[Dnsmasq-discuss] [BUG] dynamic-host - Mixing IPv4-only/IPv6-only/IPv4+IPv6 entries breaks reverse DNS

Simon Kelley simon at thekelleys.org.uk
Mon Aug 1 17:08:49 UTC 2022 

I think this is fixed in the development code:

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=f4c87b504b444efb05892b8c7fc295e886f70789

Simon.


On 26/07/2022 16:09, ryt 51V wrote:
> Hi,
> 
> I am running into a bug in the following circumstances.
> 
> When the config has a mix of the below (e.g. pick any 2 of 3, or pick 
> all 3):
> 
>  1. dynamic-host entries with only IPv4 address fragments specified.
>  2. dynamic-host entries with only IPv6 address fragments specified.
>  3. dynamic-host entries with both IPv4 and IPv6 address fragments
>     specified.
> 
> Then the following occurs when querying DNS for PTR records:
> 
>   * For IPv6 PTR records from dynamic-host, only IPv6 addresses whose
>     dynamic-host entries are before the first IPv4-only dynamic-host
>     entry can be resolved to name.  All IPv6 addresses whose entry is
>     after the first IPv4-only entry cannot be resolved to name.
>   * For IPv4 PTR records from dynamic-host, only IPv4 addresses
>     whose dynamic-host entries are before the first
>     IPv6-only dynamic-host entry can be resolved to name.  All IPv4
>     addresses whose entry is after the first IPv6-only entry cannot be
>     resolved to name.
> 
> The man page entry for dynamic-host shows both [IPv4-address] and 
> [IPv6-address] in square brackets [], suggesting that it's perfectly 
> acceptable to specify entries with only IPv4, only IPv6, or both 
> IPv4+IPv6.  I haven't seen anything suggesting that they should not be 
> mixed and matched.
> 
> This seems vaguely similar to the issue fixed by commit 
> f4c87b504b444efb05892b8c7fc295e886f70789 
> <https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=f4c87b504b444efb05892b8c7fc295e886f70789> back 
> in February (I was originally testing with dnsmasq 2.85 before this fix 
> and ran into this issue myself).  However I have confirmed this issue 
> using dnsmasq from the Git repo as of 2022-07-22 (on both Raspberry Pi 
> OS bullseye and Debian Sid) - well after this commit.
> 
> For context, the reason that I personally am running into this scenario 
> is because I am using dnsmasq for DHCPv6 and DNS.  So I have:
> 
>     (a) Some devices where I add a dhcp-host entry for IPv6 + a
>     dynamic-host entry for only IPv4.
>     (I would be using host-record instead of dynamic-host as my IPv4
>     prefix is fixed, but I'm currently using dynamic-host as a
>     workaround to another issue identified on this mailing list: With
>     auth-zone enabled, DNS response only provides DHCPv6 IP and ignores
>     IPv4 address/host-record entries
>     <https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg16336.html>)
>     (b) Other devices where I add a single dynamic-host entry for both
>     IPv4 and IPv6.
> 
> 
> The first (a) entry breaks reverse lookup for all IPv6 addresses in (b) 
> entries.
> 
> PTR records added by other means work fine - for example from ptr-record 
> or dhcp-host.  Therefore manually adding ptr-records is a workaround 
> (although very tedious for IPv6!)
> 
> 
> More detail and steps to reproduce:
> 
> (0) Consider the configuration below, with a mix of IPv4-only and 
> IPv4+IPv6 entries:
> 
>     no-resolv
>     dynamic-host=Computer1.example.org <http://Computer1.example.org>,
>     0.0.0.1, ::1, eth0
>     dynamic-host=Computer2.example.org <http://Computer2.example.org>,
>     0.0.0.2, eth0
>     dynamic-host=Computer3.example.org <http://Computer3.example.org>,
>     0.0.0.3, ::3, eth0
>     dynamic-host=Computer4.example.org <http://Computer4.example.org>,
>     0.0.0.4, eth0
>     dynamic-host=Computer5.example.org <http://Computer5.example.org>,
>     0.0.0.5, ::5, eth0
> 
> 
> Assume the local network is 10.0.0.0/24 <http://10.0.0.0/24> and 
> fd50::/64, and eth0 is configured with IPs in these ranges.
> 
> (1) Looking up A records for all 5 names will return results for all 5 
> computers - as expected
> 
>     $ dig @10.0.0.1 <http://10.0.0.1> +short A Computer1.example.org
>     <http://Computer1.example.org> Computer2.example.org
>     <http://Computer2.example.org> Computer3.example.org
>     <http://Computer3.example.org> Computer4.example.org
>     <http://Computer4.example.org> Computer5.example.org
>     <http://Computer5.example.org>
>     10.0.0.1
>     10.0.0.2
>     10.0.0.3
>     10.0.0.4
>     10.0.0.5
> 
> 
