[Dnsmasq-discuss] Bug while using address=//::, Configuration regressions

Petr Menšík pemensik at redhat.com
Thu Sep 30 11:19:47 UTC 2021


Okay, confirming this works on 2.86 release, but does not with 2.85 or
2.81. I am afraid it could be requested via bugs reported to
distribution only. It does not work with root domain /./ on previous
versions.

It seems --address=/./:: is now equivalent to --address=/#/::

What seems more important, the behaviour of --address changed significantly.

--address=/com/::

on 2.85 and lower sends :: for AAAA queries and NOERROR without response
on A queries. While I like current behaviour more, I think we should
revert to previous behaviour to keep systems behaving the same after
upgrades and allow new behaviour with modified configuration.

--address=/com/#/ now behaves like --address=/com/# behaved before, but
no backward compatible version for specified address exists. I think it
should be modified to previous mode by default. And a way to make new
behaviour possible also with given address.

--address=/#/ is accepted, but does nothing. Similar to --server=/

Also --local=/com/:: changed its behaviour. It now behaves like
--address=/com/::, not as --server=/com/:: as it should and used to in
2.85. Should we ensure address part is empty perhaps to prevent misusing
--local instead of --server?

On 9/30/21 06:09, E wrote:
>> Which dnsmasq version are you using?
> Latest on Debian 11.
>
> ii  dnsmasq                               2.85-1                        
> all          Small caching DNS proxy and DHCP/TFTP server
> ii  dnsmasq-base                          2.85-1                        
> amd64        Small caching DNS proxy and DHCP/TFTP server
>
>
>> src/dnsmasq -d --port 2053 --conf-file=/dev/null --log-queries
> --address=/./::
>> This seems to do what you wanted
> Is it? Nope. AAAA still not blocked at all!
>
> 1. edit dnsmasq.conf, add "address=/./::"
> 2. restart service
> 3.
> dig XXXX.com AAAA @127.0.0.1 --- still responds AAAA results
> dig XXXX.com A @127.0.0.1 --- works (returning A results)
>
>
> My question is simple,
> a. How can I block certain AAAA ranges?
> b. Or, How can I block all AAAA?
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB




More information about the Dnsmasq-discuss mailing list