[Dnsmasq-discuss] Forwarded TCP queries not obeying --server=/domain/server arguments

Simon Kelley simon at thekelleys.org.uk
Fri Dec 7 12:02:04 GMT 2012


On 07/12/12 10:33, Hollett, Nicholas wrote:
> In upgrading from 2.49 to 2.62, TCP queries which are received are
> blindly forwarded to the default server, not the one defined for the
> specific domain specified using --server arguments to dnsmasq. See the
> below output:
> 
> # dnsmasq -d -q -a 172.16.0.1  --server=/zoidberg.internal/172.16.0.30
> <http://172.16.0.30>                                                    
>                                                                        
>                                                                      
> dnsmasq: started, version 2.62 cachesize 150
> dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6
> no-Lua TFTP conntrack
> dnsmasq: using nameserver 172.16.0.30#53 for domain zoidberg.internal
> dnsmasq: reading /etc/resolv.conf
> dnsmasq: using nameserver 192.168.137.8#53
> dnsmasq: using nameserver 172.16.0.30#53 for domain zoidberg.internal
> dnsmasq: read /etc/hosts - 8 addresses
> dnsmasq: forwarded query to 192.168.137.8
> 
> This happens when requesting using dig:
> # dig @172.16.0.1 <http://172.16.0.1> +tcp _ldap._tcp.zoidberg.internal SRV
> which then fails to return anything because the upstream DNS doesn't
> know about zoidberg.internal. However, when removing the +tcp option:
> 
> dnsmasq: query[SRV] _ldap._tcp.zoidberg.internal from 172.16.0.1
> dnsmasq: forwarded _ldap._tcp.zoidberg.internal to 172.16.0.30
> 
> and I get the correct result in dig.
> 
> This configuration was working fine with dnsmasq 2.49.
> 
> Kind regards,
> Niax
> 

Ok, this caused a certain amount of confusion, and nearly got sent back
as "works for me". It turns out that it works fine for A and AAAA
queries. To see the problem you have to use TCP _and_ the query has to
be for a record type other and A or AAAA.

http://www.thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.65test2.tar.gz

should fix things. If you want to backport the fix to a stable release,
it's tiny and easy, the change is here:

http://www.thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=ee86ce68fc6ba371c3368c31aa548c635757270e

Thanks for the bug report.


Cheers,

Simon.





More information about the Dnsmasq-discuss mailing list