[Dnsmasq-discuss] domain-needed is ignored

Thu Jun 21 11:52:16 BST 2018

The manual states that A and AAAA records won't be forwarded. Both of 
your examples were forwarding MX record requests.

On 2018-06-21 5:34 AM, Spon Spon wrote:
> The lookup is forwarded to upstream DNS server.  This can be seen in 
> log and also through tcpdump. So even domain-needed is used the lookup 
> leaks to upstream server, and as per this settings it should not.
>
>
> ------------------------------------------------------------------------
> *From:* Geert Stappers <stappers at stappers.nl>
> *To:* dnsmasq-discuss at lists.thekelleys.org.uk
> *Sent:* Thursday, June 21, 2018 11:20 AM
> *Subject:* Re: [Dnsmasq-discuss] domain-needed is ignored
>
> On Thu, Jun 21, 2018 at 06:15:30AM +0000, Spon Spon wrote:
> > Hi,
> > I have following configuration of dnsmasq:
>     ...
> > domain-needed
>     ...
> >
> > Because of domain-needed option I expected that host only lookup,
> > without domain part will not forwarded to upstream servers (in my case
> > 192.168.2.1, but this seems it is not the case.
>
> Please elaborate "seems"
> Is it being polite or only having "forwarded" in logging and no 
> further proof?
>
>
>
> > The dnsmasq run on an EdgeRouter and has following version:
> > root at bucuresti <mailto:root at bucuresti>:/etc# /usr/sbin/dnsmasq --version
> > Dnsmasq version 2.78-20-geaeda96  Copyright (c) 2000-2017 Simon Kelley
> > Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 
> no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
> >
> > This software comes with ABSOLUTELY NO WARRANTY.
> > Dnsmasq is free software, and you are welcome to redistribute it
> > under the terms of the GNU General Public License, version 2 or 3.
> >
> > If I lookup a host with local domain, then the request is not going
> > to upstream server. Please see below the logged queries:
> >
> > Jun 21 09:13:31 dnsmasq[21398]: query[A] rrr from 127.0.0.1
> > Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv4
> > Jun 21 09:13:31 dnsmasq[21398]: query[AAAA] rrr from 127.0.0.1
> > Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv6
> > Jun 21 09:13:31 dnsmasq[21398]: query[MX] rrr from 127.0.0.1
> > Jun 21 09:13:31 dnsmasq[21398]: forwarded rrr to 192.168.2.1
> > Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1
> > Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN
> > Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1
> > Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN
> >
> > Is this a bug? Is there any configuration missing? I expected that
> > rrr lookup wil not be forwarded to upstream server (192.168.2.1)
>
> >
>
> Dnsmasq manual pages says
>
>   -D, --domain-needed
>       Tells dnsmasq to never forward A or AAAA queries for plain names,
>       without dots or domain  parts,  to upstream nameservers. If
>       the name is not known from /etc/hosts or DHCP then a "not found"
>       answer is returned.
>
> So it would prevent the cost of a dail-out connection.
>
>
>   .....  local testing .....
>
>
> Jun 21 09:41:14 weiss dnsmasq[24942]: query[MX] inertia from 172.24.0.36
> Jun 21 09:41:14 weiss dnsmasq[24942]: forwarded inertia to 172.24.0.10
>
> That un-expected, due 'domain-needed', forward is visible with tcpdump
> at my upstream DNS    :-(
>
>
> Groeten
> Geert Stappers
> -- 
> Leven en laten leven
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk 
> <mailto:Dnsmasq-discuss at lists.thekelleys.org.uk>
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

-- 
Daryl Richards
Isle Technical Services Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180621/a264940d/attachment-0001.html>