[Dnsmasq-discuss] Uppercase queries are forwarded differently depending on the protocol (tcp vs udp)
Simon Kelley
simon at thekelleys.org.uk
Thu Sep 15 08:42:20 UTC 2022
On 14/09/2022 22:32, Dmitry Pasiukevich via Dnsmasq-discuss wrote:
> Hi,
>
> TLDR: DNS request to dnsmasq with upper-case domain is handled
> differently if request is sent over TCP vs UDP
>
> I run a server to forward "cluster.local" queries to another process:
> /usr/sbin/dnsmasq-k--cache-size=1000--no-negcache--dns-forward-max=1500--log-facility=---server=/cluster.local/127.0.0.1#10053--log-queries=extra--log-debug
> <http://127.0.0.1/#10053--log-queries=extra--log-debug>
>
> dnsmasq 2.86 with IP 10.64.0.7
>
> 1. When I run:
> dig +tcp kubernetes.default.svc.cluster.LOCAL @10.64.0.7 <http://10.64.0.7/>
>
> I get NOERROR but no data in the response. dnsmasq logs:
> I0913 06:15:04.790606 1 nanny.go:146] dnsmasq[86]: 44065
> 10.64.1.4/33015 <http://10.64.1.4/33015> query[A]
> kubernetes.default.svc.CLUSTER.LOCAL from 10.64.1.4
> I0913 06:15:04.851065 1 nanny.go:146] dnsmasq[86]: 44065
> 10.64.1.4/33015 <http://10.64.1.4/33015> forwarded
> kubernetes.default.svc.CLUSTER.LOCAL to 169.254.169.254
>
> As you can see dnsmasq doesn't modify the domain. Because it's a
> "CLUSTER.LOCAL" and not a "cluster.local" it's forwarded to the server
> 169.254.169.254 set in the /etc/resolv.conf. And not the
> --server=/cluster.local/127.0.0.1#10053 <http://127.0.0.1/#10053>
>
> 2. When I run exactly the same query but over UDP not TCP:
> dig kubernetes.default.svc.CLUSTER.LOCAL @10.64.0.7 <http://10.64.0.7/>
>
> I get NOERROR and correct response:
> kubernetes.default.svc.CLUSTER.LOCAL. 30 IN A 10.68.0.1
>
> dnsmasq logs in this case:
> I0913 06:19:20.820425 1 nanny.go:146] dnsmasq[11]: 44471
> 10.64.1.4/49622 <http://10.64.1.4/49622> query[A]
> kubernetes.default.svc.CLUSTER.LOCAL from 10.64.1.4
> I0913 06:19:20.820866 1 nanny.go:146] dnsmasq[11]: 44471
> 10.64.1.4/49622 <http://10.64.1.4/49622> forwarded
> kubernetes.default.svc.cluster.local to 127.0.0.1
>
> In this case the domain in the query is changed to the lower-case and it
> matches "cluster.local" and forwards to 127.0.0.1 as expected.
>
> 3. When I run exactly the same query over TCP but fully lower-case it
> works as well.
>
> Is this a bug or intended behaviour or maybe I misunderstood the logs?
> Thanks!
>
Definitely not intended behaviour.
Also not immediately reproducible in the current development code,
though I don't recall fixing anything that might cause this. Would it be
easy for you to repeat the tests using the git HEAD branch for a quick
win? If that fails for you I'll try harder to reproduce the problem.
Cheers,
Simon.
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list