[Dnsmasq-discuss] TCP queries are refused if upstream server is specified with interface

Geert Stappers stappers at hendrikx-itc.nl
Fri Sep 13 12:54:28 BST 2019


On 13-09-2019 13:00, Tore Anderson wrote:

> Start out with the following /etc/dnsmasq.conf, replacing «wlp2s0» as appropriate:
>
> log-queries
> no-hosts
> no-resolv
> server=1.1.1.1 at wlp2s0
>
> Start Dnsmasq and send it a TCP query:
>
> $ src/dnsmasq -d -p 5333
> dnsmasq: started, version 2.80-72-ge24abf2 cachesize 150
> dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify dumpfile
> dnsmasq: using nameserver 1.1.1.1#53(via wlp2s0)
> dnsmasq: cleared cache
>
> $ dig @127.0.0.1 -p 5333 fud.no A +vc | grep HEADER
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 2916
>
> Output from Dnsmasq following the above query:
>
> dnsmasq: query[A] fud.no from 127.0.0.1
> dnsmasq: config error is REFUSED
>
> It makes no attempt to contact the upstream server.
>
> If I remove «@wlp2s0» from the server config, it works fine.
To me does that read:  wlp2s0 can not reach  1.1.1.1
> A practical consequence of this bug is that I cannot resolve any domain names under *.org with DNSSEC enabled. The initial UDP query results in a truncated answer, so libc/dig retries in TCP mode and fails.
>
> Note that NetworkManager automatically configures the upstream DNS servers with a specific interface via D-Bus, this behaviour appears hard-coded.

FWIW:  I have also exprienced that NetworkManager can be quite dominate.


Regards

Geert Stappers





More information about the Dnsmasq-discuss mailing list