[Dnsmasq-discuss] use-stale-cache may failed to refresh record from certain upstream
Justin
cattyhouse at gmail.com
Tue May 2 05:23:10 UTC 2023
it turns out, after sending stale cache to client (macOS), dnsmasq tries
to query upstream, but this time, it is sending malformed packet:
Queries
api.github.com: type A, class IN
Name: api.github.com
[Name Length: 14]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
[Malformed Packet: DNS]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Malformed Packet (Exception occurred)]
[Severity level: Error]
and all the rest of query are sent to upstream like that.
notice: only reproducable if the client is macOS, and upstream is a DoH/DoT
proxy like adguard/dnsproxy
On Mon, May 1, 2023 at 03:42 Justin <cattyhouse at gmail.com> wrote:
> Hello devs
>
> in order to use DOH/DOT, a proxy upstream is configured, when dnsmasq
> enables use-stale-cache, some upstream may return error when dnsmasq tries
> to refresh the record from upstream after stale cache is sent to client.
>
> i reported the issue here in dnsproxy project, as this is the DOH proxy i
> am currently using. however i've tried many other Go/Rust DOH proxy (
> namely doh-client, dns-over-https, dnss, cloudflared) , they all return
> error when dnsmasq tries to refresh the record.
>
> https://github.com/AdguardTeam/dnsproxy/issues/328
>
> only reproducible : if the requesting client is macOS and the upstream is
> a DOH proxy, Linux does not have this issue. using a udp upstream like
> 1.1.1.1 does not have this issue either.
>
> hope you could take a look at the issue posted.
>
--
Regards
Justin He
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20230502/2a34802a/attachment-0001.htm>
More information about the Dnsmasq-discuss
mailing list