[Dnsmasq-discuss] No cache for CNAME records that point to the host's address

Janos.Mattyasovszky at bmw.de Janos.Mattyasovszky at bmw.de
Thu Dec 18 12:15:03 GMT 2014


Hi,

> A fix would be to notice that the value of the local and upstream A
> records are the same. That would fix this case, but need new code in
> dnsmasq.

Will this "feature" be implemented in upcoming versions? 

The background is, that in /etc/hosts we (I presume others as well) have to include each host's IP Address, but there are regular cases, where some services are not using additional service IP's (bad practice, I know), but have a CNAME pointing to the VM's hostname. The IP of a VM is constant during its lifetime, but the CNAME-s pointing to this hostname can and will change over time, and starting to maintain something else in the hosts file is a quantum leap backwards, if one is already having a good DNS system... 

The other problem is if I'd to the workaround by adding the cnames to the config file is that I don't know at the time I start dnsmasq what CNAME-s are defined, that might point to the VM's hostname...

Regards,
Janos

-- 
BMW Group
Janos Mattyasovszky
Linux Solutions
FG-941 Unix/Linux Server Infrastructure

Postanschrift:
Bremer Strasse 6
80788 München

Tel: +49-89-382-13280
Mail: janos.mattyasovszky at bmw.de
Web: http://www.bmwgroup.com/
--------------------------------------------------------------------
Bayerische Motoren Werke Aktiengesellschaft
Board of Management: Norbert Reithofer, Chairman,
Milagros Caiña Carreiro-Andree, Klaus Draeger, 
Friedrich Eichiner, Klaus Fröhlich, Harald Krüger,
Ian Robertson, Peter Schwarzenbauer.
Chairman of Supervisory Board: Joachim Milberg
Registered in Germany: München HRB 42243
--------------------------------------------------------------------

-----Original Message-----
From: Dnsmasq-discuss [mailto:dnsmasq-discuss-bounces at thekelleys.org.uk] On Behalf Of Simon Kelley
Sent: Mittwoch, 17. Dezember 2014 22:58
To: dnsmasq-discuss at thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] No cache for CNAME records that point to the host's address

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


The deep reason for this is that the architecture of dnsmasq doesn't
allow it to return DNS answers with information that comes from
upstream  _and_ local information.

You have defined the address of itavm0002.muc. locally, but the CNAME
comes from upstream. That make it difficult to always return correct
answers in all cases. Assume the general case that you define
(override) the value of the A record for itavm0002.muc. to be
something different than the upstream value. A query for
itavm0002.muc. will return your local value. A query for the CNAME
itavm0002test.muc. will return the CNAME, and the upstream value for
itavm0002.muc, different from the local value. In order to at least
have consistent answers, dnsmasq won't cache data from an answer which
has an upstream A or AAAA record which overlays a locally defined
record (from /etc/hosts) for instance. Hence you caching problem.

A fix would be to notice that the value of the local and upstream A
records are the same. That would fix this case, but need new code in
dnsmasq.

The simplest solution for you would be to add the CNAMEs to dnsmasq's
local configuration by adding this line to /etc/dnsmasq.conf


cname=itavm0002test.muc,itavm0002.muc

Cheers,

Simon.






