[Dnsmasq-discuss] dnsmasq: /#/<ip> and error "config error is REFUSED (EDE: not ready)“

Yann ILAS yann.i.672 at gmail.com
Mon Sep 11 11:58:07 UTC 2023 

Hi !

I get an issue with version 2.89 of dnsmasq, on Debian 12. There seems to
be a regression. I did see the changelog
<https://thekelleys.org.uk/dnsmasq/CHANGELOG> for version 2.87, which
states that the /#/ bug has been fixed... but I don't see it with version
2.89 (the last version installed on Debian). The /#/ in the config file
seems still to be an issue.

With the dnsmasq version 2.89, the default nameserver is not configured
(which is not the case for the version 2.85)

Here are the tests I made ⤵️

>From both linux servers (debian 11 and 12), I use that config file :

listen-address=127.0.0.1

bind-interfaces

server=/#/8.8.8.8

server=/svc.cluster.local/10.96.0.10

cache-size=500



*From the Debian 11 VM*

*root at debian11*:*~*# dnsmasq --version

Dnsmasq version 2.85  Copyright (c) 2000-2021 Simon Kelley

Compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6
no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify
dumpfile


This software comes with ABSOLUTELY NO WARRANTY.

Dnsmasq is free software, and you are welcome to redistribute it

under the terms of the GNU General Public License, version 2 or 3.

*Request* :

*vagrant at debian11*:*~*$ dig @127.0.0.1 perdu.com


; <<>> DiG 9.16.37-Debian <<>> @127.0.0.1 perdu.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60505

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;perdu.com. IN A


;; ANSWER SECTION:

perdu.com. 300 IN A 104.21.5.178

perdu.com. 300 IN A 172.67.133.176


;; Query time: 20 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Thu Sep 07 15:12:10 UTC 2023

;; MSG SIZE  rcvd: 70


*From the server side* :

*root at debian11*:*~*# dnsmasq --no-daemon --log-queries --log-debug

dnsmasq: started, version 2.85 cachesize 500

dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP
DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect
inotify dumpfile

dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local

dnsmasq: using nameserver 8.8.8.8#53 for default

dnsmasq: reading /etc/resolv.conf

dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local

dnsmasq: using nameserver 8.8.8.8#53 for default

dnsmasq: using nameserver 4.2.2.1#53

dnsmasq: using nameserver 4.2.2.2#53

dnsmasq: using nameserver 208.67.220.220#53

dnsmasq: read /etc/hosts - 6 addresses





dnsmasq: query[A] perdu.com from 127.0.0.1

dnsmasq: forwarded perdu.com to 8.8.8.8

dnsmasq: reply perdu.com is 104.21.5.178

dnsmasq: reply perdu.com is 172.67.133.176






*From the Debian 12 VM*

root at bookworm:~# dnsmasq --version

Dnsmasq version 2.89  Copyright (c) 2000-2022 Simon Kelley

Compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6
no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC loop-detect
inotify dumpfile


This software comes with ABSOLUTELY NO WARRANTY.

Dnsmasq is free software, and you are welcome to redistribute it

under the terms of the GNU General Public License, version 2 or 3.

*Request* :

root at bookworm:~# dig @127.0.0.1 perdu.com


; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> @127.0.0.1 perdu.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 24503

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

; EDE: 14 (Not Ready)

;; QUESTION SECTION:

;perdu.com. IN A


;; Query time: 4 msec

;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)

;; WHEN: Thu Sep 07 15:01:42 UTC 2023

;; MSG SIZE  rcvd: 44

*From the server side* :

root at bookworm:~# dnsmasq --no-daemon --log-queries --log-debug

dnsmasq: started, version 2.89 cachesize 500

dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP
DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
loop-detect inotify dumpfile

dnsmasq: using nameserver 8.8.8.8#53 for domain #

dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local

dnsmasq: reading /etc/resolv.conf

dnsmasq: using nameserver 8.8.8.8#53 for domain #

dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local

dnsmasq: ignoring nameserver 127.0.0.1 - local interface

dnsmasq: read /etc/hosts - 7 names


dnsmasq: query[A] perdu.com from 127.0.0.1

dnsmasq: config error is REFUSED (EDE: not ready)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20230911/b81dcffe/attachment-0001.htm>

More information about the Dnsmasq-discuss mailing list