<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px">The lookup is forwarded to upstream DNS server.  This can be seen in log and also through tcpdump. So even domain-needed is used the lookup leaks to upstream server, and as per this settings it should not.<br><div id="yui_3_16_0_ym19_1_1529573586818_2480"><span></span></div><div id="yui_3_16_0_ym19_1_1529573586818_2481" class="qtdSeparateBR"><br><br></div><div style="display: block;" id="yui_3_16_0_ym19_1_1529573586818_2488" class="yahoo_quoted">  <div id="yui_3_16_0_ym19_1_1529573586818_2487" style="font-family: Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_ym19_1_1529573586818_2486" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_ym19_1_1529573586818_2485" dir="ltr"> <font id="yui_3_16_0_ym19_1_1529573586818_2489" face="Arial" size="2"> <hr id="yui_3_16_0_ym19_1_1529573586818_2907" size="1"> <b><span style="font-weight:bold;">From:</span></b> Geert Stappers <stappers@stappers.nl><br> <b><span style="font-weight: bold;">To:</span></b> dnsmasq-discuss@lists.thekelleys.org.uk <br> <b><span style="font-weight: bold;">Sent:</span></b> Thursday, June 21, 2018 11:20 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Dnsmasq-discuss] domain-needed is ignored<br> </font> </div> <div id="yui_3_16_0_ym19_1_1529573586818_2507" class="y_msg_container"><br>On Thu, Jun 21, 2018 at 06:15:30AM +0000, Spon Spon wrote:<br clear="none">> Hi,<br clear="none">> I have following configuration of dnsmasq:<br clear="none">    ...<br clear="none">> domain-needed<br clear="none">    ...<br clear="none">> <br clear="none">> Because of domain-needed option I expected that host only lookup,<br clear="none">> without domain part will not forwarded to upstream servers (in my case<br clear="none">> 192.168.2.1, but this seems it is not the case.<br clear="none"><br clear="none">Please elaborate "seems"<br clear="none">Is it being polite or only having "forwarded" in logging and no further proof?<div class="yqt1725567842" id="yqtfd14448"><br clear="none"><br clear="none"><br clear="none">> The dnsmasq run on an EdgeRouter and has following version:<br clear="none">> <a shape="rect" ymailto="mailto:root@bucuresti" href="mailto:root@bucuresti">root@bucuresti</a>:/etc# /usr/sbin/dnsmasq --version<br clear="none">> Dnsmasq version 2.78-20-geaeda96  Copyright (c) 2000-2017 Simon Kelley<br clear="none">> Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify<br clear="none">> <br clear="none">> This software comes with ABSOLUTELY NO WARRANTY.<br clear="none">> Dnsmasq is free software, and you are welcome to redistribute it<br clear="none">> under the terms of the GNU General Public License, version 2 or 3.<br clear="none">> <br clear="none">> If I lookup a host with local domain, then the request is not going<br clear="none">> to upstream server. Please see below the logged queries:<br clear="none">> <br clear="none">> Jun 21 09:13:31 dnsmasq[21398]: query[A] rrr from 127.0.0.1<br clear="none">> Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv4<br clear="none">> Jun 21 09:13:31 dnsmasq[21398]: query[AAAA] rrr from 127.0.0.1<br clear="none">> Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv6<br clear="none">> Jun 21 09:13:31 dnsmasq[21398]: query[MX] rrr from 127.0.0.1<br clear="none">> Jun 21 09:13:31 dnsmasq[21398]: forwarded rrr to 192.168.2.1<br clear="none">> Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1<br clear="none">> Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN<br clear="none">> Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1<br clear="none">> Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN<br clear="none">> <br clear="none">> Is this a bug? Is there any configuration missing? I expected that<br clear="none">> rrr lookup wil not be forwarded to upstream server (192.168.2.1)</div><br clear="none">> <br clear="none"><br clear="none">Dnsmasq manual pages says<br clear="none"><br clear="none">   -D, --domain-needed<br clear="none">      Tells dnsmasq to never forward A or AAAA queries for plain names,<br clear="none">      without dots or domain  parts,  to upstream  nameservers. If<br clear="none">      the name is not known from /etc/hosts or DHCP then a "not found"<br clear="none">      answer is returned.<br clear="none"><br clear="none">So it would prevent the cost of a dail-out connection.<br clear="none"><br clear="none"><br clear="none">  .....  local testing .....<br clear="none"><br clear="none"><br clear="none">Jun 21 09:41:14 weiss dnsmasq[24942]: query[MX] inertia from 172.24.0.36<br clear="none">Jun 21 09:41:14 weiss dnsmasq[24942]: forwarded inertia to 172.24.0.10<br clear="none"><br clear="none">That un-expected, due 'domain-needed', forward is visible with tcpdump<br clear="none">at my upstream DNS     :-(<br clear="none"><br clear="none"><br clear="none">Groeten<br clear="none">Geert Stappers<br clear="none">-- <br clear="none">Leven en laten leven<br clear="none"><br clear="none">_______________________________________________<br clear="none">Dnsmasq-discuss mailing list<br clear="none"><a shape="rect" ymailto="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br clear="none"><a shape="rect" href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" target="_blank">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br><br></div> </div> </div>  </div></div></body></html>