<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le jeu. 5 août 2021 à 19:41, Simon Kelley <<a href="mailto:simon@thekelleys.org.uk">simon@thekelleys.org.uk</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">OK. The problem is here: using local addresses only for domain <a href="http://swtk.info" rel="noreferrer" target="_blank">swtk.info</a><br>
<br>
That's an easy spot because I just fixed this particular combination.<br>
<br>
I guess you have something like<br>
<br>
local=/<a href="http://swtk.info/" rel="noreferrer" target="_blank">swtk.info/</a><br>
<br>
and dnsmasq is using this to return NXDOMAIN without checking that it<br>
has more specific data for the query in other types.<br>
<br>
As a workaround, removing that configuration should make things work, at<br>
the expense of extra trips to the upstream servers.<br></blockquote><div><br></div><div>Thank you. The problem is that <a href="http://swtk.info">swtk.info</a> is also declared on .info so (if I understand local= correctly), it would attempt to resolve <a href="http://mqtt.swtk.info">mqtt.swtk.info</a> on Internet. Which would fail.</div><div><br></div><div>The local=/<a href="http://swtk.info/">swtk.info/</a> and address=/<a href="http://swtk.info/192.168.10.2" rel="noreferrer" target="_blank">swtk.info/192.168.10.2</a> combo fixes this.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
This should already be fixed in the development code: if it's possible<br>
for you to run<br>
<a href="https://thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.86test6.tar.gz" rel="noreferrer" target="_blank">https://thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.86test6.tar.gz</a><br>
that should fix things, and doing so would be a useful test for me.<br></blockquote><div><br></div><div>Unfortunately, since the dnsmasq binary I use is part of a router, I have no way to use another version. Which, as I realize now, will be a major problem anyway since the issue is not a matter of configuration.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
Cheers,<br>
<br>
<br>
Simon.<br>
<br>
<br>
On 05/08/2021 17:01, Wojtek Swiatek wrote:<br>
> Thank you Simon for the follow-up.<br>
> <br>
> I use dnsmasq on a Ubiquity Edge router (ER-4), the version is <br>
> <br>
> root@ubnt:~# dnsmasq --version<br>
> Dnsmasq version 2.78-23-g9e09429 Copyright (c) 2000-2017 Simon Kelley<br>
> Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua<br>
> TFTP conntrack ipset auth DNSSEC loop-detect inotify<br>
> <br>
> I tried to query the A and AAAA record for a host which is part of my<br>
> internal domain, defined though a wildcard:<br>
> address=/<a href="http://swtk.info/192.168.10.2" rel="noreferrer" target="_blank">swtk.info/192.168.10.2</a> <<a href="http://swtk.info/192.168.10.2" rel="noreferrer" target="_blank">http://swtk.info/192.168.10.2</a>><br>
> <br>
> The requests are<br>
> <br>
> root@srv ~# dig -t A <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>><br>
> <br>
> ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t A <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>><br>
> ;; global options: +cmd<br>
> ;; Got answer:<br>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56145<br>
> ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<br>
> <br>
> ;; QUESTION SECTION:<br>
> ;<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>>. IN A<br>
> <br>
> ;; ANSWER SECTION:<br>
> <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>>. 0 IN A <br>
> 192.168.10.2<br>
> <br>
> ;; Query time: 0 msec<br>
> ;; SERVER: 192.168.10.1#53(192.168.10.1)<br>
> ;; WHEN: Thu Aug 05 17:53:12 CEST 2021<br>
> ;; MSG SIZE rcvd: 48<br>
> <br>
> → this is a correct answer, A is present and status is NOERROR<br>
> <br>
> root@srv ~# dig -t AAAA <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>><br>
> <br>
> ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t AAAA <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>><br>
> ;; global options: +cmd<br>
> ;; Got answer:<br>
