[Dnsmasq-discuss] 2.80 dnspooq v3 problem

Petr Menšík pemensik at redhat.com
Wed Mar 31 07:50:21 UTC 2021 

Hi Sunil,

This is exactly the same issue I reported on thread [1]. Unfortunately
it haven't got merged separately, but it should be patched by
CVE-2021-3448 fix [2]. It happens only when you have rp_filter set to 1.
The root cause of this is the lookup_frec part change in commit
8f9bd615053cd [3], including the part added previously by commit [2].

Yes, these are uncovered bugs not found when testing dnspooq patches.
The root of the issue was there also before, but it stopped working only
after dnspooq patches. They are related.

Cheers,
Petr

1.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014789.html
2.
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
3.
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=8f9bd615053cd13aba82a111ec20bb79d25a2d1e

On 3/30/21 11:17 PM, Simon Kelley wrote:
> The only possibility I know is
> 
> https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=04490bf622ac84891aad6f2dd2edf83725decdee
> 
> 
> Do you see the same problems with the 2.85rc releases?
I think this were fixed by 2.85rc1 release.
> 
> 
> Simon.
> 
> 
> 
> On 30/03/2021 12:33, sunil rathod wrote:
>> With dnspooq patch dns resulation fails when I configure same server
>> with two different interfaces as below, 
>> server 10.8.8.21 at eth0
>> server 10.8.8.21 at eth1,
>> If remove the dnspooq patch, resulation happen properly.  Is there any
>> known issue with dnspooq patch? 
>>
>> On Tue, Mar 16, 2021, 16:16 sunil rathod <srathod1980 at gmail.com
>> <mailto:srathod1980 at gmail.com>> wrote:
>>
>>     Hi everyone, 
>>     I am facing some issue with  2.80 dnspooq v3 patch.  After porting
>>     thus patch, the dns resulation fails.  Somehow dnsmasq dropping the
>>     dns response received from the server.   It starts working if we
>>     change DNS server to 8.8.8.8 in config file.  Initially I was using
>>     local dns server.  Once it starts working if I change back to local
>>     dns server, it works fine.  Any idea what's going wrong with this
>>     patch? 
>>
>>     Regards, 
>>     Sunil Rathod. 
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>>
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> 

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210331/44e261f4/attachment.sig>

More information about the Dnsmasq-discuss mailing list