[Dnsmasq-discuss] localhost domain is fowarded to upstream server at commit d0ae3f5

Simon Kelley simon at thekelleys.org.uk
Sun Jun 20 22:25:47 UTC 2021


On 20/06/2021 05:31, Xingcong Li wrote:
> Hello, I have reproduced the bug. The issue is valid Now!
> 
> Here is my dnsmasq config file:
> 
> # /tmp/dnsmasq.conf
> port=30000
> no-resolv
> no-poll
> server=114.114.114.114
> server=/fb.me/8.8.8.8 <http://fb.me/8.8.8.8>
> address=/qq.com/127.0.0.1 <http://qq.com/127.0.0.1>
> 
> I used git bisect to find the first buggy commit is
> 6860cf932baeaf1c2f09c2a58e38be189ae394de
> 
> Query qq.com <http://qq.com> and www.qq.com <http://www.qq.com> to test
> if it can reply 127.0.0.1.
> 
> $ dig @localhost -p30000 qq.com <http://qq.com>
> $ dig @localhost -p30000 www.qq.com <http://www.qq.com>
> 
> In commit 0276e0805b2ca4657d8017e878f8a400354bdf78 (parent of buggy
> 6860cf932), Everything works fine:
> 
> $ ./src/dnsmasq -d -C /tmp/dnsmasq.conf -q
> dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n
> no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-cryptohash
> no-DNSSEC loop-detect inotify dumpfile
> dnsmasq: using nameserver 8.8.8.8#53 for domain fb.me <http://fb.me>
> dnsmasq: using nameserver 114.114.114.114#53
> dnsmasq: read /etc/hosts - 11 addresses
> dnsmasq: query[A] qq.com <http://qq.com> from 127.0.0.1
> dnsmasq: config qq.com <http://qq.com> is 127.0.0.1
> dnsmasq: query[A] www.qq.com <http://www.qq.com> from 127.0.0.1
> dnsmasq: config www.qq.com <http://www.qq.com> is 127.0.0.1
> 
> In buggy commit 6860cf932baeaf1c2f09c2a58e38be189ae394de, queries are
> always forwarded to upstream:
> 
> $ ./src/dnsmasq -d -C /tmp/dnsmasq.conf -q
> dnsmasq: started, version 2.86test2-5-g6860cf9 cachesize 150
> dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n
> no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-cryptohash
> no-DNSSEC loop-detect inotify dumpfile
> dnsmasq: using nameserver 8.8.8.8#53 for domain fb.me <http://fb.me>
> dnsmasq: using nameserver 114.114.114.114#53
> dnsmasq: read /etc/hosts - 11 addresses
> dnsmasq: query[A] qq.com <http://qq.com> from 127.0.0.1
> compares: 7
> dnsmasq: forwarded qq.com <http://qq.com> to 114.114.114.114
> dnsmasq: reply qq.com <http://qq.com> is 123.151.137.18
> dnsmasq: reply qq.com <http://qq.com> is 61.129.7.47
> dnsmasq: reply qq.com <http://qq.com> is 183.3.226.35
> dnsmasq: query[A] www.qq.com <http://www.qq.com> from 127.0.0.1
> compares: 7
> dnsmasq: forwarded www.qq.com <http://www.qq.com> to 114.114.114.114
> dnsmasq: reply www.qq.com <http://www.qq.com> is <CNAME>
> dnsmasq: reply ins-r23tsuuf.ias.tencent-cloud.net
> <http://ins-r23tsuuf.ias.tencent-cloud.net> is 121.14.77.201
> dnsmasq: reply ins-r23tsuuf.ias.tencent-cloud.net
> <http://ins-r23tsuuf.ias.tencent-cloud.net> is 121.14.77.221
> 
> I added a line to print qdomain.
> 
> // domain-match.c around line 180
> if (leading_dot)
> {
>     leading_dot = 0;
>     crop_query--;
> }
> qdomain += crop_query;
> printf("qdomain=%s\n", qdomain);
> 
> When I got qdomain="qq.com <http://qq.com>", the actual print result is
> "q.com <http://q.com>", I guess it should be ".com" or "com".
> 
> Any idea to fix it?
> 

The problem is in the code which aggressively crops the query length by
calculating the value of crop_query, just above that. There's a comment
that says "try now points to the last domain that sorts before the
query", but that's not true if the query sorts before _any_ of the
domains. Since in this case the earliest-sorting domain is qq.com, and
the first query tried is .qq.com, which sorts before qq.com (since it's
longer), the assumption doesn't hold, and the code reduces the length of
the query to the length of the next domain, fb.me, when it shouldn't.
That's why you see it looking for q.com. Since q.com doesn't match
qq.com the search continues and falls out at the default.

The net affect of this is that the longest domain (or the longest, and
lexigraphically earliest, if there are more than one of the longest
length) will be effectively ignored.

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=a0a3b8ad3e91db5181023fceea6732eb6c6f0759

should fix this, if I've got  it right. Please test, and thanks again
for your testing and bug discovery so far.


Cheers,m

Simon.





More information about the Dnsmasq-discuss mailing list