[Dnsmasq-discuss] Authorized DNS served by dnsmasq is not recognized by third-parties resolvers

Nicholas Guriev guriev-ns at ya.ru
Sat Jul 18 11:38:40 BST 2020


I have investigated the issue deeper and discovered that dnsmasq does
not set the "Authority Answer" bit in its replies, and so some resolvers
do not accept such responses. Then I have modified dnsmasq
source so
that it always returns the AA bit, and the problem gone, all resolvers
that I tested, give right demo IP.

I just commented out authority check in answer_auth(). This should not
be considered as a complete solution, treat this as an illustration.
Unfortunately, I do not get how the auth, the local_auth and the
local_query flags effect on each other, and so I can not prepare a
better patch. And I hope someone will offer a real fix of the issue with
authority mode for dnsmasq.

diff -Nru dnsmasq-2.81/src/auth.c dnsmasq-2.82~rc1/src/auth.c
--- dnsmasq-2.81/src/auth.c·    2020-04-08 20:33:15.000000000 +0300
+++ dnsmasq-2.82~rc1/src/auth.c·2020-07-17 12:43:21.000000000 +0300
@@ -844,7 +844,7 @@
   header->hb4 &= ~HB4_AD;
·
   /* authoritative */
-  if (auth)
+  //if (auth)
     header->hb3 |= HB3_AA;
···
   /* truncation */

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20200718/e6255744/attachment.sig>


More information about the Dnsmasq-discuss mailing list