[Dnsmasq-discuss] Infinite loop in dnsmasq v2.86?
Byrne, John
jbyrne at alumni.caltech.edu
Mon Jan 17 22:30:58 UTC 2022
After much messing about, I finally realized I'd gotten to the point where I could write a simple script to attempt to generate the problem and did so. I'be now reproduced the problem on x86 Linux with v2.86 tag in the git repo, which made things much easier.
The attached tar ball contains the script, my config file, my Makefile. The directories success and failure contain a capture of a v2.86 failure and success. The DNSSEC reply causing the failure is interesting.
failure: 19 0.098203 8.8.4.4 0.0.0.0 DNS 319 Standard query response 0x2b96 DS admanmedia.com<http://admanmedia.com> CNAME admanmedia.com.edgekey.net<http://admanmedia.com.edgekey.net> RRSIG CNAME e11261.dscd.akamaiedge.net<http://e11261.dscd.akamaiedge.net> SOA n0dscd.akamaiedge.net<http://n0dscd.akamaiedge.net> OPT
success: 19 7.418939 8.8.4.4 0.0.0.0 DNS 888 Standard query response 0xff70 DS admanmedia.com<http://admanmedia.com> NSEC3 RRSIG SOA a.gtld-servers.net<http://a.gtld-servers.net> RRSIG NSEC3 RRSIG OPT
The directory new contains a capture of sequence that caused the failure against 2.87test5-16-g27ce754 and dnsmasq abandoned the validation and did not loop. Certainly better than what it used to do, but is it correct?
Jan 17 13:53:17 dnsmasq[143548]: dumping UDP packet 15 mask 0x0001
Jan 17 13:53:17 dnsmasq[143548]: query[A] cs.admanmedia.com<http://cs.admanmedia.com> from 127.0.0.1
Jan 17 13:53:17 dnsmasq[143548]: dumping UDP packet 16 mask 0x0004
Jan 17 13:53:17 dnsmasq[143548]: forwarded cs.admanmedia.com<http://cs.admanmedia.com> to 8.8.4.4
Jan 17 13:53:17 dnsmasq[143548]: dumping UDP packet 17 mask 0x0008
Jan 17 13:53:17 dnsmasq[143548]: dumping UDP packet 18 mask 0x0010
Jan 17 13:53:17 dnsmasq[143548]: dnssec-query[DS] admanmedia.com<http://admanmedia.com> to 8.8.4.4
Jan 17 13:53:17 dnsmasq[143548]: dumping UDP packet 19 mask 0x0020
Jan 17 13:53:17 dnsmasq[143548]: detected DNSSEC dependency loop involving admanmedia.com<http://admanmedia.com>
Jan 17 13:53:17 dnsmasq[143548]: validation cs.admanmedia.com<http://cs.admanmedia.com> is ABANDONED
Jan 17 13:53:17 dnsmasq[143548]: reply cs.admanmedia.com<http://cs.admanmedia.com> is 88.214.206.247
Jan 17 13:53:17 dnsmasq[143548]: dumping UDP packet 20 mask 0x0002
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20220117/8ab8fa43/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: loop.tgz
Type: application/octet-stream
Size: 11214 bytes
Desc: loop.tgz
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20220117/8ab8fa43/attachment-0001.obj>
More information about the Dnsmasq-discuss
mailing list