[Dnsmasq-discuss] No more random source port if "--enable-dbus" is used.

[Michael Aramanovich]

(continuation of
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q1/011315.html
)

Hello
back in 2017 there was already an attempt to solve this , but it led to
nothing, unfortunately.

However, the problem is still easily reproducible on Centos 7, Centos 8,
with dnsmasq 2.76 / 2.79  (and the most recent ones as well).

How to reproduce:
- configure NetworkManager and enable dnsmasq plugin: in
/etc/NetworkManager/NetworkManager.conf, add:

# This enabled the dnsmasq plugin.
[main]
dns=dnsmasq

- restart NetworkManager. After that, the dnsmasq process will appear with
the following options:

/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts
--bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid
--listen-address=127.0.0.1 --cache-size=400 --clear-on-reload
--conf-file=/dev/null --proxy-dnssec
--enable-dbus=org.freedesktop.NetworkManager.dnsmasq
--conf-dir=/etc/NetworkManager/dnsmasq.d

Since then, every request to the upstream DNS server will be sent by
dnsmasq with the SAME local source port.  Moreover, setting or changing any
of the options - --query-port, --min-port, --max-port does not make any
sense and these options are definitely ignored by dnsmasq if it runs with
the "--enable-dbus" option.

As a result, all the DNS requests are coming with the same udp source port
, which violates RFC 5452 p.4.5 ;    at some point this "session" is
blocked by Juniper with DNS algo enabled.

Please advise if this is a dnsmasq bug, or there are any other
configuration options (either in dnsmasq or NetworkManager) to avoid this
and force dnsmasq to use a random UDP source port for upstream queries.

Regards
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20200807/940e03f3/attachment.html>