[Dnsmasq-discuss] NXDOMAIN is sent instead of NODATA when querying for non-existent AAAA records

Simon Kelley simon at thekelleys.org.uk
Thu Aug 5 17:41:04 UTC 2021


OK. The problem is here: using local addresses only for domain swtk.info

That's an easy spot because I just fixed this particular combination.

I guess you have something like

local=/swtk.info/

and dnsmasq is using this to return NXDOMAIN without checking that it
has more specific data for the query in other  types.

As a workaround, removing that configuration should make things work, at
the expense of extra trips to the upstream servers.

This should already be fixed in the development code: if it's possible
for you to run
https://thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.86test6.tar.gz
that should fix things, and doing so would be a useful test for me.


Cheers,


Simon.


On 05/08/2021 17:01, Wojtek Swiatek wrote:
> Thank you Simon for the follow-up.
> 
> I use dnsmasq on a Ubiquity Edge router (ER-4), the version is 
> 
> root at ubnt:~# dnsmasq --version
> Dnsmasq version 2.78-23-g9e09429  Copyright (c) 2000-2017 Simon Kelley
> Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua
> TFTP conntrack ipset auth DNSSEC loop-detect inotify
> 
> I tried to query the A and AAAA record for a host which is part of my
> internal domain, defined though a wildcard:
> address=/swtk.info/192.168.10.2 <http://swtk.info/192.168.10.2>
> 
> The requests are
> 
> root at srv ~# dig -t A mqtt.swtk.info <http://mqtt.swtk.info>
> 
> ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t A mqtt.swtk.info
> <http://mqtt.swtk.info>
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56145
> ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;mqtt.swtk.info <http://mqtt.swtk.info>.                        IN      A
> 
> ;; ANSWER SECTION:
> mqtt.swtk.info <http://mqtt.swtk.info>.         0       IN      A      
> 192.168.10.2
> 
> ;; Query time: 0 msec
> ;; SERVER: 192.168.10.1#53(192.168.10.1)
> ;; WHEN: Thu Aug 05 17:53:12 CEST 2021
> ;; MSG SIZE  rcvd: 48
> 
> → this is a correct answer, A is present and status is NOERROR
> 
> root at srv ~# dig -t AAAA mqtt.swtk.info <http://mqtt.swtk.info>
> 
> ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> -t AAAA mqtt.swtk.info
> <http://mqtt.swtk.info>
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15102
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;mqtt.swtk.info <http://mqtt.swtk.info>.                        IN      AAAA
> 
> ;; Query time: 0 msec
> ;; SERVER: 192.168.10.1#53(192.168.10.1)
> ;; WHEN: Thu Aug 05 17:53:17 CEST 2021
> ;; MSG SIZE  rcvd: 32
> 
> This is an incorrect answer: the AAAA record does not exist and the
> status is NXDOMAIN instead of NODATA
> 
> The relevant logs are:
> 
> Aug  5 17:52:24 dnsmasq[1007]: started, version 2.78-23-g9e09429
> cachesize 150
> Aug  5 17:52:24 dnsmasq[1007]: compile time options: IPv6 GNU-getopt
> DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC
> loop-detect inotify
> Aug  5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.2.30 --
> 192.168.2.50, lease time 1d
> Aug  5 17:52:24 dnsmasq-dhcp[1007]: DHCP, IP range 192.168.10.50 --
> 192.168.10.254, lease time 1d
> Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53 for domain
> orange.fr <http://orange.fr>
> Aug  5 17:52:24 dnsmasq[1007]: using nameserver 8.8.4.4#53
> Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.1.1.1#53
> Aug  5 17:52:24 dnsmasq[1007]: using nameserver 1.0.0.1#53
> Aug  5 17:52:24 dnsmasq[1007]: using local addresses only for domain
> swtk.info <http://swtk.info>
> Aug  5 17:52:24 dnsmasq[1007]: using local addresses only for domain
> 10.168.192.in-addr.arpa
> Aug  5 17:52:24 dnsmasq[1007]: read /etc/hosts - 8 addresses
> Aug  5 17:52:32 dnsmasq[1007]: query[AAAA] mqtt.swtk.info
> <http://mqtt.swtk.info> from 192.168.10.2
> Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info
> <http://mqtt.swtk.info> is NXDOMAIN
> Aug  5 17:52:32 dnsmasq[1007]: query[A] mqtt.swtk.info
> <http://mqtt.swtk.info> from 192.168.10.2
> Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info
> <http://mqtt.swtk.info> is 192.168.10.2
> Aug  5 17:52:32 dnsmasq[1007]: query[AAAA] mqtt.swtk.info
> <http://mqtt.swtk.info> from 192.168.10.2
> Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info
> <http://mqtt.swtk.info> is NXDOMAIN
> Aug  5 17:52:32 dnsmasq[1007]: query[A] mqtt.swtk.info
> <http://mqtt.swtk.info> from 192.168.10.2
> Aug  5 17:52:32 dnsmasq[1007]: config mqtt.swtk.info
> <http://mqtt.swtk.info> is 192.168.10.2
> Aug  5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info
> <http://mqtt.swtk.info> from 192.168.10.2
> Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info
> <http://mqtt.swtk.info> is 192.168.10.2
> Aug  5 17:52:33 dnsmasq[1007]: query[AAAA] mqtt.swtk.info
> <http://mqtt.swtk.info> from 192.168.10.2
> Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info
> <http://mqtt.swtk.info> is NXDOMAIN
> Aug  5 17:52:33 dnsmasq[1007]: query[AAAA] mqtt.swtk.info
> <http://mqtt.swtk.info> from 192.168.10.2
> Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info
> <http://mqtt.swtk.info> is NXDOMAIN
> Aug  5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info
> <http://mqtt.swtk.info> from 192.168.10.2
> Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info
> <http://mqtt.swtk.info> is 192.168.10.2
> Aug  5 17:52:33 dnsmasq[1007]: query[AAAA] mqtt.swtk.info
> <http://mqtt.swtk.info> from 192.168.10.2
> Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info
> <http://mqtt.swtk.info> is NXDOMAIN
> Aug  5 17:52:33 dnsmasq[1007]: query[A] mqtt.swtk.info
> <http://mqtt.swtk.info> from 192.168.10.2
> Aug  5 17:52:33 dnsmasq[1007]: config mqtt.swtk.info
> <http://mqtt.swtk.info> is 192.168.10.2
> 
> 
> Would anything else be of interest?
> 
> Thank you!
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Le jeu. 5 août 2021 à 17:09, Simon Kelley <simon at thekelleys.org.uk
> <mailto:simon at thekelleys.org.uk>> a écrit :
> 
>     There's lots of code in dnsmasq which tries to get this right.
> 
>     eg.
> 
>     forward AAAA upstream
>     upstream replies with NXDOMAIN
>     dnsmasq checks if it knows data for other record types like A and if so
>     rewrites NXDOMAIN to NODATA.
> 
>     TLDR; We though of this, and we think it works correctly. If you've
>     found a specific case where it isn't working, we'll need more
>     information on exactly what that case is, and what version of dnsmasq
>     you're running.
> 
>     Setting --log-queries, demonstrating the problem, then sending the logs,
>     would be a good start.
> 
> 
>     cheers,
> 
>     Simon.
> 
> 
>     On 04/08/2021 20:42, Wojtek Swiatek wrote:
>     > Hello everyone
>     >
>     > I noticed that my dnsmasq server is sending an NXDOMAIN instead of
>     > a NODATA when I query it for AAAA records it does not have.
>     >
>     > This is, I believe, not the correct behaviour
>     > (https://datatracker.ietf.org/doc/html/rfc2308
>     <https://datatracker.ietf.org/doc/html/rfc2308>
>     > <https://datatracker.ietf.org/doc/html/rfc2308
>     <https://datatracker.ietf.org/doc/html/rfc2308>> - see 1 Terminology →
>     > NODATA) and that response breaks queries that otherwise would have
>     tried
>     > the A record. See for
>     >
>     instance https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST
>     <https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST>
>     >
>     <https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST
>     <https://kc.mcafee.com/corporate/index?page=content&id=KB73433&actp=LIST>>
>     >
>     > As a workaround: is there a way to automatically populate AAAA
>     > records together with the A ones (from DHCP)?
>     >
>     > _______________________________________________
>     > Dnsmasq-discuss mailing list
>     > Dnsmasq-discuss at lists.thekelleys.org.uk
>     <mailto:Dnsmasq-discuss at lists.thekelleys.org.uk>
>     >
>     https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>     <https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss>
>     >
> 
>     _______________________________________________
>     Dnsmasq-discuss mailing list
>     Dnsmasq-discuss at lists.thekelleys.org.uk
>     <mailto:Dnsmasq-discuss at lists.thekelleys.org.uk>
>     https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>     <https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss>
> 



More information about the Dnsmasq-discuss mailing list