just works
> for me :-)
>
> Can you run dnsmasq under strace -e trace=network and see what syscalls
> it makes, specifically, if it's calling sendmsg() with the reply?
>
> This is what I see, not that sin6_scope_id is correct in both calls.
>
> recvmsg(6, {msg_name(28)={sa_family=AF_INET6, sin6_port=htons(40524),
> inet_pton(AF_INET6, "fe80::224:d6ff:feb0:75a2", &sin6_addr),
> sin6_flowinfo=0, sin6_scope_id=if_nametoindex("wlan0")},
> msg_iov(1)=[{"?9\1
> \0\1\0\0\0\0\0\1\3mit\3edu\0\0\1\0\1\0\0)\20\0\0\0"..., 4096}],
> msg_controllen=40, {cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=, ...},
> msg_flags=0}, 0) = 36
> dnsmasq: query[A] mit.edu from fe80::224:d6ff:feb0:75a2
> dnsmasq: cached mit.edu is 104.64.165.212
> sendmsg(6, {msg_name(28)={sa_family=AF_INET6, sin6_port=htons(40524),
> inet_pton(AF_INET6, "fe80::224:d6ff:feb0:75a2", &sin6_addr),
> sin6_flowinfo=0, sin6_scope_id=if_nametoindex("wlan0")},
> msg_iov(1)=[{"?9\201\200\0\1\0\1\0\0\0\1\3mit\3edu\0\0\1\0\1\300\f\0\1\0\1\0"...,
> 52}], msg_controllen=36, {cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=,
> ...}, msg_flags=0}, 0) = 52

I see something similar:

recvmsg(10, {msg_name={sa_family=AF_INET6, sin6_port=htons(50214), inet_pton(AF_INET6, "fe80::c23f:d5ff:fe62:22ac", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=if_nametoindex("eth1.1")}, msg_namelen=28, msg_iov=[{iov_base="\243\307\1\0\0\1\0\0\0\0\0\0\6google\3com\0\0\1\0\1", iov_len=4096}], msg_iovlen=1, msg_control=[{cmsg_len=32, cmsg_level=SOL_IPV6, cmsg_type=0x32}], msg_controllen=32, msg_flags=0}, 0) = 28
dnsmasq: query[A] google.com from fe80::c23f:d5ff:fe62:22ac
socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 16
bind(16, {sa_family=AF_INET6, sin6_port=htons(25784), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = 0
sendto(16, "%\316\1\0\0\1\0\0\0\0\0\1\6google\3com\0\0\1\0\1\0\0)\20"..., 39, 0, {sa_family=AF_INET6, sin6_port=htons(5333), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = 39
dnsmasq: forwarded google.com to ::1
recvfrom(16, "%\316\201\200\0\1\0\6\0\0\0\1\6google\3com\0\0\1\0\1\300\f\0\1"..., 5131, 0, {sa_family=AF_INET6, sin6_port=htons(5333), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, [28]) = 135
dnsmasq: dnssec-query[DS] com to ::1
socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 17
bind(17, {sa_family=AF_INET6, sin6_port=htons(18533), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = 0
sendto(17, "B0\1\0\0\1\0\0\0\0\0\1\3com\0\0+\0\1\0\0)\20\0\0\0\200\0\0\0", 32, 0, {sa_family=AF_INET6, sin6_port=htons(5333), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = 32
recvfrom(17, "B0\201\200\0\1\0\2\0\0\0\1\3com\0\0+\0\1\300\f\0+\0\1\0\1Q\200\0"..., 5131, 0, {sa_family=AF_INET6, sin6_port=htons(5333), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, [28]) = 239
dnsmasq: reply com is DS keytag 30909, algo 8, digest 2
dnsmasq: dnssec-query[DS] google.com to ::1
socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 17
bind(17, {sa_family=AF_INET6, sin6_port=htons(60387), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = 0
sendto(17, "\6s\1\0\0\1\0\0\0\0\0\1\6google\3com\0\0+\0\1\0\0)\20"..., 39, 0, {sa_family=AF_INET6, sin6_port=htons(5333), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = 39
recvfrom(17, "\6s\201\200\0\1\0\0\0\6\0\1\6google\3com\0\0+\0\1 CK0"..., 5131, 0, {sa_family=AF_INET6, sin6_port=htons(5333), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, [28]) = 760
dnsmasq: dnssec-query[DNSKEY] com to ::1
socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 18
bind(18, {sa_family=AF_INET6, sin6_port=htons(19389), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = 0
sendto(18, "V\252\1\0\0\1\0\0\0\0\0\1\3com\0\0000\0\1\0\0)\20\0\0\0\200\0\0\0", 32, 0, {sa_family=AF_INET6, sin6_port=htons(5333), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = 32
recvfrom(18, "V\252\201\200\0\1\0\3\0\0\0\1\3com\0\0000\0\1\300\f\0000\0\1\0\1P>\0"..., 5131, 0, {sa_family=AF_INET6, sin6_port=htons(5333), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, [28]) = 743
dnsmasq: reply com is DNSKEY keytag 27452, algo 8
dnsmasq: reply com is DNSKEY keytag 30909, algo 8
dnsmasq: reply google.com is no DS
dnsmasq: validation result is INSECURE
dnsmasq: reply google.com is 173.194.222.139
dnsmasq: reply google.com is 173.194.222.138
dnsmasq: reply google.com is 173.194.222.113
dnsmasq: reply google.com is 173.194.222.100
dnsmasq: reply google.com is 173.194.222.101
dnsmasq: reply google.com is 173.194.222.102
sendmsg(10, {msg_name={sa_family=AF_INET6, sin6_port=htons(50214), inet_pton(AF_INET6, "fe80::c23f:d5ff:fe62:22ac", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=if_nametoindex("eth1.1")}, msg_namelen=28, msg_iov=[{iov_base="\243\307\201\200\0\1\0\6\0\0\0\0\6google\3com\0\0\1\0\1\300\f\0\1"..., iov_len=124}], msg_iovlen=1, msg_control=[{cmsg_len=32, cmsg_level=SOL_IPV6, cmsg_type=0x32}], msg_controllen=32, msg_flags=0}, 0) = 124


... but nothing shows up on eth1.1, even when running tcpdump on the
same box as dnsmasq is on.

-Toke



More information about the Dnsmasq-discuss mailing list