> (2) Looking up AAAA records for all 5 names will return results for 
> Computer1, Computer3, and Computer5 - as expected
> 
>     dig @10.0.0.1 <http://10.0.0.1> +short AAAA Computer1.example.org
>     <http://Computer1.example.org> Computer2.example.org
>     <http://Computer2.example.org> Computer3.example.org
>     <http://Computer3.example.org> Computer4.example.org
>     <http://Computer4.example.org> Computer5.example.org
>     <http://Computer5.example.org>
>     fd50::1
>     fd50::3
>     fd50::5
> 
> 
> (3) Looking up PTR records for all 5 IPv4 addresses will return names 
> for all 5 computers - as expected
> 
>     $ dig @10.0.0.1 <http://10.0.0.1> +short -x 10.0.0.1 -x 10.0.0.2 -x
>     10.0.0.3 -x 10.0.0.4 -x 10.0.0.5
>     Computer1.example.org <http://Computer1.example.org>.
>     Computer2.example.org <http://Computer2.example.org>.
>     Computer3.example.org <http://Computer3.example.org>.
>     Computer4.example.org <http://Computer4.example.org>.
>     Computer5.example.org <http://Computer5.example.org>.
> 
> 
> (4) However, looking up PTR records for all 3 IPv6 addresses will 
> *only* return the name for Computer1.  This is not expected - all three 
> names should be returned.
> 
>     $ dig @10.0.0.1 <http://10.0.0.1> +short -x fd50::1 -x fd50::3 -xfd50::5
>     Computer1.example.org <http://Computer1.example.org>.
> 
> 
> What is happening is the existence and position of the entry for 
> Computer2 is breaking reverse DNS lookup for Computer3/Computer5.
> 
> The behaviour is entirely affected by the order of the dynamic-host 
> entries in the file.  For example, if you reverse the order of the 
> dynamic-host entries in the config in (0), then only the name for 
> Computer 5 is returned.
> 
>     $ dig @10.0.0.1 <http://10.0.0.1> +short -x fd50::1 -x fd50::3 -x
>     fd50::5
>     Computer5.example.org <http://Computer5.example.org>.
> 
> 
> If you change the order so all IPv4+IPv6 entries are first (i.e. 
> Computer1 > Computer3 > Computer5 > Computer2 > Computer4), then all 
> IPv6 addresses can resolve to names:
> 
>     $ dig @10.0.0.1 <http://10.0.0.1> +short -x fd50::1 -x fd50::3 -x
>     fd50::5
>     Computer1.example.org <http://Computer1.example.org>.
>     Computer3.example.org <http://Computer3.example.org>.
>     Computer5.example.org <http://Computer5.example.org>.
> 
> 
> If you change the order so all IPv4-only entries are first (i.e. 
> Computer 2 > Computer 4 > Computer 1 > Computer 3 > Computer 5), then no 
> IPv6 addresses can resolve to names at all.
> 
>     $ dig @10.0.0.1 <http://10.0.0.1> +short -x fd50::1 -x fd50::3 -x
>     fd50::5
> 
> 
> (5) For the reverse of (0)-(4) - a mix of IPv6-only and IPv4+IPv6 
> entries - the reverse problem occurs:
> 
> Config:
> 
>     no-resolv
>     dynamic-host=Computer1.example.org <http://Computer1.example.org>,
>     0.0.0.1, ::1, eth0
>     dynamic-host=Computer2.example.org <http://Computer2.example.org>,
>     ::2, eth0
>     dynamic-host=Computer3.example.org <http://Computer3.example.org>,
>     0.0.0.3, ::3, eth0
>     dynamic-host=Computer4.example.org <http://Computer4.example.org>,
>     ::4, eth0
>     dynamic-host=Computer5.example.org <http://Computer5.example.org>,
>     0.0.0.5, ::5, eth0
> 
> 
> IPv4 PTR records broken (only returns those before Computer2)
> 
>     $ dig @10.0.0.1 <http://10.0.0.1> +short -x 10.0.0.1 -x 10.0.0.3 -x
>     10.0.0.5
>     Computer1.example.org <http://Computer1.example.org>.
> 
> 
> (7) For a mix of IPv4-only and IPv6-only entries, the same problem 
> occurs for both:
> 
> Config:
> 
>     no-resolv
>     dynamic-host=Computer1.example.org <http://Computer1.example.org>,
>     ::1, eth0
>     dynamic-host=Computer2.example.org <http://Computer2.example.org>,
>     0.0.0.2, eth0
>     dynamic-host=Computer3.example.org <http://Computer3.example.org>,
>     ::3, eth0
>     dynamic-host=Computer4.example.org <http://Computer4.example.org>,
>     0.0.0.4, eth0
>     dynamic-host=Computer5.example.org <http://Computer5.example.org>,
>     ::5, eth0
> 
> 
> IPv4 PTR records broken (only returns those before Computer1 - i.e. none)
> 
>     $ dig @10.0.0.1 <http://10.0.0.1> +short -x 10.0.0.2 -x 10.0.0.4
> 
> 
> IPv6 PTR records broken (only returns those before Computer2)
> 
>     $ dig @10.0.0.1 <http://10.0.0.1> +short -x fd50::1 -x fd50::3 -x
>     fd50::5
>     Computer1.example.org <http://Computer1.example.org>.
> 
> 
> 
> Hope this is all clear!
> 
> Kind regards,
> ryt51v
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list