[Dnsmasq-discuss] use-stale-cache may failed to refresh record from certain upstream
Justin
cattyhouse at gmail.com
Tue May 2 07:07:47 UTC 2023
sorry, the quote was wrong.
the stale cache issue is confirmed fixed with the patch.
i meant to quote this:
*I think I've found and fixed the problem, but I don't have a macOS machine
to test with, nor have a I configured a DOH proxy, so I'd appreciate it if
you could re-run your tests and see if it works with the patch in
place.https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=d774add784d01c8346b271e8fb5cbedc44d7ed08
<https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=d774add784d01c8346b271e8fb5cbedc44d7ed08>Thanks
for the very useful bug report.Cheers,Simon.*
On Tue, May 2, 2023 at 15:01 Justin <cattyhouse at gmail.com> wrote:
> Hello Simon
>
> *Reply your message *
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Thanks for the report. I've just pushed a code change which improves
> the checking of received packets to conform better with section
> 15.https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=7500157cff8ea28ab03e6e62e0d1575e4d01746b
> <https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=7500157cff8ea28ab03e6e62e0d1575e4d01746b>Out
> of interest, did this cause problems in a real installation, or were you
> running a test suite?Cheers,Simon.*
>
>
> *I've cloned the latest git repo and build it and tested, the issue is
> fixed. thank you.*
>
>
>
> *On Tue, May 2, 2023 at 13:23 Justin <cattyhouse at gmail.com
> <cattyhouse at gmail.com>> wrote:*
>
>> *it turns out, after sending stale cache to client (macOS), dnsmasq
>> tries to query upstream, but this time, it is sending malformed packet: *
>>
>> *Queries*
>>
>> *api.github.com <http://api.github.com>: type A, class IN*
>>
>> *Name: api.github.com <http://api.github.com>*
>>
>> *[Name Length: 14]*
>>
>> *[Label Count: 3]*
>>
>> *Type: A (Host Address) (1)*
>>
>> *Class: IN (0x0001)*
>>
>> *Additional records*
>>
>> *[Malformed Packet: DNS]*
>>
>> *[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]*
>>
>> *[Malformed Packet (Exception occurred)]*
>>
>> *[Severity level: Error]*
>>
>> *and all the rest of query are sent to upstream like that.*
>>
>> *notice: only reproducable if the client is macOS, and upstream is a
>> DoH/DoT proxy like adguard/dnsproxy *
>>
>>
>>
>> *On Mon, May 1, 2023 at 03:42 Justin <cattyhouse at gmail.com
>> <cattyhouse at gmail.com>> wrote:*
>>
>>>
>>> *Hello devs*
>>>
>>> *in order to use DOH/DOT, a proxy upstream is configured, when dnsmasq
>>> enables use-stale-cache, some upstream may return error when dnsmasq tries
>>> to refresh the record from upstream after stale cache is sent to client. *
>>>
>>> *i reported the issue here in dnsproxy project, as this is the DOH proxy
>>> i am currently using. however i've tried many other Go/Rust DOH proxy (
>>> namely doh-client, dns-over-https, dnss, cloudflared) , they all return
>>> error when dnsmasq tries to refresh the record.*
>>>
>>> *https://github.com/AdguardTeam/dnsproxy/issues/328*
>>> <https://github.com/AdguardTeam/dnsproxy/issues/328>
>>>
>>> *only reproducible : if the requesting client is macOS and the upstream
>>> is a DOH proxy, Linux does not have this issue. using a udp upstream like
>>> 1.1.1.1 does not have this issue either.*
>>>
>>> *hope you could take a look at the issue posted.*
>>>
>>
>> *-- *
>>
>>
>> *RegardsJustin He*
>>
> --
>
> Regards
> Justin He
>
--
Regards
Justin He
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20230502/ae9a00aa/attachment-0001.htm>
More information about the Dnsmasq-discuss
mailing list