[Dnsmasq-discuss] localise-queries not working correctly

Simon Kelley simon at thekelleys.org.uk
Wed Feb 29 16:36:15 GMT 2012


On 29/02/12 13:57, John Hanks wrote:
> I posted about similar behavior with subnets carved from the class A
> 10.*.*.* several days ago:
> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2012q1/005525.html
>
> In my case I am using 2.59 and dnsmasq returns all addresses in
> 10.0.0.0/8 when queried from itself to any of its interfaces in
> 10.*.*.* even though the interfaces themselves are all /16. Queries
> from hosts other than the dnsmasq host to any of these /16 interfaces
> return the correct results.
>
> jbh
>
> On Wed, Feb 29, 2012 at 6:47 AM, Lorenzo Milesi<maxxer at ufficyo.com>  wrote:
>>> I just checked, and it's working here. What dnsmasq version are you
>>> using?
>>
>> Dnsmasq version 2.35
>>
>> I'm still on debian 4 on this host.
>>
>> thanks!
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>

OK, I think I just found an interesting problem that could be affecting 
this. I don't have the time to wade through the descriptions you've both 
posted of your systems, and there may not be enough information anyway, 
so I'll try and explain what's going on and you can judge if it's 
applicable.

the algorithm for localisation is

get set of answers S

if (any member if S is in the subnet
     of the interface the query was
     sent to)
then return (only members of S which are
	     in the subnet)

The wrinkle is that to determine the subnet, you need a netmask, and the 
netmask dnsmasq is using is the netmask of the interface the query was 
received on, not the one it was send to.

So, for instance I have a set of /24s 192.168.x.y on my central server, 
and the central server's name has an address 192.168.x.1 on each subnet. 
Sending queries to the central server at 192.168.1.1 returns the single 
address for the server - OK.

But running the same query to the same address on the server gets all 
the addreses. That's because the query is routed over the lo interface 
which has netmask 255.0.0.0. Doing the subnet tests above with netmask 
255.0.0.0 yields all the addresses, since they are all in 192.x.y.z

(Actually, reading Lorenzo's description, I think this exactly what he's 
seeing, I;'m not sure about John.)

Fixing this problem will be, erm, interesting.

Am I on the right lines here?


Simon.




More information about the Dnsmasq-discuss mailing list