[Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

Wojtek Swiatek w at swtk.info
Thu Aug 5 16:01:34 UTC 2021


Thank you Simon for the follow-up.

I use dnsmasq on a Ubiquity Edge router (ER-4), the version is

root at ubnt:~# dnsmasq --version
Dnsmasq version 2.78-23-g9e09429  Copyright (c) 2000-2017 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP
conntrack ipset auth DNSSEC loop-detect inotify

I tried to query the A and AAAA record for a host which is part of my
internal domain, defined though a wildcard:
address=/swtk.info/192.168.10.2

The requests are

root at srv ~# dig -t A mqtt.swtk.info

; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t A mqtt.swtk.info
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56145
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mqtt.swtk.info.                        IN      A

;; ANSWER SECTION:
mqtt.swtk.info.         0       IN      A       192.168.10.2

;; Query time: 0 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Thu Aug 05 17:53:12 CEST 2021
;; MSG SIZE  rcvd: 48

→ this is a correct answer, A is present and status is NOERROR

root at srv ~# dig -t AAAA mqtt.swtk.info

; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t AAAA mqtt.swtk.info
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15102
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mqtt.swtk.info.                        IN      AAAA

;; Query time: 0 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Thu Aug 05 17:53:17 CEST 2021
;; MSG SIZE  rcvd: 32

This is an incorrect answer: the AAAA record does not exist and the status
is NXDOMAIN instead of NODATA

The relevant logs are:

Aug  5 17:52:24 dnsmasq[1007]: started, version 2.78-23-g9e09429 cachesize
150
Aug  5 17:52:24 dnsmasq[1007]: compile time options: IPv6 GNU-getopt DBus
i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect
inotify
Aug  5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.2.30 --
192.168.2.50, lease time 1d
Aug  5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.10.50 --
192.168.10.254, lease time 1d
Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53 for domain
orange.fr
Aug  5 17:52:24 dnsmasq[1007]: using nameserver 8.8.4.4#53
Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53
Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.0.0.1#53
Aug  5 17:52:24 dnsmasq[1007]: using local addresses only for domain
swtk.info
Aug  5 17:52:24 dnsmasq[1007]: using local addresses only for domain
10.168.192.in-addr.arpa
Aug  5 17:52:24 dnsmasq[1007]: read /etc/hosts - 8 addresses
Aug  5 17:52:32 dnsmasq[1007]: query[AAAA] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN
Aug  5 17:52:32 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2
Aug  5 17:52:32 dnsmasq[1007]: query[AAAA] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN
Aug  5 17:52:32 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: query[AAAA] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN
Aug  5 17:52:33 dnsmasq[1007]: query[AAAA] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN
Aug  5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: query[AAAA] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is NXDOMAIN
Aug  5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info from 192.168.10.2
Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info is 192.168.10.2


Would anything else be of interest?

Thank you!









Le jeu. 5 août 2021 à 17:09, Simon Kelley <simon at thekelleys.org.uk> a
écrit :

> There's lots of code in dnsmasq which tries to get this right.
>
> eg.
>
> forward AAAA upstream
> upstream replies with NXDOMAIN
> dnsmasq checks if it knows data for other record types like A and if so
> rewrites NXDOMAIN to NODATA.
>
> TLDR; We though of this, and we think it works correctly. If you've
> found a specific case where it isn't working, we'll need more
> information on exactly what that case is, and what version of dnsmasq
> you're running.
>
> Setting --log-queries, demonstrating the problem, then sending the logs,
> would be a good start.
>
>
> cheers,
>
> Simon.
>
>
> On 04/08/2021 20:42, Wojtek Swiatek wrote:
> > Hello everyone
> >
> > I noticed that my dnsmasq server is sending an NXDOMAIN instead of
> > a NODATA when I query it for AAAA records it does not have.
> >
> > This is, I believe, not the correct behaviour
> > (https://datatracker.ietf.org/doc/html/rfc2308
> > <https://datatracker.ietf.org/doc/html/rfc2308> - see 1 Terminology →
> > NODATA) and that response breaks queries that otherwise would have tried
> > the A record. See for
> > instance
> https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST
> > <https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST
> >
> >
> > As a workaround: is there a way to automatically populate AAAA
> > records together with the A ones (from DHCP)?
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> >
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210805/0384628e/attachment.htm>


More information about the Dnsmasq-discuss mailing list