[Dnsmasq-discuss] wrong response code for no SRV record
Rahul Amaram
rahul at synovel.com
Sat May 1 10:29:25 BST 2010
Well yes. I have encountered some problems with this. I am using
Kerberos in my company LAN. While performing kinit on my system, the SRV
record for _kerberos-master.udp.EXAMPLE.COM is looked up. Now if an
NXDOMAIN is not returned but instead the default port 1 with empty host
is returned, the kinit command tries to further resolve that empty host
(which I think is replaced with <ROOT> somehow) and this causes a
extereme slowdown of kinit.
I think there should be some configuration option to say that an
NXDOMAIN should be returned for a particular SRV record. This would be
really helpful. What are your thoughts about this?
Simon Kelley wrote:
> Rahul Amaram wrote:
>
>> Hi,
>> I think I have found a bug in dnsmasq though I am not sure if this is
>> the anticipated way it works. In /etc/dnsmasq.conf, it is mentioned:
>>
>> # A SRV record indicating that there is no LDAP server for the domain
>> # example.com
>> #srv-host=_ldap._tcp.example.com
>>
>> which means when a query for this record is made it is supposed to send
>> a NXDOMAIN reply but this does not happen.
>>
>> I am attaching a patch which makes it behave this way. Kindly review it
>> and let me know if I have misinterpreted something.
>>
>> Looking forward to an early reply.
>>
>>
>
> I think you have mis-interpreted the way this works. NXDOMAIN means that
> there is no data in the DNS for the given domain. That is not what's
> happening here. The example line returns a valid SRV record for
> _ldap._tcp.example.com which happens to be empty. The "domain" refers to
> _ldap._tcp.example.com and not the domain which may be returned as part
> of the reply.
>
>
> Have you encountered real-world problems with the existing behaviour?
>
>
> Cheers,
>
> Simon.
>
More information about the Dnsmasq-discuss
mailing list