[Dnsmasq-discuss] [PATCH] dnsmasq interaction with nonrecursive requests

Petr Mensik pemensik at redhat.com
Fri Apr 12 15:30:16 BST 2019


I have prepared patch that allows again queries to dnsmasq without rd
bit set. It allows queries to locally defined names even without rd bit,
but stil refuses queries to cached remote records.

I think this is important issue, could it be reviewed?

On 4/12/19 11:29 AM, Petr Mensik wrote:
> Hi,
> 
> I was checking latest dnsmasq reponses to non-recursive queries. It
> seems strange, it does not work as it should. Originally, I was checking
> NXDOMAIN issue, reported on Fedora bug #1647464.
> 
> But this issue seems important, it makes difficult to use dnsmasq with
> bigger resolvers like bind or unbound. It does skip even local defined
> hosts, which I think should be responded always even without recursion
> bit set.
> 
> This was tested first on released dnsmasq 2.80 in Fedora rawhide, then
> on git compilation with version v2.80-53-g343b7b4. Both seems to be
> incorrect.
> 
> # grep -w qeos-1 /etc/hosts
> 172.16.36.1    qeos-1
> 
> # dig @127.0.0.1 +norec qeos-1
> 
> ; <<>> DiG 9.11.5-P4-RedHat-9.11.5-13.P4.fc31 <<>> @127.0.0.1 +norec qeos-1
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50085
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 27
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;qeos-1.				IN	A
> 
> ;; AUTHORITY SECTION:
> .			498600	IN	NS	b.root-servers.net.
> .			498600	IN	NS	m.root-servers.net.
> .			498600	IN	NS	e.root-servers.net.
> .			498600	IN	NS	f.root-servers.net.
> .			498600	IN	NS	k.root-servers.net.
> .			498600	IN	NS	l.root-servers.net.
> .			498600	IN	NS	c.root-servers.net.
> .			498600	IN	NS	d.root-servers.net.
> .			498600	IN	NS	i.root-servers.net.
> .			498600	IN	NS	g.root-servers.net.
> .			498600	IN	NS	a.root-servers.net.
> .			498600	IN	NS	h.root-servers.net.
> .			498600	IN	NS	j.root-servers.net.
> 
> ;; ADDITIONAL SECTION:
> e.root-servers.net.	153695	IN	A	192.203.230.10
> e.root-servers.net.	153695	IN	AAAA	2001:500:a8::e
> h.root-servers.net.	153695	IN	A	198.97.190.53
> h.root-servers.net.	153695	IN	AAAA	2001:500:1::53
> l.root-servers.net.	585734	IN	A	199.7.83.42
> l.root-servers.net.	153695	IN	AAAA	2001:500:9f::42
> i.root-servers.net.	585699	IN	A	192.36.148.17
> i.root-servers.net.	153695	IN	AAAA	2001:7fe::53
> a.root-servers.net.	597264	IN	A	198.41.0.4
> a.root-servers.net.	597264	IN	AAAA	2001:503:ba3e::2:30
> d.root-servers.net.	153695	IN	A	199.7.91.13
> d.root-servers.net.	153695	IN	AAAA	2001:500:2d::d
> c.root-servers.net.	153695	IN	A	192.33.4.12
> c.root-servers.net.	153695	IN	AAAA	2001:500:2::c
> b.root-servers.net.	585695	IN	A	199.9.14.201
> b.root-servers.net.	153695	IN	AAAA	2001:500:200::b
> j.root-servers.net.	153695	IN	A	192.58.128.30
> j.root-servers.net.	153695	IN	AAAA	2001:503:c27::2:30
> k.root-servers.net.	586670	IN	A	193.0.14.129
> k.root-servers.net.	153695	IN	AAAA	2001:7fd::1
> g.root-servers.net.	153695	IN	A	192.112.36.4
> g.root-servers.net.	153695	IN	AAAA	2001:500:12::d0d
> m.root-servers.net.	153695	IN	A	202.12.27.33
> m.root-servers.net.	153695	IN	AAAA	2001:dc3::35
> f.root-servers.net.	153695	IN	A	192.5.5.241
> f.root-servers.net.	153695	IN	AAAA	2001:500:2f::f
> 
> # dig @127.0.0.1 +rec qeos-1
> ; <<>> DiG 9.11.5-P4-RedHat-9.11.5-13.P4.fc31 <<>> @127.0.0.1 +rec qeos-1
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50355
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;qeos-1.				IN	A
> 
> ;; ANSWER SECTION:
> qeos-1.			0	IN	A	172.16.36.1
> 
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Pá dub 12 05:23:57 EDT 2019
> ;; MSG SIZE  rcvd: 51
> 
> 1. https://bugzilla.redhat.com/show_bug.cgi?id=1647464
> 

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com  PGP: 65C6C973
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Restore-ability-to-answer-non-recursive-requests.patch
Type: text/x-patch
Size: 4209 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20190412/37b60cbd/attachment.bin>


More information about the Dnsmasq-discuss mailing list