<div><div dir="auto">Can you please unsubscribe me from your mailing list? </div></div><div dir="auto"><br></div><div dir="auto">Thanks! </div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jul 9, 2019 at 6:05 AM <<a href="mailto:dnsmasq-discuss-request@lists.thekelleys.org.uk">dnsmasq-discuss-request@lists.thekelleys.org.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send Dnsmasq-discuss mailing list submissions to<br>
<a href="mailto:dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:dnsmasq-discuss-request@lists.thekelleys.org.uk" target="_blank">dnsmasq-discuss-request@lists.thekelleys.org.uk</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:dnsmasq-discuss-owner@lists.thekelleys.org.uk" target="_blank">dnsmasq-discuss-owner@lists.thekelleys.org.uk</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Dnsmasq-discuss digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Improvement: new disabled logging facility (Alexandre Besnard)<br>
2. REFUSED PTR queries without recursion desired (Chiang Fong Lee)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Mon, 8 Jul 2019 14:51:17 +0200<br>
From: Alexandre Besnard <<a href="mailto:alexandre.besnard@softathome.com" target="_blank">alexandre.besnard@softathome.com</a>><br>
To: <a href="mailto:dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
Subject: [Dnsmasq-discuss] Improvement: new disabled logging facility<br>
Message-ID: <<a href="mailto:17175a23-0175-99ba-c3c3-80ab2943e993@softathome.com" target="_blank">17175a23-0175-99ba-c3c3-80ab2943e993@softathome.com</a>><br>
Content-Type: text/plain; charset=utf-8; format=flowed<br>
<br>
Hello everyone,<br>
<br>
here is an improvement proposal for logs, which I may implement if it <br>
makes sense.<br>
<br>
<br>
As I understand it, disabling logs for dnsmasq is usually done by <br>
disabling the log-queries, whatever the selected facility.<br>
<br>
As far as I looked into the code, there is no 'no output' facility to <br>
select.<br>
<br>
Would it make sense to add such a facility, which entirely disables <br>
logging when selected?<br>
<br>
In my opinion, that would make the 'no logging' wish a bit clearer and <br>
cleaner (it may even gain a tiny little bit of performance?), with a <br>
pretty simple implementation.<br>
<br>
<br>
Thanks for your opinion,<br>
<br>
<br>
Alexandre<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Tue, 9 Jul 2019 18:24:30 +0800<br>
From: Chiang Fong Lee <<a href="mailto:myself@cflee.net" target="_blank">myself@cflee.net</a>><br>
To: <a href="mailto:dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
Subject: [Dnsmasq-discuss] REFUSED PTR queries without recursion<br>
desired<br>
Message-ID: <<a href="mailto:7F61687A-4B32-44D3-9BA2-AA11700B517E@cflee.net" target="_blank">7F61687A-4B32-44D3-9BA2-AA11700B517E@cflee.net</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
Hello,<br>
<br>
I?m having some trouble getting dnsmasq to respond to PTR queries without recursion desired, even when authoritative mode is enabled.<br>
<br>
Given the following config:<br>
domain-needed<br>
bogus-priv<br>
no-resolv<br>
no-hosts<br>
port=10053<br>
server=/<a href="http://example.com/" rel="noreferrer" target="_blank">example.com/</a><br>
log-queries<br>
host-record=<a href="http://host1.example.com" rel="noreferrer" target="_blank">host1.example.com</a>,10.2.3.4<br>
<br>
Observed results:<br>
Query <a href="http://host1.example.com" rel="noreferrer" target="_blank">host1.example.com</a> A (with recursion) - NOERROR, returns answer<br>
Query <a href="http://host1.example.com" rel="noreferrer" target="_blank">host1.example.com</a> A (without recursion) - REFUSED<br>
Query 4.3.2.10.in-addr.arpa PTR (with recursion) - NOERROR, returns answer<br>
Query 4.3.2.10.in-addr.arpa PTR (without recursion) - REFUSED<br>
<br>
Given the above config, plus the following two lines to enable authoritative mode:<br>
auth-server=<a href="http://ns1.example.com" rel="noreferrer" target="_blank">ns1.example.com</a><br>
auth-zone=<a href="http://example.com" rel="noreferrer" target="_blank">example.com</a>,<a href="http://10.0.0.0/8" rel="noreferrer" target="_blank">10.0.0.0/8</a><br>
<br>
Observed results:<br>
Query <a href="http://host1.example.com" rel="noreferrer" target="_blank">host1.example.com</a> A (with recursion) - NOERROR, returns answer<br>
Query <a href="http://host1.example.com" rel="noreferrer" target="_blank">host1.example.com</a> A (without recursion) - NOERROR, returns answer<br>
Query 4.3.2.10.in-addr.arpa PTR (with recursion) - NOERROR, returns answer<br>
Query 4.3.2.10.in-addr.arpa PTR (without recursion) - REFUSED<br>
<br>
Expected results:<br>
Enabling auth mode for the zone, and specifying the subnet, would result in the last PTR query being accepted instead of refused.<br>
<br>
The log lines seen when the REFUSED occurs are:<br>
dnsmasq_1 | Jul 9 09:42:06 dnsmasq[1]: query[PTR] 4.3.2.10.in-addr.arpa from 172.19.0.1<br>
dnsmasq_1 | Jul 9 09:42:06 dnsmasq[1]: config error is REFUSED<br>
<br>
Version info:<br>
Dnsmasq version 2.80 Copyright (c) 2000-2018 Simon Kelley<br>
Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dumpfile<br>
<br>
I was looking through the source and I?m guessing that PTR queries don?t ever trigger the auth zone path, since the query ends in ?in-addr.arpa? instead of the auth-zone domain like ?<a href="http://example.com" rel="noreferrer" target="_blank">example.com</a>?. Once it reaches the regular answer_request path, it immediately returns since the RD flag is not set, without checking host-records, and proceeds to forward the query instead.<br>
<br>
Is this intended behaviour? The 2.79 CHANGELOG states that this always-SERVFAIL (or forward, in 2.80) behaviour for queries without recursion desired should always happen ?UNLESS acting as an authoritative DNS server?, without a caveat that it only works for non-reverse DNS queries.<br>
<br>
Thanks,<br>
Chiang Fong<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
<br>
<br>
------------------------------<br>
<br>
End of Dnsmasq-discuss Digest, Vol 170, Issue 5<br>
***********************************************<br>
</blockquote></div></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Jayke Peters<br><a href="mailto:jaykepeters@gmail.com" target="_blank">jaykepeters@gmail.com</a><br>+1 (320) 428-0505<br><br></div>