[Dnsmasq-discuss] Dnsmasq responding with SOA instead of A

Aaron Germuth aagermuth at gmail.com
Tue Jul 12 00:59:54 BST 2016


Hello,

I've looked at the messages with Wireshark and found the DNS portions are
byte-identical (other than transaction id). Everything else looks similar
other than source IP. Not sure where to go from here.

Thanks,

Aaron

On Mon, Jul 11, 2016 at 3:43 PM Albert ARIBAUD <albert.aribaud at free.fr>
wrote:

> Hi again Aaron,
>
> Le Mon, 11 Jul 2016 21:53:21 +0000
> Aaron Germuth <aagermuth at gmail.com> a écrit:
>
> > Hey Albert,
> >
> > Thanks for the reply and sorry about that. The dig command used is
> >
> > dig @100.108.108.176 b.local.example.com A.
> >
> > 100.108.108.176 is the IP of my dns server. This dns server has an
> > entry in /etc/hosts mapping
> > b.local.example.com -> 1.2.3.50.
> >
> > My domain 'example.com' has a RR:
> > local.example.com      NS     3600   MY_DNS_SERVER.com
> >
> > I'm expecting the following dig response (which i get when running it
> > locally on my dns server):
> >
> > ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @100.108.108.176
> > b.local.example.com ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24172
> > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:
> > 0
> >
> > ;; QUESTION SECTION:
> > ;b.local.example.com. IN A
> >
> > ;; ANSWER SECTION:
> > b.local.example.com. 600 IN A 1.2.3.50
> >
> > ;; Query time: 0 msec
> > ;; SERVER: 100.108.108.176#53(100.108.108.176)
> > ;; WHEN: Mon Jul 11 17:38:03 EDT 2016
> > ;; MSG SIZE  rcvd: 51
> >
> > The response if ran from the other computer is:
> >
> > ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @100.108.108.176
> > b.local.example.com ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25320
> > ;; flags: qr aa rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL:
> > 0 ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;b.local.example.com. IN A
> >
> > ;; AUTHORITY SECTION:
> > local.example.com. 600 IN SOA   MY_DNS_SERVER.com.
> > hostmaster.MY_DNS_SERVER.com
> > <http://hostmaster.cpe-dynamic-dns.hot.corp.google.com>. 1468262852
> > 1200 180 1209600 600
> >
> > ;; Query time: 60 msec
> > ;; SERVER: 100.108.108.176#53(100.108.108.176)
> > ;; WHEN: Mon Jul 11 14:32:23 PDT 2016
> > ;; MSG SIZE  rcvd: 1
> >
> > The only filtering I've done is changing the domain to example.com and
> > replacing MY_DNS_SERVER url. Otherwise its copy paste. I don't think
> > the exact URL should matter?
>
> I don't think it does, except of course that no one can reproduce your
> tests, but I can understand that you don't want to disclose your
> domain(s) or IP(s).
>
> > Let me know if you need anything else.
>
> I've already got way more info than I can handle -- I'm not DNS guru. :)
> What I know is that auth-server should treat *all* requests on eth0 the
> same way, so any difference in response is due to queries not being the
> same.
>
> The only difference I see is that the second query seems to have
> requested recursion but not the first, so they are different somehow.
> Maybe some of these differences can explain the different answers?
>
> I suggest you capture DNS traffic on the dnsmasq host using tcpdump, run
> both queries, and compare the corresponding captures field by field and
> analyze each difference found. Of course, the captures will be full of
> sensitive data, so you'll have to do the comparison yourself, but then
> you could for instance report here which fields are different.
>
> > Thanks,
> >
> > Aaron
>
> Amicalement,
> --
> Albert.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160711/b3a11825/attachment.html>


More information about the Dnsmasq-discuss mailing list