<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>The manual states that A and AAAA records won't be forwarded.
Both of your examples were forwarding MX record requests.<br>
</p>
<br>
On 2018-06-21 5:34 AM, Spon Spon wrote:<br>
<blockquote type="cite"
cite="mid:730061011.228399.1529573694754@mail.yahoo.com">
<div style="color:#000; background-color:#fff;
font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande,
sans-serif;font-size:16px">The lookup is forwarded to upstream
DNS server. This can be seen in log and also through tcpdump.
So even domain-needed is used the lookup leaks to upstream
server, and as per this settings it should not.<br>
<div id="yui_3_16_0_ym19_1_1529573586818_2480"><span></span></div>
<div id="yui_3_16_0_ym19_1_1529573586818_2481"
class="qtdSeparateBR"><br>
<br>
</div>
<div style="display: block;"
id="yui_3_16_0_ym19_1_1529573586818_2488" class="yahoo_quoted">
<div id="yui_3_16_0_ym19_1_1529573586818_2487"
style="font-family: Helvetica Neue, Helvetica, Arial, Lucida
Grande, sans-serif; font-size: 16px;">
<div id="yui_3_16_0_ym19_1_1529573586818_2486"
style="font-family: HelveticaNeue, Helvetica Neue,
Helvetica, Arial, Lucida Grande, sans-serif; font-size:
16px;">
<div id="yui_3_16_0_ym19_1_1529573586818_2485" dir="ltr">
<font id="yui_3_16_0_ym19_1_1529573586818_2489"
face="Arial" size="2">
<hr id="yui_3_16_0_ym19_1_1529573586818_2907" size="1">
<b><span style="font-weight:bold;">From:</span></b>
Geert Stappers <a class="moz-txt-link-rfc2396E" href="mailto:stappers@stappers.nl"><stappers@stappers.nl></a><br>
<b><span style="font-weight: bold;">To:</span></b>
<a class="moz-txt-link-abbreviated" href="mailto:dnsmasq-discuss@lists.thekelleys.org.uk">dnsmasq-discuss@lists.thekelleys.org.uk</a> <br>
<b><span style="font-weight: bold;">Sent:</span></b>
Thursday, June 21, 2018 11:20 AM<br>
<b><span style="font-weight: bold;">Subject:</span></b>
Re: [Dnsmasq-discuss] domain-needed is ignored<br>
</font> </div>
<div id="yui_3_16_0_ym19_1_1529573586818_2507"
class="y_msg_container"><br>
On Thu, Jun 21, 2018 at 06:15:30AM +0000, Spon Spon
wrote:<br clear="none">
> Hi,<br clear="none">
> I have following configuration of dnsmasq:<br
clear="none">
...<br clear="none">
> domain-needed<br clear="none">
...<br clear="none">
> <br clear="none">
> Because of domain-needed option I expected that
host only lookup,<br clear="none">
> without domain part will not forwarded to upstream
servers (in my case<br clear="none">
> 192.168.2.1, but this seems it is not the case.<br
clear="none">
<br clear="none">
Please elaborate "seems"<br clear="none">
Is it being polite or only having "forwarded" in logging
and no further proof?
<div class="yqt1725567842" id="yqtfd14448"><br
clear="none">
<br clear="none">
<br clear="none">
> The dnsmasq run on an EdgeRouter and has
following version:<br clear="none">
> <a shape="rect" ymailto="mailto:root@bucuresti"
href="mailto:root@bucuresti" moz-do-not-send="true">root@bucuresti</a>:/etc#
/usr/sbin/dnsmasq --version<br clear="none">
> Dnsmasq version 2.78-20-geaeda96 Copyright (c)
2000-2017 Simon Kelley<br clear="none">
> Compile time options: IPv6 GNU-getopt DBus i18n
IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth
DNSSEC loop-detect inotify<br clear="none">
> <br clear="none">
> This software comes with ABSOLUTELY NO WARRANTY.<br
clear="none">
> Dnsmasq is free software, and you are welcome to
redistribute it<br clear="none">
> under the terms of the GNU General Public
License, version 2 or 3.<br clear="none">
> <br clear="none">
> If I lookup a host with local domain, then the
request is not going<br clear="none">
> to upstream server. Please see below the logged
queries:<br clear="none">
> <br clear="none">
> Jun 21 09:13:31 dnsmasq[21398]: query[A] rrr from
127.0.0.1<br clear="none">
> Jun 21 09:13:31 dnsmasq[21398]: config rrr is
NODATA-IPv4<br clear="none">
> Jun 21 09:13:31 dnsmasq[21398]: query[AAAA] rrr
from 127.0.0.1<br clear="none">
> Jun 21 09:13:31 dnsmasq[21398]: config rrr is
NODATA-IPv6<br clear="none">
> Jun 21 09:13:31 dnsmasq[21398]: query[MX] rrr
from 127.0.0.1<br clear="none">
> Jun 21 09:13:31 dnsmasq[21398]: forwarded rrr to
192.168.2.1<br clear="none">
> Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b
from 127.0.0.1<br clear="none">
> Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is
NXDOMAIN<br clear="none">
> Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b
from 127.0.0.1<br clear="none">
> Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is
NXDOMAIN<br clear="none">
> <br clear="none">
> Is this a bug? Is there any configuration
missing? I expected that<br clear="none">
> rrr lookup wil not be forwarded to upstream
server (192.168.2.1)</div>
<br clear="none">
> <br clear="none">
<br clear="none">
Dnsmasq manual pages says<br clear="none">
<br clear="none">
-D, --domain-needed<br clear="none">
Tells dnsmasq to never forward A or AAAA queries
for plain names,<br clear="none">
without dots or domain parts, to upstream
nameservers. If<br clear="none">
the name is not known from /etc/hosts or DHCP then
a "not found"<br clear="none">
answer is returned.<br clear="none">
<br clear="none">
So it would prevent the cost of a dail-out connection.<br
clear="none">
<br clear="none">
<br clear="none">
..... local testing .....<br clear="none">
<br clear="none">
<br clear="none">
Jun 21 09:41:14 weiss dnsmasq[24942]: query[MX] inertia
from 172.24.0.36<br clear="none">
Jun 21 09:41:14 weiss dnsmasq[24942]: forwarded inertia
to 172.24.0.10<br clear="none">
<br clear="none">
That un-expected, due 'domain-needed', forward is
visible with tcpdump<br clear="none">
at my upstream DNS :-(<br clear="none">
<br clear="none">
<br clear="none">
Groeten<br clear="none">
Geert Stappers<br clear="none">
-- <br clear="none">
Leven en laten leven<br clear="none">
<br clear="none">
_______________________________________________<br
clear="none">
Dnsmasq-discuss mailing list<br clear="none">
<a shape="rect"
ymailto="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk"
href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk"
moz-do-not-send="true">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br
clear="none">
<a shape="rect"
href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss"
target="_blank" moz-do-not-send="true">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
<br>
</div>
</div>
</div>
</div>
</div>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Dnsmasq-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk">Dnsmasq-discuss@lists.thekelleys.org.uk</a>
<a class="moz-txt-link-freetext" href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daryl Richards
Isle Technical Services Inc.</pre>
</body>
</html>