[Dnsmasq-discuss] Dnsmasq-discuss Digest, Vol 170, Issue 5

Jayke Peters jaykepeters at gmail.com
Thu Jul 18 01:33:08 BST 2019 

Can you please unsubscribe me from your mailing list?

Thanks!

On Tue, Jul 9, 2019 at 6:05 AM <
dnsmasq-discuss-request at lists.thekelleys.org.uk> wrote:

> Send Dnsmasq-discuss mailing list submissions to
>         dnsmasq-discuss at lists.thekelleys.org.uk
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> or, via email, send a message with subject or body 'help' to
>         dnsmasq-discuss-request at lists.thekelleys.org.uk
>
> You can reach the person managing the list at
>         dnsmasq-discuss-owner at lists.thekelleys.org.uk
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Dnsmasq-discuss digest..."
>
>
> Today's Topics:
>
>    1. Improvement: new disabled logging facility (Alexandre Besnard)
>    2. REFUSED PTR queries without recursion desired (Chiang Fong Lee)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 8 Jul 2019 14:51:17 +0200
> From: Alexandre Besnard <alexandre.besnard at softathome.com>
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: [Dnsmasq-discuss] Improvement: new disabled logging facility
> Message-ID: <17175a23-0175-99ba-c3c3-80ab2943e993 at softathome.com>
> Content-Type: text/plain; charset=utf-8; format=flowed
>
> Hello everyone,
>
> here is an improvement proposal for logs, which I may implement if it
> makes sense.
>
>
> As I understand it, disabling logs for dnsmasq is usually done by
> disabling the log-queries, whatever the selected facility.
>
> As far as I looked into the code, there is no 'no output' facility to
> select.
>
> Would it make sense to add such a facility, which entirely disables
> logging when selected?
>
> In my opinion, that would make the 'no logging' wish a bit clearer and
> cleaner (it may even gain a tiny little bit of performance?), with a
> pretty simple implementation.
>
>
> Thanks for your opinion,
>
>
> Alexandre
>
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 9 Jul 2019 18:24:30 +0800
> From: Chiang Fong Lee <myself at cflee.net>
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: [Dnsmasq-discuss] REFUSED PTR queries without recursion
>         desired
> Message-ID: <7F61687A-4B32-44D3-9BA2-AA11700B517E at cflee.net>
> Content-Type: text/plain;       charset=utf-8
>
> Hello,
>
> I?m having some trouble getting dnsmasq to respond to PTR queries without
> recursion desired, even when authoritative mode is enabled.
>
> Given the following config:
> domain-needed
> bogus-priv
> no-resolv
> no-hosts
> port=10053
> server=/example.com/
> log-queries
> host-record=host1.example.com,10.2.3.4
>
> Observed results:
> Query host1.example.com A (with recursion) - NOERROR, returns answer
> Query host1.example.com A (without recursion) - REFUSED
> Query 4.3.2.10.in-addr.arpa PTR (with recursion) - NOERROR, returns answer
> Query 4.3.2.10.in-addr.arpa PTR (without recursion) - REFUSED
>
> Given the above config, plus the following two lines to enable
> authoritative mode:
> auth-server=ns1.example.com
> auth-zone=example.com,10.0.0.0/8
>
> Observed results:
> Query host1.example.com A (with recursion) - NOERROR, returns answer
> Query host1.example.com A (without recursion) - NOERROR, returns answer
> Query 4.3.2.10.in-addr.arpa PTR (with recursion) - NOERROR, returns answer
> Query 4.3.2.10.in-addr.arpa PTR (without recursion) - REFUSED
>
> Expected results:
> Enabling auth mode for the zone, and specifying the subnet, would result
> in the last PTR query being accepted instead of refused.
>
> The log lines seen when the REFUSED occurs are:
> dnsmasq_1  | Jul  9 09:42:06 dnsmasq[1]: query[PTR] 4.3.2.10.in-addr.arpa
> from 172.19.0.1
> dnsmasq_1  | Jul  9 09:42:06 dnsmasq[1]: config error is REFUSED
>
> Version info:
> Dnsmasq version 2.80  Copyright (c) 2000-2018 Simon Kelley
> Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6
> no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dumpfile
>
> I was looking through the source and I?m guessing that PTR queries don?t
> ever trigger the auth zone path, since the query ends in ?in-addr.arpa?
> instead of the auth-zone domain like ?example.com?. Once it reaches the
> regular answer_request path, it immediately returns since the RD flag is
> not set, without checking host-records, and proceeds to forward the query
> instead.
>
> Is this intended behaviour? The 2.79 CHANGELOG states that this
> always-SERVFAIL (or forward, in 2.80) behaviour for queries without
> recursion desired should always happen ?UNLESS acting as an authoritative
> DNS server?, without a caveat that it only works for non-reverse DNS
> queries.
>
> Thanks,
> Chiang Fong
>
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
> ------------------------------
>
> End of Dnsmasq-discuss Digest, Vol 170, Issue 5
> ***********************************************
>
-- 
Jayke Peters
jaykepeters at gmail.com
+1 (320) 428-0505
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20190717/3e44b742/attachment.html>

More information about the Dnsmasq-discuss mailing list