[Dnsmasq-discuss] dnsmasq: /#/<ip> and error "config error is REFUSED (EDE: not ready)“
Petr Menšík
pemensik at redhat.com
Tue Nov 28 12:29:59 UTC 2023
It seems to me the second example does not have specified any normal
servers. Or better, you expect /#/ has special meaning, but I have found
only server=/example/# to have documented special meaning. New version
do not recognize /#/ a special value anymore. I think that has changed
with 2.86 release.
Only --address=/#/ special handling were documented, at least in RHEL9
2.85 version. I think Simon considered its usage in --server as an
implementation error and that why it is not working anymore. Or better,
it has no special meaning anymore.
Few comments below.
On 9/26/23 10:28, Yann ILAS wrote:
> Ok
>
> With that config file :
>
> > listen-address=127.0.0.1
> > bind-interfaces
> > server=8.8.8.8
> > server=/svc.cluster.local/10.96.0.10 <http://10.96.0.10>
> > cache-size=500
>
> # dig @127.0.0.1 <http://127.0.0.1> perdu.com <http://perdu.com> A +short
> 172.67.133.176
> 104.21.5.178
>
> Output from the dnsmasq server :
>
> | # dnsmasq --no-daemon --log-queries --log-debug
> | dnsmasq: started, version 2.89 cachesize 500
> | dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n
> IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash
> DNSSEC loop-detect inotify dumpfile
> | dnsmasq: using nameserver 8.8.8.8#53
> | dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> | dnsmasq: reading /etc/resolv.conf
> | dnsmasq: using nameserver 8.8.8.8#53
> | dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> | dnsmasq: ignoring nameserver 127.0.0.1 - local interface
> | dnsmasq: read /etc/hosts - 7 names
> |
> | dnsmasq: query[A] perdu.com <http://perdu.com> from 127.0.0.1
> | dnsmasq: forwarded perdu.com <http://perdu.com> to 8.8.8.8
> | dnsmasq: reply perdu.com <http://perdu.com> is 172.67.133.176
> | dnsmasq: reply perdu.com <http://perdu.com> is 104.21.5.178
>
That seems okay.
>
> With that config file :
>
> > listen-address=127.0.0.1
> > bind-interfaces
> > server=/#/9.9.9.9 <http://9.9.9.9>
> > server=/svc.cluster.local/10.96.0.10 <http://10.96.0.10>
> > cache-size=500
And what server=/#/ is supposed to mean here? I think you can use
instead server=/./9.9.9.9, but I fail to see to use that syntax here. I
haven't found in man dnsmasq what is should do. I think it used to work
as a replacement for /./, because that was not accepted before. I would
say that is corner case.
>
> | root at bookworm:/tmp# dig @127.0.0.1 <http://127.0.0.1> perdu.com
> <http://perdu.com> A +short
> | root at bookworm:/tmp#
>
> Output from the dnsmasq server :
>
> | root at bookworm:~# dnsmasq --no-daemon --log-queries --log-debug
> | dnsmasq: started, version 2.89 cachesize 500
> | dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n
> IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash
> DNSSEC loop-detect inotify dumpfile
> | dnsmasq: using nameserver 9.9.9.9#53 for domain #
> | dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> | dnsmasq: reading /etc/resolv.conf
> | dnsmasq: using nameserver 9.9.9.9#53 for domain #
> | dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> | dnsmasq: ignoring nameserver 127.0.0.1 - local interface
> | dnsmasq: read /etc/hosts - 7 names
> |
> | dnsmasq: query[A] perdu.com <http://perdu.com> from 127.0.0.1
> | dnsmasq: config error is REFUSED (EDE: not ready)
>
> With that last config file, the output of dnsmasq (version `2.85`)
> mentions the default nameserver which will be used => `using
> nameserver 9.9.9.9#53 for default` :
