[Dnsmasq-discuss] New option --no-ANY

Simon Kelley simon at thekelleys.org.uk
Mon Feb 12 23:25:05 UTC 2024 


On 08/02/2024 12:01, Petr Menšík wrote:
> I do not think this is good approach. One thing is any queries need to 
> be handled by upstream resolver somehow. Whatever it is, dnsmasq will 
> reply whatever upstream resolvers chosen to do that. The only exception 
> is local data, for example authoritative services.
> 
> I would prefer sending just A or AAAA queries, whatever from them comes 
> first. Or maybe excluding other types and using just A and AAAA records, 
> if they are in cache. Reference 4.3 
> <https://www.rfc-editor.org/rfc/rfc8482#section-4.3>. Alternatively do 
> what unbound does, return NOTIMPL error.
> 

Tend to agree. I just pushed something which I think works. It leaves 
replies from local data unaltered and filters all except A, AAAA, MX and 
CNAME from upstream replies to ANY queries, as 4.3 suggests.

Use

--filter-rr=ANY

to enable.


Simon.

> Shown localhost example:
> 
> ; <<>> DiG 9.18.21 <<>> @localhost -p 2053 -t any localhost
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60904
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ;; QUESTION SECTION:
> ;localhost.            IN    ANY
> 
> ;; ANSWER SECTION:
> localhost.        0    IN    A    127.0.0.1
> localhost.        0    IN    AAAA    ::1
> 
> With --no-ANY, it returns empty response. I have changed continue; to 
> return 0; That gives incorrect results and should not be used. But your 
> patch did not apply to my master, on top of commit 
> 762a3f243099d26b1e87aad2b1b4b696cd8c33ac.
> 
> ; <<>> DiG 9.18.21 <<>> @localhost -p 2053 -t any localhost
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48980
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ;; QUESTION SECTION:
> ;localhost.            IN    ANY
> 
> ;; AUTHORITY SECTION:
> localhost.        10800    IN    SOA    localhost. nobody.invalid. 1 
> 3600 1200 604800 10800
> 
> I think we can modify ANY type query to provide just single type or 
> synthetized answer, but empty response seems wrong. I think || qtype == 
> T_ANY should be removed from most of types, to make answer smaller. 
> Unlike mDNS ANY is not specified in DNS to provide all answers known. If 
> anyone relies on it, that would be wrong too.
> 
> I disagree with current proposal.
> 
> On 06. 02. 24 18:00, Dominik Derigs via Dnsmasq-discuss wrote:
>> RFC 8482
> 
> -- 
> Petr Menšík
> Software Engineer, RHEL
> Red Hat,http://www.redhat.com/
> PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
>

More information about the Dnsmasq-discuss mailing list