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15102<br>
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0<br>
> <br>
> ;; QUESTION SECTION:<br>
> ;<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>>. IN AAAA<br>
> <br>
> ;; Query time: 0 msec<br>
> ;; SERVER: 192.168.10.1#53(192.168.10.1)<br>
> ;; WHEN: Thu Aug 05 17:53:17 CEST 2021<br>
> ;; MSG SIZE rcvd: 32<br>
> <br>
> This is an incorrect answer: the AAAA record does not exist and the<br>
> status is NXDOMAIN instead of NODATA<br>
> <br>
> The relevant logs are:<br>
> <br>
> Aug 5 17:52:24 dnsmasq[1007]: started, version 2.78-23-g9e09429<br>
> cachesize 150<br>
> Aug 5 17:52:24 dnsmasq[1007]: compile time options: IPv6 GNU-getopt<br>
> DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC<br>
> loop-detect inotify<br>
> Aug 5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.2.30 --<br>
> 192.168.2.50, lease time 1d<br>
> Aug 5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.10.50 --<br>
> 192.168.10.254, lease time 1d<br>
> Aug 5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53 for domain<br>
> <a href="http://orange.fr" rel="noreferrer" target="_blank">orange.fr</a> <<a href="http://orange.fr" rel="noreferrer" target="_blank">http://orange.fr</a>><br>
> Aug 5 17:52:24 dnsmasq[1007]: using nameserver 8.8.4.4#53<br>
> Aug 5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53<br>
> Aug 5 17:52:24 dnsmasq[1007]: using nameserver 1.0.0.1#53<br>
> Aug 5 17:52:24 dnsmasq[1007]: using local addresses only for domain<br>
> <a href="http://swtk.info" rel="noreferrer" target="_blank">swtk.info</a> <<a href="http://swtk.info" rel="noreferrer" target="_blank">http://swtk.info</a>><br>
> Aug 5 17:52:24 dnsmasq[1007]: using local addresses only for domain<br>
> 10.168.192.in-addr.arpa<br>
> Aug 5 17:52:24 dnsmasq[1007]: read /etc/hosts - 8 addresses<br>
> Aug 5 17:52:32 dnsmasq[1007]: query[AAAA] <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> from 192.168.10.2<br>
> Aug 5 17:52:32 dnsmasq[1007]: config <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> is NXDOMAIN<br>
> Aug 5 17:52:32 dnsmasq[1007]: query[A] <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> from 192.168.10.2<br>
> Aug 5 17:52:32 dnsmasq[1007]: config <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> is 192.168.10.2<br>
> Aug 5 17:52:32 dnsmasq[1007]: query[AAAA] <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> from 192.168.10.2<br>
> Aug 5 17:52:32 dnsmasq[1007]: config <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> is NXDOMAIN<br>
> Aug 5 17:52:32 dnsmasq[1007]: query[A] <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> from 192.168.10.2<br>
> Aug 5 17:52:32 dnsmasq[1007]: config <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> is 192.168.10.2<br>
> Aug 5 17:52:33 dnsmasq[1007]: query[A] <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> from 192.168.10.2<br>
> Aug 5 17:52:33 dnsmasq[1007]: config <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> is 192.168.10.2<br>
> Aug 5 17:52:33 dnsmasq[1007]: query[AAAA] <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> from 192.168.10.2<br>
> Aug 5 17:52:33 dnsmasq[1007]: config <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> is NXDOMAIN<br>
> Aug 5 17:52:33 dnsmasq[1007]: query[AAAA] <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> from 192.168.10.2<br>
> Aug 5 17:52:33 dnsmasq[1007]: config <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> is NXDOMAIN<br>
> Aug 5 17:52:33 dnsmasq[1007]: query[A] <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> from 192.168.10.2<br>
> Aug 5 17:52:33 dnsmasq[1007]: config <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> is 192.168.10.2<br>
> Aug 5 17:52:33 dnsmasq[1007]: query[AAAA] <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> from 192.168.10.2<br>
> Aug 5 17:52:33 dnsmasq[1007]: config <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> is NXDOMAIN<br>
> Aug 5 17:52:33 dnsmasq[1007]: query[A] <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> from 192.168.10.2<br>
