[Dnsmasq-discuss] Patch with option to filter A records

Trey Sis treysis at gmx.net
Thu Sep 2 20:18:11 UTC 2021


On 7/9/2021 17:46, Geert Stappers via Dnsmasq-discuss wrote:
> On Fri, Jul 09, 2021 at 02:35:29PM +0200, Petr Menšík wrote:
>> On 6/16/21 1:26 PM, Trey Sis wrote:
>>> On 6/14/2021 1:43, Trey Sis wrote:
>>>> On 6/13/2021 22:01, Geert Stappers wrote:
>>>>> warning: 1 line adds whitespace errors.
>>>> My bad! Fixed. Find the new patch attached to this message.
>>>>
>>> Hello everyone,
>>>
>>> I was wondering if anyone has any suggestions or objections for the
>>> patch?
>>>
>>> I still think it would be very valuable for many setups out there to
>>> drop A records. Most OS don't query for AAAA if there is no IPv6
>>> connection. But none don't query for A if there is no IPv4. That often
>>> causes problems with applications that did not (yet) implement happy
>>> eyeballs. Getting this upstream would make it much easier to handle
>>> IPv6-only environments.
>>>
>>> What do you think?
>>>
>> Hi Trey,
>>
>> Are there any specific applications requiring this patch? It seems to me
>> most of work should be spent on applications not handling IPv4 addresses
>> correctly. Also, I would implement filtering of both address families if
>> it is required.
>>
>> Are there specific applications, where we can help escalate the problem
>> on their side instead?  As you have already said, when they ask for A
>> address, they should receive one. Whether it is useful or not, clients
>> should be able to process it. And skipping to IPv6 in case of no IPv4
>> connectivity should be immediate. We lack full IPv6 connectivity at
>> office, so far I know only svn is not able to switch to IPv4 only. Which
>> is solved by switching to git. Filtering of AAAA record would have
>> solved it too.
>>
>>
> Quoting post that started this email thread:
>
> } I have created a patch that adds an option to dnsmasq to filter
> } out A record requests. This is particularly suitable for IPv6-only
> } environments. Some software (especially NodeJS) will reorder DNS
> } requests giving priority to A records,       irrespective of IPv4
> } connectivity of the host. My patch filters A records, while AAAA
> } records are returned.
>
> Short answer to
>> Do you have examples of applications, where this change would help?
> NodeJS

Alright, so I have found the time now to rebase this patch against the
current branch.

I can only repeat that it would be make a lot of folks happy to have
this patch included, even if they're not on this mailing list. It's
mostly NodeJS applications, but other apps as well. It's often not clear
what would work. So this patch would also be helpful in development
environments when testing IPv6 compatibility with software.

I would really love to have some feedback if you are missing some detail.

Cheers,

Treysis


-------------- next part --------------
From 4e355f5880066ade0240652f53544b23cb91ae73 Mon Sep 17 00:00:00 2001
From: treysis <treysis at gmx.net>
Date: Sat, 5 Jun 2021 15:27:26 +0200
Subject: [PATCH] Add option to filter A record requests

---
 src/dnsmasq.h |  3 ++-
 src/option.c  |  5 ++++-
 src/rfc1035.c | 11 +++++++++++
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 8674823..24d66a6 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -275,7 +275,8 @@ struct event_desc {
 #define OPT_UMBRELLA_DEVID 64
 #define OPT_CMARK_ALST_EN  65
 #define OPT_QUIET_TFTP     66
-#define OPT_LAST           67
+#define OPT_FILTER_A       67
+#define OPT_LAST           68
 
 #define OPTION_BITS (sizeof(unsigned int)*8)
 #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
diff --git a/src/option.c b/src/option.c
index ffce9fc..98bfa32 100644
--- a/src/option.c
+++ b/src/option.c
@@ -174,6 +174,7 @@ struct myoption {
 #define LOPT_CMARK_ALST_EN 365
 #define LOPT_CMARK_ALST    366
 #define LOPT_QUIET_TFTP    367
+#define LOPT_FILTER_A      368
  
 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =  
@@ -351,8 +352,9 @@ static const struct myoption opts[] =
     { "dhcp-ignore-clid", 0, 0,  LOPT_IGNORE_CLID },
     { "dynamic-host", 1, 0, LOPT_DYNHOST },
     { "log-debug", 0, 0, LOPT_LOG_DEBUG },
-	{ "umbrella", 2, 0, LOPT_UMBRELLA },
+    { "umbrella", 2, 0, LOPT_UMBRELLA },
     { "quiet-tftp", 0, 0, LOPT_QUIET_TFTP },
+    { "filter-a", 0, 0, LOPT_FILTER_A },
     { NULL, 0, 0, 0 }
   };
 
@@ -539,6 +541,7 @@ static struct {
   { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL },
   { LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]", gettext_noop("Send Cisco Umbrella identifiers including remote IP."), NULL },
   { LOPT_QUIET_TFTP, OPT_QUIET_TFTP, NULL, gettext_noop("Do not log routine TFTP."), NULL },
+  { LOPT_FILTER_A, OPT_FILTER_A, NULL, gettext_noop("Filter all A requests."), NULL },
   { 0, 0, NULL, NULL, NULL }
 }; 
 
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 9b87541..422744a 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1987,6 +1987,17 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 	    }
 	}
 
+	/* filter A forwards */
+	if (qtype == T_A && option_bool(OPT_FILTER_A))
+	  {
+	    /* return a null reply */
+		ans = 1;
+		if (!dryrun)
+		  log_query(F_CONFIG | F_IPV6 | F_NEG, name, &addr, NULL);
+		break;
+	  }
+	/* end of filtering A */
+
       if (!ans)
 	return 0; /* failed to answer a question */
     }


More information about the Dnsmasq-discuss mailing list