[Dnsmasq-discuss] Dnsmasq IPv6 NXDOMAIN issue when using synth-domain for IPv4
Simon Kelley
simon at thekelleys.org.uk
Sun Dec 3 18:22:11 UTC 2023
The problem is well known, and the solution (rewrite NXDOMAIN replies
from upstream to NODATA) has been done for a long time. Unfortunately,
an oversight missed out --synth-domain from the code which determines if
a query for another rr-type is capable of eliciting an answer and
triggers the re-write.
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63ba726e1f8d1ac53db260110657bc82539b2d97
should fix things.
Cheers,
Simon.
On 02/12/2023 21:17, Matt Wong wrote:
> Hi,
>
> I encountered the following issue and would like some guidance on a
> solution. My dnsmasq config looks like the following:
>
> listen-address=127.0.0.1
> synth-domain=custom.domain <http://custom-domain.com>,10.0.0.0/16,ip-
> <http://10.0.0.0/16,ip->
>
> The servers associated with the 'ip-*.custom.domain' custom domains do
> not have ipv6 addresses associated with them so we cannot configure the
> synth domain for ipv6 addresses. Now when I do a 'nslookup
> ip-10-0-0-16-custom.domain <http://ip-10-0-0-16-custom-domain.com/>', it
> seems like dnsmasq does the following:
>
> 1. Dnsmasq tries to resolve the domain for
> ipv4:ip-10-0-0-16-custom.domain
> <http://ip-10-0-0-16-custom-domain.com> and it will return 10.0.0.16 due
> to the synth-domain config.
> 2. Dnsmasq will also try to resolve the domain for ipv6. It will forward
> the query to an upstream nameserver which will return NXDOMAIN (since we
> do not configure the upstream nameservers to return ipv4 or ipv6
> addresses for any of the custom domains). It seems like dnsmasq will
> then cache NXDOMAIN for both ipv4 and ipv6 queries. As a result, any
> subsequent ipv4 queries for this domain will result in NXDOMAIN rather
> than using the value returned from our synth-domain config.
>
> I have the following questions:
> 1. Currently, is there a way we can configure dnsmasq to resolve to
> NODATA for ipv6 when an ipv4 synth-domain config is present even though
> the ipv6 resolution might be NXDOMAIN? I have tried using the
> '--no-negcache' option which solves this issue. However, we do not want
> to disable negative caching as it could increase outbound network
> activity greatly.
> 2. Is this issue expected? If not, can we have a fix for this?
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list