[Dnsmasq-discuss] New option --no-ANY

Petr Menšík pemensik at redhat.com
Thu Feb 8 12:01:25 UTC 2024 

I do not think this is good approach. One thing is any queries need to 
be handled by upstream resolver somehow. Whatever it is, dnsmasq will 
reply whatever upstream resolvers chosen to do that. The only exception 
is local data, for example authoritative services.

I would prefer sending just A or AAAA queries, whatever from them comes 
first. Or maybe excluding other types and using just A and AAAA records, 
if they are in cache. Reference 4.3 
<https://www.rfc-editor.org/rfc/rfc8482#section-4.3>. Alternatively do 
what unbound does, return NOTIMPL error.

Shown localhost example:

; <<>> DiG 9.18.21 <<>> @localhost -p 2053 -t any localhost
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60904
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;localhost.            IN    ANY

;; ANSWER SECTION:
localhost.        0    IN    A    127.0.0.1
localhost.        0    IN    AAAA    ::1

With --no-ANY, it returns empty response. I have changed continue; to 
return 0; That gives incorrect results and should not be used. But your 
patch did not apply to my master, on top of commit 
762a3f243099d26b1e87aad2b1b4b696cd8c33ac.

; <<>> DiG 9.18.21 <<>> @localhost -p 2053 -t any localhost
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48980
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;localhost.            IN    ANY

;; AUTHORITY SECTION:
localhost.        10800    IN    SOA    localhost. nobody.invalid. 1 
3600 1200 604800 10800

I think we can modify ANY type query to provide just single type or 
synthetized answer, but empty response seems wrong. I think || qtype == 
T_ANY should be removed from most of types, to make answer smaller. 
Unlike mDNS ANY is not specified in DNS to provide all answers known. If 
anyone relies on it, that would be wrong too.

I disagree with current proposal.

On 06. 02. 24 18:00, Dominik Derigs via Dnsmasq-discuss wrote:
> RFC 8482

-- 
Petr Menšík
Software Engineer, RHEL
Red Hat,http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20240208/e93aea3b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x4931CA5B6C9FC5CB.asc
Type: application/pgp-keys
Size: 9736 bytes
Desc: OpenPGP public key
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20240208/e93aea3b/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20240208/e93aea3b/attachment.sig>

More information about the Dnsmasq-discuss mailing list