[Dnsmasq-discuss] nftset not always applied to AAAA
Heorhi Valakhanovich
admin at mail.geov.name
Fri Jun 28 13:16:16 UTC 2024
in my config file I have something like this:
nftset=/jetbrains.com/ubuntu.com/4#inet#router#censored4,6#inet#router#censored6
however downloads.jetbrains.com is using cloudfront cname or smth like that and nftset is not working for AAAA replies but somehow works for A
> host download.ubuntu.com
dnsmasq[1676399]: 63 127.0.0.1/57318 query[A] download.ubuntu.com from 127.0.0.1
dnsmasq[1676399]: 63 127.0.0.1/57318 forwarded download.ubuntu.com to 127.0.0.1#5353
dnsmasq[1676399]: 63 127.0.0.1/57318 nftset add 4 inet router censored4 185.125.190.29 ubuntu.com
dnsmasq[1676399]: 63 127.0.0.1/57318 reply download.ubuntu.com is 185.125.190.29
dnsmasq[1676399]: 63 127.0.0.1/57318 nftset add 4 inet router censored4 185.125.190.21 ubuntu.com
dnsmasq[1676399]: 63 127.0.0.1/57318 reply download.ubuntu.com is 185.125.190.21
dnsmasq[1676399]: 63 127.0.0.1/57318 nftset add 4 inet router censored4 185.125.190.20 ubuntu.com
dnsmasq[1676399]: 63 127.0.0.1/57318 reply download.ubuntu.com is 185.125.190.20
dnsmasq[1676399]: 64 127.0.0.1/51643 query[AAAA] download.ubuntu.com from 127.0.0.1
dnsmasq[1676399]: 64 127.0.0.1/51643 forwarded download.ubuntu.com to 127.0.0.1#5353
dnsmasq[1676399]: 64 127.0.0.1/51643 nftset add 6 inet router censored6 2620:2d:4000:1::28 ubuntu.com
dnsmasq[1676399]: 64 127.0.0.1/51643 reply download.ubuntu.com is 2620:2d:4000:1::28
dnsmasq[1676399]: 64 127.0.0.1/51643 nftset add 6 inet router censored6 2620:2d:4000:1::26 ubuntu.com
dnsmasq[1676399]: 64 127.0.0.1/51643 reply download.ubuntu.com is 2620:2d:4000:1::26
dnsmasq[1676399]: 64 127.0.0.1/51643 nftset add 6 inet router censored6 2620:2d:4000:1::27 ubuntu.com
dnsmasq[1676399]: 64 127.0.0.1/51643 reply download.ubuntu.com is 2620:2d:4000:1::27
dnsmasq[1676399]: 65 127.0.0.1/49103 query[MX] download.ubuntu.com from 127.0.0.1
dnsmasq[1676399]: 65 127.0.0.1/49103 forwarded download.ubuntu.com to 127.0.0.1#5353
dnsmasq[1676399]: 65 127.0.0.1/49103 reply download.ubuntu.com is NODATA
> host download.jetbrains.com
dnsmasq[1676399]: 131 127.0.0.1/42646 query[A] download.jetbrains.com from 127.0.0.1
dnsmasq[1676399]: 131 127.0.0.1/42646 forwarded download.jetbrains.com to 127.0.0.1#5353
dnsmasq[1676399]: 131 127.0.0.1/42646 reply download.jetbrains.com is <CNAME>
dnsmasq[1676399]: 131 127.0.0.1/42646 nftset add 4 inet router censored4 18.244.146.14 jetbrains.com
dnsmasq[1676399]: 131 127.0.0.1/42646 reply d1do0znm134sif.cloudfront.net is 18.244.146.14
dnsmasq[1676399]: 131 127.0.0.1/42646 nftset add 4 inet router censored4 18.244.146.47 jetbrains.com
dnsmasq[1676399]: 131 127.0.0.1/42646 reply d1do0znm134sif.cloudfront.net is 18.244.146.47
dnsmasq[1676399]: 131 127.0.0.1/42646 nftset add 4 inet router censored4 18.244.146.29 jetbrains.com
dnsmasq[1676399]: 131 127.0.0.1/42646 reply d1do0znm134sif.cloudfront.net is 18.244.146.29
dnsmasq[1676399]: 131 127.0.0.1/42646 nftset add 4 inet router censored4 18.244.146.64 jetbrains.com
dnsmasq[1676399]: 131 127.0.0.1/42646 reply d1do0znm134sif.cloudfront.net is 18.244.146.64
dnsmasq[1676399]: 132 127.0.0.1/53794 query[AAAA] d1do0znm134sif.cloudfront.net from 127.0.0.1
dnsmasq[1676399]: 132 127.0.0.1/53794 forwarded d1do0znm134sif.cloudfront.net to 127.0.0.1#5353
dnsmasq[1676399]: 132 127.0.0.1/53794 reply d1do0znm134sif.cloudfront.net is 2600:9000:26de:6000:12:7c44:15c0:93a1
dnsmasq[1676399]: 132 127.0.0.1/53794 reply d1do0znm134sif.cloudfront.net is 2600:9000:26de:a600:12:7c44:15c0:93a1
dnsmasq[1676399]: 132 127.0.0.1/53794 reply d1do0znm134sif.cloudfront.net is 2600:9000:26de:4800:12:7c44:15c0:93a1
dnsmasq[1676399]: 132 127.0.0.1/53794 reply d1do0znm134sif.cloudfront.net is 2600:9000:26de:5600:12:7c44:15c0:93a1
dnsmasq[1676399]: 132 127.0.0.1/53794 reply d1do0znm134sif.cloudfront.net is 2600:9000:26de:1200:12:7c44:15c0:93a1
dnsmasq[1676399]: 132 127.0.0.1/53794 reply d1do0znm134sif.cloudfront.net is 2600:9000:26de:1400:12:7c44:15c0:93a1
dnsmasq[1676399]: 132 127.0.0.1/53794 reply d1do0znm134sif.cloudfront.net is 2600:9000:26de:9a00:12:7c44:15c0:93a1
dnsmasq[1676399]: 132 127.0.0.1/53794 reply d1do0znm134sif.cloudfront.net is 2600:9000:26de:5000:12:7c44:15c0:93a1
dnsmasq[1676399]: 133 127.0.0.1/46118 query[MX] d1do0znm134sif.cloudfront.net from 127.0.0.1
dnsmasq[1676399]: 133 127.0.0.1/46118 forwarded d1do0znm134sif.cloudfront.net to 127.0.0.1#5353
dnsmasq[1676399]: 133 127.0.0.1/46118 reply d1do0znm134sif.cloudfront.net is NODATA
As you can see in second case nftset not applied for ipv6. Am I missing something in config? Is it a bug?
More information about the Dnsmasq-discuss
mailing list