[Dnsmasq-discuss] Bug while using address=//::

Treysis treysis at gmx.net
Sun Oct 10 15:32:28 UTC 2021


I'm sorry, but what you are doing IS VERY WRONG!

1. Why was this needed?

2. Only because the server doesn't have IPv6 connectivity, doesn't mean
the client can't have IPv6 connectivity.

3. Only because your network might not have IPv6, doesn't mean you
should alter DNS requests without good reason. Why shouldn't a client be
allowed to JUST QUERY the local dns server for all records? Even if I am
on IPv4-only I might be interested in all configured addresses for a
domain! Simple case: troubleshooting. Someone has problems and I wanna
see if a server has AAAA records which might cause problems for that
someone...with filter-AAAA enabled I can't!!!

It should be left to the OS to decide whether to query for only A, or
AAAA, or both. I just proposed the "filter-A" patch because many systems
behave differently regarding IPv4-only vs. IPv6-only, i.e. they will
query for A records regardless if the system has IPv4 connectivity or
not. On the other hand, I haven't seen querying for AAAA on IPv4-only
networks.

This is why I ultimately also suggest to remove the "filter-AAAA"
option. It does more harm than good. Having this option lets one assume
it's a normal option that should just be used on IPv4-single stack
networks. But NO. IT SHOULD NOT. I only introduced "filter-A" for VERY
SPECIFIC CASES. One should really know how DNS works and what this
option does. Don't use it just 'because it is there'.

Cheers,

T

On 10/8/2021 3:56, E wrote:
> Well well... I never thought you actually cared. This is just what I
> needed! Thanks a lot!!
>
> I couldn't wait for deb packaging so I tried it myself.
>
>
>
> 1. Install it over default dnsmasq
> mkdir tmp1
> cd tmp1
> git clone http://thekelleys.org.uk/git/dnsmasq.git
> make
> make install
> cd ~
> rm -r tmp1/
>
> 2. Add 1 line to dnsmasq.conf
> filter-AAAA
>
> 3. service dnsmasq restart
>
> "
> Job for dnsmasq.service failed because the control process exited with
> error code.
> See "systemctl status dnsmasq.service" and "journalctl -xe" for details.
> "
>
> "
> bad option at line 24 of /etc/dnsmasq.conf
> FAILED to start up
> dnsmasq.service: Failed with result 'exit-code'.
> "
>
>
> # dnsmasq --version
> Dnsmasq version 2.87test4-1-g37a70d3  Copyright (c) 2000-2021 Simon
> Kelley
> Compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN
> DHCP DHCPv6 no-Lua TFTP no-conntrack ipset no-nftset auth no-cryptohash
> no-DNSSEC loop-detect inotify dumpfile
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss



More information about the Dnsmasq-discuss mailing list