[Dnsmasq-discuss] Patch with option to filter A records

Petr Menšík pemensik at redhat.com
Fri Jul 9 12:35:29 UTC 2021


Hi Trey,

Are there any specific applications requiring this patch? It seems to me
most of work should be spent on applications not handling IPv4 addresses
correctly. Also, I would implement filtering of both address families if
it is required.

Are there specific applications, where we can help escalate the problem
on their side instead? As you have already said, when they ask for A
address, they should receive one. Whether it is useful or not, clients
should be able to process it. And skipping to IPv6 in case of no IPv4
connectivity should be immediate. We lack full IPv6 connectivity at
office, so far I know only svn is not able to switch to IPv4 only. Which
is solved by switching to git. Filtering of AAAA record would have
solved it too.

Do you have examples of applications, where this change would help?

Cheers,

Petr

On 6/16/21 1:26 PM, Trey Sis wrote:
> On 6/14/2021 1:43, Trey Sis wrote:
>> On 6/13/2021 22:01, Geert Stappers via Dnsmasq-discuss wrote:
>>> On Wed, Jun 09, 2021 at 02:13:34PM +0200, Trey Sis wrote:
>>>> Dropping the patch file as attachment.
>>>>  From 57c7fcb0b3caccae7376f71ab1a9ae74f0e7f6d9 Mon Sep 17 00:00:00
>>>> 2001
>>>> From: treysis <treysis at gmx.net>
>>>> Date: Sat, 5 Jun 2021 15:27:26 +0200
>>>> Subject: [PATCH] Add option to filter A record requests
>>>>
>>> [1]
>>>
>>>
>>>> ---
>>>>   src/dnsmasq.h |  3 ++-
>>>>   src/option.c  |  3 +++
>>>>   src/rfc1035.c | 11 +++++++++++
>>>>   3 files changed, 16 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
>>>> index b27737b..2fec7d1 100644
>>>> --- a/src/dnsmasq.h
>>>> +++ b/src/dnsmasq.h
>>>> @@ -272,7 +272,8 @@ struct event_desc {
>>>>   #define OPT_LOG_DEBUG      62
>>>>   #define OPT_UMBRELLA       63
>>>>   #define OPT_UMBRELLA_DEVID 64
>>>> -#define OPT_LAST           65
>>>> +#define OPT_FILTER_A       65
>>>> +#define OPT_LAST           66
>>>>
>>>>   #define OPTION_BITS (sizeof(unsigned int)*8)
>>>>   #define OPTION_SIZE (
>>>> (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
>>>> diff --git a/src/option.c b/src/option.c
>>>> index cacfaa6..43dc3cb 100644
>>>> --- a/src/option.c
>>>> +++ b/src/option.c
>>>> @@ -171,6 +171,7 @@ struct myoption {
>>>>   #define LOPT_DYNHOST       362
>>>>   #define LOPT_LOG_DEBUG     363
>>>>   #define LOPT_UMBRELLA       364
>>>> +#define LOPT_FILTER_A      365
>>>>
>>>>   #ifdef HAVE_GETOPT_LONG
>>>>   static const struct option opts[] =
>>>> @@ -347,6 +348,7 @@ static const struct myoption opts[] =
>>>>       { "dynamic-host", 1, 0, LOPT_DYNHOST },
>>>>       { "log-debug", 0, 0, LOPT_LOG_DEBUG },
>>>>       { "umbrella", 2, 0, LOPT_UMBRELLA },
>>>> +    { "filter-a", 0, 0, LOPT_FILTER_A },
>>>>       { NULL, 0, 0, 0 }
>>>>     };
>>>>
>>>> @@ -530,6 +532,7 @@ static struct {
>>>>     { LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which
>>>> packets to dump"), NULL },
>>>>     { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call
>>>> dhcp-script when lease expiry changes."), NULL },
>>>>     { LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]", gettext_noop("Send
>>>> Cisco Umbrella identifiers including remote IP."), NULL },
>>>> +  { LOPT_FILTER_A, OPT_FILTER_A, NULL, gettext_noop("Filter all A
>>>> requests."), NULL },
>>>>     { 0, 0, NULL, NULL, NULL }
>>>>   };
>>>>
>>>> diff --git a/src/rfc1035.c b/src/rfc1035.c
>>>> index 9bc5ef2..1043773 100644
>>>> --- a/src/rfc1035.c
>>>> +++ b/src/rfc1035.c
>>>> @@ -1843,6 +1843,17 @@ size_t answer_request(struct dns_header
>>>> *header, char *limit, size_t qlen,
>>>>           }
>>>>       }
>>>>
>>>> +    /* filter A forwards */
>>>> +    if (qtype == T_A && option_bool(OPT_FILTER_A))
>>>> +      {
>>>> +        /* return a null reply */
>>>> +        ans = 1;
>>>> +        if (!dryrun)
>>>> +          log_query(F_CONFIG | F_IPV6 | F_NEG, name, &addr, NULL);
>>>> +        break;
>>>> +      }
>>>> +    /* end of filtering A */
>>>> +
>>>>         if (!ans)
>>>>       return 0; /* failed to answer a question */
>>>>       }
>>>
>>>
>>> /home/stappers/src/dnsmasq/.git/rebase-apply/patch:62: trailing
>>> whitespace.
>>>                  if (!dryrun)
>>> warning: 1 line adds whitespace errors.
>>
>> My bad! Fixed. Find the new patch attached to this message.
>>
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
> Hello everyone,
>
> I was wondering if anyone has any suggestions or objections for the
> patch?
>
> I still think it would be very valuable for many setups out there to
> drop A records. Most OS don't query for AAAA if there is no IPv6
> connection. But none don't query for A if there is no IPv4. That often
> causes problems with applications that did not (yet) implement happy
> eyeballs. Getting this upstream would make it much easier to handle
> IPv6-only environments.
>
> What do you think?
>
> Regards,
>
> Treysis
>
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210709/24390180/attachment.htm>


More information about the Dnsmasq-discuss mailing list