Yes, that makes server=/#/ is now server=/./. server=/#/ has no special
meaning and this means now simply only "#" domain is redirected to
9.9.9.9. Try dig "test.#" @localhost.
>
> | root at debian11:~# dnsmasq --no-daemon --log-queries --log-debug
> | dnsmasq: started, version 2.85 cachesize 500
> | dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n
> IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC
> loop-detect inotify dumpfile
> | dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> | dnsmasq: using nameserver 9.9.9.9#53 for default
> | dnsmasq: reading /etc/resolv.conf
> | dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> | dnsmasq: using nameserver 9.9.9.9#53 for default
> | dnsmasq: ignoring nameserver 127.0.0.1 - local interface
> | dnsmasq: read /etc/hosts - 6 addresses
>
>
>
> Le ven. 15 sept. 2023 à 22:28, Geert Stappers <stappers at stappers.nl> a
> écrit :
>
> On Tue, Sep 12, 2023 at 09:15:04PM +0200, Yann ILAS wrote:
> > Le mar. 12 sept. 2023 à 18:56, Geert Stappers a écrit :
> > > On Mon, Sep 11, 2023 at 01:58:07PM +0200, Yann ILAS wrote:
> > > > Hi !
> > >
> > > Hello,
> > >
> > >
> > > > I get an issue with version 2.89 of dnsmasq, on Debian 12.
> There seems to
> > > > be a regression. I did see the changelog
> > > > <https://thekelleys.org.uk/dnsmasq/CHANGELOG> for version
> 2.87, which
> > > > states that the /#/ bug has been fixed... but I don't see it
> with version
> > > > 2.89 (the last version installed on Debian). The /#/ in the
> config file
> > > > seems still to be an issue.
> > > >
> > > > listen-address=127.0.0.1
> > > > bind-interfaces
> > > > server=/#/8.8.8.8 <http://8.8.8.8>
> > > > server=/svc.cluster.local/10.96.0.10 <http://10.96.0.10>
> > > > cache-size=500
> > > >
> > >
> > > And with
> > >
> > > listen-address=127.0.0.1
> > > bind-interfaces
> > > server=9.9.9.9
> > > server=/svc.cluster.local/10.96.0.10 <http://10.96.0.10>
> > > cache-size=500
> > >
> > > ? (Yes, that are two changes!)
> > >
> > Hi,
> >
> > From the client :
> > root at bookworm:~# dig @127.0.0.1 <http://127.0.0.1> perdu.com
> <http://perdu.com> A +short
> > 172.67.133.176
> > 104.21.5.178
> >
> > Log from the daemon :
> > root at bookworm:~# dnsmasq --no-daemon --log-queries --log-debug
> > dnsmasq: started, version 2.89 cachesize 500
> > dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n
> IDN2 DHCP
> > DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
> > loop-detect inotify dumpfile
> > dnsmasq: using nameserver 9.9.9.9#53
> > dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> > dnsmasq: reading /etc/resolv.conf
> > dnsmasq: using nameserver 9.9.9.9#53
> > dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
> > dnsmasq: ignoring nameserver 127.0.0.1 - local interface
> > dnsmasq: read /etc/hosts - 7 names
> > dnsmasq: query[A] perdu.com <http://perdu.com> from 127.0.0.1
> > dnsmasq: forwarded perdu.com <http://perdu.com> to 9.9.9.9
> > dnsmasq: reply perdu.com <http://perdu.com> is 172.67.133.176
> > dnsmasq: reply perdu.com <http://perdu.com> is 104.21.5.178
>
> Okay, that looks fine. Now test the two changes separately.
> I refer to the above "Yes, that are two changes!"
>
>
> Groeten
> Geert Stappers
> --
> Silence is hard to parse
>
--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20231128/ef64ac95/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x4931CA5B6C9FC5CB.asc
Type: application/pgp-keys
Size: 9098 bytes
Desc: OpenPGP public key
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20231128/ef64ac95/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20231128/ef64ac95/attachment-0001.sig>
More information about the Dnsmasq-discuss
mailing list