[Dnsmasq-discuss] Change in behaviour of --server

Simon Kelley simon at thekelleys.org.uk
Tue Jul 6 20:23:39 UTC 2021 

On 06/07/2021 12:14, Kevin Darbyshire-Bryant wrote:
> Hi Simon,
> 
> An eager OpenWrt tester of current dnsmasq master has noticed the following change in behaviour:

I have to say, I am very much liking the amount of testing that the new
code is getting. It's great to find these regressions _before_ release.

> 
> Openwrt uses a conf file containing a list of RFC6761 domains that are considered undesirable to forward, reducing load on upstream servers etc.  This conf file contains lines such as "server=/onion/“.  Said user overrides this with a line in main config file ’server=/onion/127.0.0.1#2053’.  Unfortunately current dnsmasq looks through its servers and returns ’NXDOMAIN’.  dnsmasq v2.85 says ‘yeah fine, I’ll forward that to 127.0.0.1#2053’
> 
> The are two solutions to this: 1) drop ’server=/onion/‘ from the RFC6761 config file - 2)  Take advantage of new syntax and use ’server=/*.onion/127.0.0.1#2053’
> 
> I’m flagging this as a change in behaviour and I’m not sure how syntactically it can or even should be fixed, or just documented as a change in behaviour. eg.
> 
> Should there be a difference (& what should it be) between
> 
> --server=/onion/
> --server=/onion/127.0.0.1#2053
> 
> (forward to 127.0.0.1#2053)
> 
> and
> 
> --server=/onion/127.0.0.1#2053
> --server=/onion/
> 

The order is irrelevant. What matters is the type of configuration. This
is defined so that, for instance,

--address=/example.com/1.2.3.4
--server=/example.com/8.8.8.8

will return 1.2.3.4 to an A query, but forward any other queries to 8.8.8.8

The priority order is

IPv6 address
IPv4 address,
all zeros address (--address=/example.com/#)
NXDOMAIN address (--address=/example.com/ or --local or --address)
send to an upstream server.

The order of the last two was arbitrary: I hadn't considered a situation
in which

--server=/example.com/
--server=/example.com/8.8.8.8

would both exist, and that order is what came out of the implementation
most easily.

Since doing that is a regression for earlier releases, and you've
demonstrated how the previous behaviour _can_ be useful, I'm happy to
swap the priority of the last two items in my list.


719f79a8fdb7cc72a061b2492ea98f7486b6f90e

does the deed.


> (not sure!)
> 
> or even worse
> 
> --server=/onion/127.0.0.1#2053
> --server=/onion/
> --server=/onion/127.0.0.1#2153
> 
> (use both #2053 & #2153?)

After 719f79a8fdb7cc72a061b2492ea98f7486b6f90e, that's exactly what will
happen.

In general the new code makes servers for particular domains first-class
citizens, so you can specify more than one and dnsmasq will load-balance
across them in the same way it does for the general upstream servers.



Cheers,

Simon.

> 
> Cheers,
> 
> Kevin D-B
> 
> gpg: 012C ACB2 28C6 C53E 9775  9123 B3A2 389B 9DE2 334A
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>

More information about the Dnsmasq-discuss mailing list