On 10/11/14 12:55, Janos.Mattyasovszky at bmw.de wrote:
> Hi @all!
> 
> We are testing dnsmasq as a local DNS cache for our linux hosts, 
> since some of our use-cases rely on asking DNS over the same
> records dozens of times in a second.
> 
> The setup is pretty simple: bound to localhost only, use only the 
> cache, and forward it to our "upstream" DNS servers.
> 
> || # cat dnsmasq.conf || resolv-file= /opt/dnsmasq/conf/resolv.conf
>  || pid-file= /opt/dnsmasq/run/dnsmasq.pid || || interface=lo || 
> listen-address=127.0.0.1 || port=53 || || cache-size=3000 || 
> max-cache-ttl=300 || neg-ttl=60 || || log-facility= 
> /opt/dnsmasq/log/dnsmasq.log || log-queries # enabled for
> debugging only
> 
> We have a host in the lab, that has one IP Address, and a CNAME :
> 
> || itavm0002test.muc.      3600    IN      CNAME   itavm0002.muc.
> || itavm0002.muc.          3600    IN      A       10.XXX.XXX.102
> 
> However, this IP is also included in the /etc/hosts file, that is 
> being read:
> 
> || # grep itavm0002 /etc/hosts || 10.XXX.XXX.102   itavm0002.muc 
> itavm0002.muc   itavm0002
> 
> When I ask dnsmasq for a CNAME record (itavm0002test=>itavm0002),
> it is getting forwarded to the upstream DNS Server, and is returned
> as a CNAME and the appropriate IP (that also exists in the hosts
> file).
> 
> However, unless I have no-hosts in the config file, this record is 
> never cached:
> 
> || Nov 10 13:25:12 dnsmasq[25200]: started, version 2.72 cachesize 
> 3000 || Nov 10 13:25:12 dnsmasq[25200]: compile time options: IPv6 
> GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP 
> no-conntrack ip || set auth no-DNSSEC loop-detect || Nov 10
> 13:25:12 dnsmasq[25200]: reading /opt/dnsmasq/conf/resolv.conf ||
> Nov 10 13:25:12 dnsmasq[25200]: using nameserver 160.XXX.XXX.2#53
> || Nov 10 13:25:12 dnsmasq[25200]: read /etc/hosts - 8 addresses
> 
> Querying local hostname with "dig itavm0002.muc" several times: 
> /etc/hosts is consulted and the result is returned:
> 
> || Nov 10 13:25:20 dnsmasq[25200]: query[A] itavm0002.muc from 
> 127.0.0.1 || Nov 10 13:25:20 dnsmasq[25200]: /etc/hosts
> itavm0002.muc is 10.XXX.XXX.102 || Nov 10 13:25:24 dnsmasq[25200]:
> query[A] itavm0002.muc from 127.0.0.1 || Nov 10 13:25:24
> dnsmasq[25200]: /etc/hosts itavm0002.muc is 10.XXX.XXX.102 || Nov
> 10 13:25:26 dnsmasq[25200]: query[A] itavm0002.muc from 127.0.0.1
> || Nov 10 13:25:26 dnsmasq[25200]: /etc/hosts itavm0002.muc is
> 10.XXX.XXX.102
> 
> Now I start to query the CNAME record by "dig itavm0002test", that 
> points to the same 10.XXX.XXX.102 IP via the DNS System:
> 
> || Nov 10 13:25:30 dnsmasq[25200]: query[A] itavm0002test.muc from 
> 127.0.0.1 || Nov 10 13:25:30 dnsmasq[25200]: forwarded 
> itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:25:30
> dnsmasq[25200]: reply itavm0002test.muc is <CNAME> || Nov 10
> 13:25:30 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102 ||
> Nov 10 13:25:32 dnsmasq[25200]: query[A] itavm0002test.muc from
> 127.0.0.1 || Nov 10 13:25:32 dnsmasq[25200]: forwarded
> itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:25:32
> dnsmasq[25200]: reply itavm0002test.muc is <CNAME> || Nov 10
> 13:25:32 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102 ||
> Nov 10 13:25:36 dnsmasq[25200]: query[A] itavm0002test.muc from
> 127.0.0.1 || Nov 10 13:25:36 dnsmasq[25200]: forwarded
> itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:25:36
> dnsmasq[25200]: reply itavm0002test.muc is <CNAME> || Nov 10
> 13:25:36 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102 || 
> Nov 10 13:25:38 dnsmasq[25200]: query[A] itavm0002test.muc from 
> 127.0.0.1 || Nov 10 13:25:38 dnsmasq[25200]: forwarded 
> itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:25:38
> dnsmasq[25200]: reply itavm0002test.muc is <CNAME> || Nov 10
> 13:25:38 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102
> 
> -> No caching is performed.
> 
> I can however confirm, that with the option "no-hosts" this is not 
> observed:
> 
> || Nov 10 13:36:20 dnsmasq[26071]: started, version 2.72 cachesize 
> 3000 || Nov 10 13:36:20 dnsmasq[26071]: compile time options: IPv6 
> GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP 
> no-conntrack ip || set auth no-DNSSEC loop-detect || Nov 10
> 13:36:20 dnsmasq[26071]: reading /opt/dnsmasq/conf/resolv.conf ||
> Nov 10 13:36:20 dnsmasq[26071]: using nameserver 160.XXX.XXX.2#53
> || Nov 10 13:36:20 dnsmasq[26071]: cleared cache
> 
> Now we ask even our own hostname (and FQDN) from the upstream DNS 
> Server, and since we don't use hosts, the first query gets
> forwarded, the upcoming ones are served from the cache:
> 
> || Nov 10 13:36:26 dnsmasq[26071]: query[A] itavm0002.muc from 
> 127.0.0.1 || Nov 10 13:36:26 dnsmasq[26071]: forwarded
> itavm0002.muc to 160.XXX.XXX.2 || Nov 10 13:36:29 dnsmasq[26071]:
> reply itavm0002.muc is 10.XXX.XXX.102 || Nov 10 13:36:29
> dnsmasq[26071]: query[A] itavm0002.muc from 127.0.0.1 || Nov 10
> 13:36:29 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102 ||
> Nov 10 13:36:35 dnsmasq[26071]: query[A] itavm0002.muc from
> 127.0.0.1 || Nov 10 13:36:35 dnsmasq[26071]: cached itavm0002.muc
> is 10.XXX.XXX.102
> 
> Now we ask the CNAME present in the DNS, and the first is returned 
> from upstream, and the later queries are again served from cache:
> 
> || Nov 10 13:36:39 dnsmasq[26071]: query[A] itavm0002test.muc from 
> 127.0.0.1 || Nov 10 13:36:39 dnsmasq[26071]: forwarded 
> itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:36:39
> dnsmasq[26071]: reply itavm0002test.muc is <CNAME> || Nov 10
> 13:36:39 dnsmasq[26071]: reply itavm0002.muc is 10.XXX.XXX.102 ||
> Nov 10 13:36:41 dnsmasq[26071]: query[A] itavm0002test.muc from
> 127.0.0.1 || Nov 10 13:36:41 dnsmasq[26071]: cached
> itavm0002test.muc is <CNAME> || Nov 10 13:36:41 dnsmasq[26071]:
> cached itavm0002.muc is 10.XXX.XXX.102 || Nov 10 13:36:42
> dnsmasq[26071]: query[A] itavm0002test.muc from 127.0.0.1 || Nov 10
> 13:36:42 dnsmasq[26071]: cached itavm0002test.muc is <CNAME> || Nov
> 10 13:36:42 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102
> 
> This however has the problem, that the addresses "localhost" & co. 
> are not resolved properly, since the resolv.conf is only using 
> 127.0.0.1 as the namesever, and this address is not resolvable by
> the DNS System.
> 
> || Nov 10 13:40:32 dnsmasq[26071]: query[A] localhost from
> 127.0.0.1 || Nov 10 13:40:32 dnsmasq[26071]: forwarded localhost
> to 160.XXX.XXX.2 || Nov 10 13:40:32 dnsmasq[26071]: reply localhost
> is NXDOMAIN
> 
> If I leave the no-hosts option, this is served from the /etc/hosts 
> file:
> 
> || Nov 10 13:52:19 dnsmasq[26907]: query[A] localhost from
> 127.0.0.1 || Nov 10 13:52:19 dnsmasq[26907]: /etc/hosts localhost
> is 127.0.0.1 || Nov 10 13:52:19 dnsmasq[26907]: query[AAAA]
> localhost from 127.0.0.1 || Nov 10 13:52:19 dnsmasq[26907]:
> /etc/hosts localhost is ::1
> 
> An ugly workaroung would be of course to create a customized hosts 
> file, where one would get rid of the entries of the host, and only 
> keep localhost&co, and provide that with addn-hosts, but I'd not 
> consider that...
> 
> I have tested with the latest 2.72.
> 
> Could you / someone please confirm and explain this behavior? It
> this designed to behave like this or is this a bug?
> 
> Thanks in advance,
> 
> Regards, Janos Mattyasovszky
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUkfxSAAoJEBXN2mrhkTWiz1IQAJookCeYG2q6Ut/Hevt9Fv1J
NHcGcUlIyNOKSwbw50vwNSZhrr6FcVawO85SumhUFsxGhB7HEyqrAO8Y68A2Twcy
HHtu/a5gNAiZhwhl+4YQNKBZauM+mjkwf8Z3j2zge0ssEpSRlZYks9Wy5hkz1mwr
2Aq7sadbjSAc3and/z64QMjdSUyuTJXBfe+XXZ/wHczbgozHzm0aZuMZAZvh5K03
cgtisWAvcKCWndSy5w85UGgzXHdWkrHfbuEX5HVudvL4Y0jDxKAtZopz6CdFwTJn
iUxB8PiidWV0c+h8UU6lwYOy8WU7xqz1QAIK2L8f2JT1m8M4LMGbL5c1YqRzKoKM
Fa9/47+BzuVhzZi4S/uLXhyOloIIAVg+sOdmzqG4mpJ2NWyX0J83EKBtD9OTlQbh
uYUkAVfOky3Rcj+3uJ4dSmJJS0F5N4q8o54FBrs1ZfhPx6/WRhV8/SziR75bDOM+
K1IuG3+EHSyULneduWw+DoLQU/bl25+OrOsx29uND8MbLkLQ4EoM83z3N4p71c72
tOwjw6sywEt37meTRbCFIJ1HUwe6GbeQeAOjcRDatU/jR2zqlLfvmS/NiBTuaeT8
hO4B0tvrMHsw1Wlg232qU+BFNebG8aY0dSprPz6OrastsKr7jtmuoQ3mybP08QXV
obbJoixjQCQGP0Epb1uD
=gxPZ
-----END PGP SIGNATURE-----

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



More information about the Dnsmasq-discuss mailing list