[Dnsmasq-discuss] domain-needed is ignored

Spon Spon spon901 at yahoo.com
Thu Jun 21 11:54:10 BST 2018 



>On Thu, Jun 21, 2018 at 06:15:30AM +0000, Spon Spon wrote:
>> Hi,
>> I have following configuration of dnsmasq:
>    ...
>> domain-needed
>    ...
>> 
>> Because of domain-needed option I expected that host only lookup,
>> without domain part will not forwarded to upstream servers (in my case
>> 192.168.2.1, but this seems it is not the case.
>
>Please elaborate "seems"
>Is it being polite or only having "forwarded" in logging and no further proof?>
>
>
>> The dnsmasq run on an EdgeRouter and has following version:
>> root at bucuresti:/etc# /usr/sbin/dnsmasq --version
>> Dnsmasq version 2.78-20-geaeda96  Copyright (c) 2000-2017 Simon Kelley
>> Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect >inotify
>> 
>> This software comes with ABSOLUTELY NO WARRANTY.
>> Dnsmasq is free software, and you are welcome to redistribute it
>> under the terms of the GNU General Public License, version 2 or 3.
>> 
>> If I lookup a host with local domain, then the request is not going
>> to upstream server. Please see below the logged queries:
>> 
>> Jun 21 09:13:31 dnsmasq[21398]: query[A] rrr from 127.0.0.1
>> Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv4
>> Jun 21 09:13:31 dnsmasq[21398]: query[AAAA] rrr from 127.0.0.1
>> Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv6
>> Jun 21 09:13:31 dnsmasq[21398]: query[MX] rrr from 127.0.0.1
>> Jun 21 09:13:31 dnsmasq[21398]: forwarded rrr to 192.168.2.1
>> Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1
>> Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN
>> Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1
>> Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN
>> 
>> Is this a bug? Is there any configuration missing? I expected that
>> rrr lookup wil not be forwarded to upstream server (192.168.2.1)>
>> 
>
>Dnsmasq manual pages says
>
>  -D, --domain-needed
>      Tells dnsmasq to never forward A or AAAA queries for plain names,
>      without dots or domain  parts,  to upstream  nameservers. If
>      the name is not known from /etc/hosts or DHCP then a "not found"
>      answer is returned.
>
>So it would prevent the cost of a dail-out connection.
>
>
>  .....  local testing .....
>
>
>Jun 21 09:41:14 weiss dnsmasq[24942]: query[MX] inertia from 172.24.0.36
>Jun 21 09:41:14 weiss dnsmasq[24942]: forwarded inertia to 172.24.0.10
>
>That un-expected, due 'domain-needed', forward is visible with tcpdump
>at my upstream DNS    :-(
>
>
>Groeten
>Geert Stappers
>-- 
>Leven en laten leven

Through testing I discovered following:If I issue host rrrr then the request is forwarded to upstream server and is should not
If I issue ping kkkk then the request is NOT forwarded to upstream server as expected.(I put rrrr and kkkk, just to be sure cache is not involved)

the tcpdump (first 2 packets (between process to dnsmasq and his reply are below:
In case of host rrr we have:13:40:19.858325 IP localhost.40987 > localhost.domain: 54601+ A? jjjj. (22)
        0x0000:  0000 0304 0006 0000 0000 0000 0000 0800  ................
        0x0010:  4500 0032 2960 0000 4011 5359 7f00 0001  E..2)`.. at .SY....
        0x0020:  7f00 0001 a01b 0035 001e fe31 d549 0100  .......5...1.I..
        0x0030:  0001 0000 0000 0000 046a 6a6a 6a00 0001  .........jjjj...
        0x0040:  0001                                     ..
13:40:19.860678 IP localhost.domain > localhost.40987: 54601 0/0/0 (22)
        0x0000:  0000 0304 0006 0000 0000 0000 0000 0800  ................
        0x0010:  4500 0032 2961 4000 4011 1358 7f00 0001  E..2)a at .@..X....
        0x0020:  7f00 0001 0035 a01b 001e fe31 d549 8180  .....5.....1.I..
        0x0030:  0001 0000 0000 0000 046a 6a6a 6a00 0001  .........jjjj...
        0x0040:  0001                                     ..

in case of ping kkkk we have : 

13:41:17.232389 IP localhost.58411 > localhost.domain: 1381+ A? kkkk. (22)
        0x0000:  0000 0304 0006 0000 0000 0000 0000 0800  ................
        0x0010:  4500 0032 4d72 4000 4011 ef46 7f00 0001  E..2Mr at .@..F....
        0x0020:  7f00 0001 e42b 0035 001e fe31 0565 0100  .....+.5...1.e..
        0x0030:  0001 0000 0000 0000 046b 6b6b 6b00 0001  .........kkkk...
        0x0040:  0001                                     ..
13:41:17.416815 IP localhost.domain > localhost.58411: 1381 0/0/0 (22)
        0x0000:  0000 0304 0006 0000 0000 0000 0000 0800  ................
        0x0010:  4500 0032 4d8c 4000 4011 ef2c 7f00 0001  E..2M. at .@..,....
        0x0020:  7f00 0001 0035 e42b 001e fe31 0565 8180  .....5.+...1.e..
        0x0030:  0001 0000 0000 0000 046b 6b6b 6b00 0001  .........kkkk...
        0x0040:  0001                                     ..
Thanks,Spon
   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180621/47f1a8d4/attachment.html>

More information about the Dnsmasq-discuss mailing list