[Dnsmasq-discuss] Infinite loop in dnsmasq v2.86?
Simon Kelley
simon at thekelleys.org.uk
Fri Jan 21 12:15:52 UTC 2022
On 19/01/2022 03:45, John Byrne via Dnsmasq-discuss wrote:
>> On Jan 17, 2022, at 3:45 PM, Simon Kelley <simon at thekelleys.org.uk> wrote:
>>
>> On 17/01/2022 23:27, Simon Kelley wrote:
>>
>>>
>>> The fixed code detects the inifinite loop and gives up, which is good.
>>> It should return the SERVFAIL error code, but it doesn't which is not
>>> right. I'll check with that. A SERVFAIL error code should cause the
>>> client to retry, and as this is an intermittent error upstream, it will
>>> likely succeed on the next retry.
>>>
>>
>> Lack of the SERVFAIL answer is because you have --dnssec-debug set, and
>> not a bug.
>>
>>
>> I think we've nailed this one!
>>
>>
>> Cheers,
>>
>> Simon.
>>
>
> Sorry Simon, I cannot confirm this. I took dnssec-debug out and re-ran my test script and I still ended up with ABANDONED instead of SERVFAIL.
>
I wasn't clear. Ending up in ABANDONED is correct. What I was worrying
about is that despite DNSSEC validation failing, the answer was still
returned to the client. Once dnssec-debug is removed, the ABANDONED
state will result in a SERVFAIL reply to the client. (ABANDONED in a
dnsmasq-internal concept, SERVFAIL is a error defined in the DNS spec.)
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list