[Dnsmasq-discuss] dnsmasq: /#/<ip> and error "config error is REFUSED (EDE: not ready)“

Yann ILAS yann.i.672 at gmail.com
Tue Sep 12 20:15:03 UTC 2023 

Hello,

I just tried with older versions of dnsmasq. Here is the procedure I'm
using for the test :
- git clone of the project
- for each version, I started the daemon like that : "./src/dnsmasq
--no-daemon --log-queries --log-debug" then I try to resolve a name.

The config file I'm using :

listen-address=127.0.0.1
bind-interfaces
server=/#/8.8.8.8
server=/svc.cluster.local/10.96.0.10
cache-size=500

That config works fine for the version 2.85 but not the 2.86 and later.

Another precision : here is the content of /etc/resolv.conf
nameserver 127.0.0.1

With the version 2.85, the address 127.0.0.1 found in /etc/resolv.conf is
ignored :

dnsmasq: started, version 2.85 cachesize 500
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n
no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-cryptohash
no-DNSSEC loop-detect inotify dumpfile
dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
dnsmasq: using nameserver 8.8.8.8#53 for default
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
dnsmasq: using nameserver 8.8.8.8#53 for default
dnsmasq: ignoring nameserver 127.0.0.1 - local interface
dnsmasq: read /etc/hosts - 5 addresses
dnsmasq: query[A] perdu.com from 127.0.0.1
dnsmasq: forwarded perdu.com to 8.8.8.8
dnsmasq: reply perdu.com is 104.21.5.178
dnsmasq: reply perdu.com is 172.67.133.176

but the /#/8.8.8.8 is taken into consideration, as seen in line "dnsmasq:
using nameserver 8.8.8.8#53 for default".


However, the version 2.86 ignore the nameserver 127.0.0.1 but tries despite
everything to forward the request to 127.0.0.1 (the same 127.0.0.1 as found
in /etc/resolv.conf, AFAIS) :

dnsmasq: started, version 2.86 cachesize 500
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n
no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-cryptohash
no-DNSSEC loop-detect inotify dumpfile
dnsmasq: using nameserver 8.8.8.8#53 for domain #
dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 8.8.8.8#53 for domain #
dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
dnsmasq: ignoring nameserver 127.0.0.1 - local interface
dnsmasq: read /etc/hosts - 5 addresses
dnsmasq: query[A] perdu.com from 127.0.0.1
dnsmasq: config error is REFUSED (EDE: not ready)



Le mar. 12 sept. 2023 à 21:15, Yann ILAS <yann.i.672 at gmail.com> a écrit :

> Hi,
>
> From the client :
> root at bookworm:~# dig @127.0.0.1 perdu.com A +short
> 172.67.133.176
> 104.21.5.178
>
> Log from the daemon :
> root at bookworm:~# dnsmasq --no-daemon --log-queries --log-debug
> dnsmasq: started, version 2.89 cachesize 500
> dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP
> DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
> loop-detect inotify dumpfile
> dnsmasq: using nameserver 9.9.9.9#53
> dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> dnsmasq: reading /etc/resolv.conf
> dnsmasq: using nameserver 9.9.9.9#53
> dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> dnsmasq: ignoring nameserver 127.0.0.1 - local interface
> dnsmasq: read /etc/hosts - 7 names
> dnsmasq: query[A] perdu.com from 127.0.0.1
> dnsmasq: forwarded perdu.com to 9.9.9.9
> dnsmasq: reply perdu.com is 172.67.133.176
> dnsmasq: reply perdu.com is 104.21.5.178
>
>
>
> Le mar. 12 sept. 2023 à 18:56, Geert Stappers <stappers at stappers.nl> a
> écrit :
>
>> On Mon, Sep 11, 2023 at 01:58:07PM +0200, Yann ILAS wrote:
>> > Hi !
>>
>> Hello,
>>
>>
>> > I get an issue with version 2.89 of dnsmasq, on Debian 12. There seems
>> to
>> > be a regression. I did see the changelog
>> > <https://thekelleys.org.uk/dnsmasq/CHANGELOG> for version 2.87, which
>> > states that the /#/ bug has been fixed... but I don't see it with
>> version
>> > 2.89 (the last version installed on Debian). The /#/ in the config file
>> > seems still to be an issue.
>> >
>> > listen-address=127.0.0.1
>> > bind-interfaces
>> > server=/#/8.8.8.8
>> > server=/svc.cluster.local/10.96.0.10
>> > cache-size=500
>> >
>>
>> And with
>>
>>  listen-address=127.0.0.1
>>  bind-interfaces
>>  server=9.9.9.9
>>  server=/svc.cluster.local/10.96.0.10
>>  cache-size=500
>>
>> ?   (Yes, that are two changes!)
>>
>>
>> Groeten
>> Geert Stappers
>> --
>> Silence is hard to parse
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20230912/73ac30f1/attachment.htm>

More information about the Dnsmasq-discuss mailing list