> Aug 5 17:52:33 dnsmasq[1007]: config <a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">mqtt.swtk.info</a><br>
> <<a href="http://mqtt.swtk.info" rel="noreferrer" target="_blank">http://mqtt.swtk.info</a>> is 192.168.10.2<br>
> <br>
> <br>
> Would anything else be of interest?<br>
> <br>
> Thank you!<br>
> <br>
> <br>
> <br>
> <br>
> <br>
> <br>
> <br>
> <br>
> <br>
> Le jeu. 5 août 2021 à 17:09, Simon Kelley <<a href="mailto:simon@thekelleys.org.uk" target="_blank">simon@thekelleys.org.uk</a><br>
> <mailto:<a href="mailto:simon@thekelleys.org.uk" target="_blank">simon@thekelleys.org.uk</a>>> a écrit :<br>
> <br>
> There's lots of code in dnsmasq which tries to get this right.<br>
> <br>
> eg.<br>
> <br>
> forward AAAA upstream<br>
> upstream replies with NXDOMAIN<br>
> dnsmasq checks if it knows data for other record types like A and if so<br>
> rewrites NXDOMAIN to NODATA.<br>
> <br>
> TLDR; We though of this, and we think it works correctly. If you've<br>
> found a specific case where it isn't working, we'll need more<br>
> information on exactly what that case is, and what version of dnsmasq<br>
> you're running.<br>
> <br>
> Setting --log-queries, demonstrating the problem, then sending the logs,<br>
> would be a good start.<br>
> <br>
> <br>
> cheers,<br>
> <br>
> Simon.<br>
> <br>
> <br>
> On 04/08/2021 20:42, Wojtek Swiatek wrote:<br>
> > Hello everyone<br>
> ><br>
> > I noticed that my dnsmasq server is sending an NXDOMAIN instead of<br>
> > a NODATA when I query it for AAAA records it does not have.<br>
> ><br>
> > This is, I believe, not the correct behaviour<br>
> > (<a href="https://datatracker.ietf.org/doc/html/rfc2308" rel="noreferrer" target="_blank">https://datatracker.ietf.org/doc/html/rfc2308</a><br>
> <<a href="https://datatracker.ietf.org/doc/html/rfc2308" rel="noreferrer" target="_blank">https://datatracker.ietf.org/doc/html/rfc2308</a>><br>
> > <<a href="https://datatracker.ietf.org/doc/html/rfc2308" rel="noreferrer" target="_blank">https://datatracker.ietf.org/doc/html/rfc2308</a><br>
> <<a href="https://datatracker.ietf.org/doc/html/rfc2308" rel="noreferrer" target="_blank">https://datatracker.ietf.org/doc/html/rfc2308</a>>> - see 1 Terminology →<br>
> > NODATA) and that response breaks queries that otherwise would have<br>
> tried<br>
> > the A record. See for<br>
> ><br>
> instance <a href="https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST" rel="noreferrer" target="_blank">https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST</a><br>
> <<a href="https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST" rel="noreferrer" target="_blank">https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST</a>><br>
> ><br>
> <<a href="https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST" rel="noreferrer" target="_blank">https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST</a><br>
> <<a href="https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST" rel="noreferrer" target="_blank">https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST</a>>><br>
> ><br>
> > As a workaround: is there a way to automatically populate AAAA<br>
> > records together with the A ones (from DHCP)?<br>
> ><br>
> > _______________________________________________<br>
> > Dnsmasq-discuss mailing list<br>
> > <a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
> <mailto:<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a>><br>
> ><br>
> <a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a><br>
> <<a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a>><br>
> ><br>
> <br>
> _______________________________________________<br>
> Dnsmasq-discuss mailing list<br>
> <a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
> <mailto:<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a>><br>
> <a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a><br>
> <<a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a>><br>
> <br>
</blockquote></div></div>