[Dnsmasq-discuss] Dnsmasq IPv6 NXDOMAIN issue when using synth-domain for IPv4

[Matt Wong]

Hi,

I encountered the following issue and would like some guidance on a
solution. My dnsmasq config looks like the following:

listen-address=127.0.0.1
synth-domain=custom.domain <http://custom-domain.com>,10.0.0.0/16,ip-

The servers associated with the 'ip-*.custom.domain' custom domains do not
have ipv6 addresses associated with them so we cannot configure the synth
domain for ipv6 addresses. Now when I do a 'nslookup
ip-10-0-0-16-custom.domain <http://ip-10-0-0-16-custom-domain.com/>', it
seems like dnsmasq does the following:

1. Dnsmasq tries to resolve the domain for ipv4: ip-10-0-0-16-custom.domain
<http://ip-10-0-0-16-custom-domain.com> and it will return 10.0.0.16 due to
the synth-domain config.
2. Dnsmasq will also try to resolve the domain for ipv6. It will forward
the query to an upstream nameserver which will return NXDOMAIN (since we do
not configure the upstream nameservers to return ipv4 or ipv6 addresses for
any of the custom domains). It seems like dnsmasq will then cache NXDOMAIN
for both ipv4 and ipv6 queries. As a result, any subsequent ipv4 queries
for this domain will result in NXDOMAIN rather than using the
value returned from our synth-domain config.

I have the following questions:
1. Currently, is there a way we can configure dnsmasq to resolve to NODATA
for ipv6 when an ipv4 synth-domain config is present even though the ipv6
resolution might be NXDOMAIN? I have tried using the '--no-negcache' option
which solves this issue. However, we do not want to disable negative
caching as it could increase outbound network activity greatly.
2. Is this issue expected? If not, can we have a fix for this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20231202/c0d78b9f/attachment.htm>