[Dnsmasq-discuss] Uppercase queries are forwarded differently depending on the protocol (tcp vs udp)
Simon Kelley
simon at thekelleys.org.uk
Fri Sep 16 12:31:57 UTC 2022
Thanks for checking on this.
2.87 is in release candidate state now, and there are no show-stoppers
that I'm aware of (this issue was that last one) Unless anything else
comes up, I expect to release next week, probably 21st or 22nd.
Simon.
On 16/09/2022 10:06, Dmitry Pasiukevich wrote:
> Could you also share an approximate date when 2.87 is planned to be
> released?
>
> On Fri, Sep 16, 2022 at 10:52 AM Dmitry Pasiukevich
> <dpasiukevich at google.com <mailto:dpasiukevich at google.com>> wrote:
>
> Hi,
>
> Good news is that on git HEAD there's no such bug! 🎉
>
> But it's reproducible on dnsmasq 2.86
> https://thekelleys.org.uk/dnsmasq/dnsmasq-2.86.tar.gz
> <https://thekelleys.org.uk/dnsmasq/dnsmasq-2.86.tar.gz>
> Maybe it would be useful if you'd like to trace the cause/fix.
>
> /usr/local/sbin/dnsmasq -k --log-facility=- --server=/com/8.8.8.8
> <http://8.8.8.8> --log-queries=extra --log-debug --port=10054
> --cache-size=0
>
> 1. dig +short -p 10054 example.com <http://example.com>
> dnsmasq[1479386]: 1 127.0.0.1/54512 <http://127.0.0.1/54512>
> query[A] example.com <http://example.com> from 127.0.0.1
> dnsmasq[1479386]: 1 127.0.0.1/54512 <http://127.0.0.1/54512>
> forwarded example.com <http://example.com> to 8.8.8.8
>
> 2. dig +short +tcp -p 10054 example.com <http://example.com>
> dnsmasq[1482914]: 3 127.0.0.1/35851 <http://127.0.0.1/35851>
> query[A] example.com <http://example.com> from 127.0.0.1
> dnsmasq[1482914]: 3 127.0.0.1/35851 <http://127.0.0.1/35851>
> forwarded example.com <http://example.com> to 8.8.8.8
>
> 3. dig +short +tcp -p 10054 example.COM
> dnsmasq[1484740]: 103 127.0.0.1/35249 <http://127.0.0.1/35249>
> query[A] example.COM from 127.0.0.1
> dnsmasq[1484740]: 103 127.0.0.1/35249 <http://127.0.0.1/35249>
> forwarded example.COM to 127.0.0.1
>
> On Thu, Sep 15, 2022 at 10:59 AM Simon Kelley
> <simon at thekelleys.org.uk <mailto:simon at thekelleys.org.uk>> wrote:
>
>
>
> On 14/09/2022 22:32, Dmitry Pasiukevich via Dnsmasq-discuss wrote:
> > Hi,
> >
> > TLDR: DNS request to dnsmasq with upper-case domain is handled
> > differently if request is sent over TCP vs UDP
> >
> > I run a server to forward "cluster.local" queries to another
> process:
> >
> /usr/sbin/dnsmasq-k--cache-size=1000--no-negcache--dns-forward-max=1500--log-facility=---server=/cluster.local/127.0.0.1#10053--log-queries=extra--log-debug
> <http://127.0.0.1#10053--log-queries=extra--log-debug>
> > <http://127.0.0.1/#10053--log-queries=extra--log-debug
> <http://127.0.0.1/#10053--log-queries=extra--log-debug>>
> >
> > dnsmasq 2.86 with IP 10.64.0.7
> >
> > 1. When I run:
> > dig +tcp kubernetes.default.svc.cluster.LOCAL @10.64.0.7
> <http://10.64.0.7> <http://10.64.0.7/ <http://10.64.0.7/>>
> >
> > I get NOERROR but no data in the response. dnsmasq logs:
> > I0913 06:15:04.790606 1 nanny.go:146] dnsmasq[86]: 44065
> > 10.64.1.4/33015 <http://10.64.1.4/33015>
> <http://10.64.1.4/33015 <http://10.64.1.4/33015>> query[A]
> > kubernetes.default.svc.CLUSTER.LOCAL from 10.64.1.4
> > I0913 06:15:04.851065 1 nanny.go:146] dnsmasq[86]: 44065
> > 10.64.1.4/33015 <http://10.64.1.4/33015>
> <http://10.64.1.4/33015 <http://10.64.1.4/33015>> forwarded
> > kubernetes.default.svc.CLUSTER.LOCAL to 169.254.169.254
> >
> > As you can see dnsmasq doesn't modify the domain. Because it's a
> > "CLUSTER.LOCAL" and not a "cluster.local" it's forwarded to
> the server
> > 169.254.169.254 set in the /etc/resolv.conf. And not the
> > --server=/cluster.local/127.0.0.1#10053
> <http://127.0.0.1#10053> <http://127.0.0.1/#10053
> <http://127.0.0.1/#10053>>
> >
> > 2. When I run exactly the same query but over UDP not TCP:
> > dig kubernetes.default.svc.CLUSTER.LOCAL @10.64.0.7
> <http://10.64.0.7> <http://10.64.0.7/ <http://10.64.0.7/>>
> >
> > I get NOERROR and correct response:
> > kubernetes.default.svc.CLUSTER.LOCAL. 30 IN A 10.68.0.1
> >
> > dnsmasq logs in this case:
> > I0913 06:19:20.820425 1 nanny.go:146] dnsmasq[11]: 44471
> > 10.64.1.4/49622 <http://10.64.1.4/49622>
> <http://10.64.1.4/49622 <http://10.64.1.4/49622>> query[A]
> > kubernetes.default.svc.CLUSTER.LOCAL from 10.64.1.4
> > I0913 06:19:20.820866 1 nanny.go:146] dnsmasq[11]: 44471
> > 10.64.1.4/49622 <http://10.64.1.4/49622>
> <http://10.64.1.4/49622 <http://10.64.1.4/49622>> forwarded
> > kubernetes.default.svc.cluster.local to 127.0.0.1
> >
> > In this case the domain in the query is changed to the
> lower-case and it
> > matches "cluster.local" and forwards to 127.0.0.1 as expected.
> >
> > 3. When I run exactly the same query over TCP but fully
> lower-case it
> > works as well.
> >
> > Is this a bug or intended behaviour or maybe I misunderstood
> the logs?
> > Thanks!
> >
>
> Definitely not intended behaviour.
>
> Also not immediately reproducible in the current development code,
> though I don't recall fixing anything that might cause this.
> Would it be
> easy for you to repeat the tests using the git HEAD branch for a
> quick
> win? If that fails for you I'll try harder to reproduce the problem.
>
>
> Cheers,
>
> Simon.
>
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> <mailto:Dnsmasq-discuss at lists.thekelleys.org.uk>
> >
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> <https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> <mailto:Dnsmasq-discuss at lists.thekelleys.org.uk>
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> <https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss>
>
>
>
> --
> Dmitry Pasiukevich
> Software Engineer
>
>
>
> --
> Dmitry Pasiukevich
> Software Engineer
More information about the Dnsmasq-discuss
mailing list