[Dnsmasq-discuss] possible minor bug: Caching the results of queries with +cd set...
Simon Kelley
simon at thekelleys.org.uk
Tue Feb 15 15:49:46 GMT 2011
Thanks for the report; I'm pleased to say that this was fixed in version
2.56, released yesterday.
Cheers,
Simon.
Nicholas Weaver wrote:
> (Note: I don't have the version # with me right now, as the NAT in
> question is at home, I can send taht tonight)...
>
>
> Experimenting with DNSSEC (the Comcast no-wildcarding servers are now
> full DNSSEC), I observed the following:
>
> www.dnssec-failed.org is a (comcast owned) domain with deliberately
> broken DNSSEC information. The NAT I'm using uses dnsmasq and gives
> the NAT's IP for the resolver address (always)
>
>
>
> dig www.dnssec-failed.org
> properly fails
>
> dig +cd www.dnssec-failed.org
> properly succeeds, showing that +cd (Checking disabled) is properly
> forwarded to the resolver.
>
> But then, a normal
> dig www.dnssec-failed.org
> will succeed, as dnsmasq cached the result of the +cd query.
>
>
> Basically, queries with +cd set should bypass the cache always: they
> should both go out onto the wire with +cd set AND the result should
> not be placed in the cache.
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list