[Dnsmasq-discuss] [PATCH] Re: --server=/example/8.8.8.8 --server=/example/9.9.9.9 behaviour

Simon Kelley simon at thekelleys.org.uk
Tue Jun 15 22:08:53 UTC 2021


Tacking this onto the end of the thread, rather than replying
specifically to the last post.

Apologies, I've not been reading this: If I keep up with my email, I
have too little time to program, so every so often I do programming and
ignore email. This coding ended up taking a long time, and resulted in a
substantial commit - it would have been nice to do it in stages, but the
struct server datastructure is old, and there's code everywhere that
touches it and makes undocumented assumptions about how it behaves. In
the end I had to rip it all out and write something new and then spend
weeks reconnecting all the loose wires and testing all the
half-forgotten options.

I've ended up with a lot of the code in src/forward.c in a much better
state, a load of bugs fixed, and much better performance with lots of

local=/adserver.com/
and
local=/adserver.com/#

lines, along with significantly better memory use in that case.

Petr's original request is done,

server=/example/8.8.8.8
server=/example/9.9.9.9

works in the same way as two or more servers for the default.

The priority of the various options is now defined, it is

cache and local config, --host-record, --cname etc etc
address=/example/<IPv4>|IPv6>
server=/example/#
local=/example/
server=/example/<server-addr>

With extra information that the first line is type-specific, so if you
just have

address=/example/1.1.1.1

then an AAAA query will fall through to something later.

similarly

server=/example/#

will catch A and AAAA

but nothing else

local=/example/ catches all types.

I'm pretty sure that this is the same behaviour as before, and to the
extent that it wasn't defined before, if it's changed, at least it's
defined now.

One thing that hasn't changed, but doesn't seem to be well known, is the
behaviour of a leading period.

The matching of a domain is more-or-less pure trailing substring, so

server=/example.com/...

will match

example.com
www.example.com
AND
badexample.com

which is not necessarily sensible, but it's what we're stuck with for
backwards compatibility. Long ago, the extra rule was added that an
implied leading period would be added to the query, so that

server=/.example.com/

will match www.example.com and won't match badexample.com, but it WILL
match example.com


I see lots of lists of ad servers formatted as dnsmasq configuration
that don't have that leading period, and should.

This behaviour is carried through to the new code.

There's also a new commit which does resource management per server
"group", so if you have a server or servers for a particular domain
which are not responding, the backlog of unanswered queries will only
affect those queries and queries answered by other servers will still be
server.


Finally, there's a big commit to the DNSSEC code, which combines queries
for DNSKEY and DS records which are generated independently. The chief
advantage of this is with dual-stack clients that ask for A and AAAA
records of the same domain at the same time since it avoids duplicated
sets of queries for all the keys in the chain-of-trust.


Everything described here is in git now, and I've tagged 2.86test2 of
you want a downloadable tarball instead. Please test!


Cheers,

Simon.




More information about the Dnsmasq-discuss mailing list