[Dnsmasq-discuss] [BUG] dnsmasq rewriting NXDOMAIN to NOERROR

Dominik DL6ER dl6er at dl6er.de
Mon Jul 5 15:53:04 UTC 2021

Hey Simon,

the current dnsmasq master version contains a bug rewriting all
NXDOMAIN replies from upstream with NOERROR.

The error has been introduced in commit
d0ae3f5a4dc094e8fe2a3c607028c1c59f42f473 (see attached diff) and is
ultimately caused by

> lookup_domain(daemon->namebuff, F_CONFIG, NULL, NULL)

at line 668/669 returning 1 when it shouldn't.

How to reproduce:

1. Start dnsmasq
2. Query a non-existing domain such as "google.comxxx".

dnsmasq 6860cf932baeaf1c2f09c2a58e38be189ae394de (and older) replies
with NXDOMAN (as expected)
dnsmasq d0ae3f5a4dc094e8fe2a3c607028c1c59f42f473 (and newer) replies
incorrectly with NOERROR and sets the AA bit.

Let me know if you need any further information.

Best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: change.diff
Type: text/x-patch
Size: 6265 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210705/b1f1d423/attachment.bin>

More information about the Dnsmasq-discuss mailing list