<div dir="ltr"><div>Hi, </div><div><br></div><div>Good news is that on git HEAD there's no such bug! 🎉</div><div><br></div>But it's reproducible on dnsmasq 2.86 <a href="https://thekelleys.org.uk/dnsmasq/dnsmasq-2.86.tar.gz">https://thekelleys.org.uk/dnsmasq/dnsmasq-2.86.tar.gz</a><div>Maybe it would be useful if you'd like to trace the cause/fix.</div><div><div><br></div><div>/usr/local/sbin/dnsmasq -k --log-facility=- --server=/com/<a href="http://8.8.8.8">8.8.8.8</a> --log-queries=extra --log-debug --port=10054 --cache-size=0<br></div><div><br>1. dig +short -p 10054 <a href="http://example.com">example.com</a></div><div>dnsmasq[1479386]: 1 <a href="http://127.0.0.1/54512">127.0.0.1/54512</a> query[A] <a href="http://example.com">example.com</a> from 127.0.0.1<br>dnsmasq[1479386]: 1 <a href="http://127.0.0.1/54512">127.0.0.1/54512</a> forwarded <a href="http://example.com">example.com</a> to 8.8.8.8<br><br>2. dig +short +tcp -p 10054 <a href="http://example.com">example.com</a><br>dnsmasq[1482914]: 3 <a href="http://127.0.0.1/35851">127.0.0.1/35851</a> query[A] <a href="http://example.com">example.com</a> from 127.0.0.1<br>dnsmasq[1482914]: 3 <a href="http://127.0.0.1/35851">127.0.0.1/35851</a> forwarded <a href="http://example.com">example.com</a> to 8.8.8.8<br><br>3. dig +short +tcp -p 10054 example.COM<br>dnsmasq[1484740]: 103 <a href="http://127.0.0.1/35249">127.0.0.1/35249</a> query[A] example.COM from 127.0.0.1<br>dnsmasq[1484740]: 103 <a href="http://127.0.0.1/35249">127.0.0.1/35249</a> forwarded example.COM to 127.0.0.1<br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Sep 15, 2022 at 10:59 AM Simon Kelley <<a href="mailto:simon@thekelleys.org.uk">simon@thekelleys.org.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
On 14/09/2022 22:32, Dmitry Pasiukevich via Dnsmasq-discuss wrote:<br>
> Hi,<br>
> <br>
> TLDR: DNS request to dnsmasq with upper-case domain is handled <br>
> differently if request is sent over TCP vs UDP<br>
> <br>
> I run a server to forward "cluster.local" queries to another process:<br>
> /usr/sbin/dnsmasq-k--cache-size=1000--no-negcache--dns-forward-max=1500--log-facility=---server=/cluster.local/<a href="http://127.0.0.1#10053--log-queries=extra--log-debug" rel="noreferrer" target="_blank">127.0.0.1#10053--log-queries=extra--log-debug</a> <br>
> <<a href="http://127.0.0.1/#10053--log-queries=extra--log-debug" rel="noreferrer" target="_blank">http://127.0.0.1/#10053--log-queries=extra--log-debug</a>><br>
> <br>
> dnsmasq 2.86 with IP 10.64.0.7<br>
> <br>
> 1. When I run:<br>
> dig +tcp kubernetes.default.svc.cluster.LOCAL @<a href="http://10.64.0.7" rel="noreferrer" target="_blank">10.64.0.7</a> <<a href="http://10.64.0.7/" rel="noreferrer" target="_blank">http://10.64.0.7/</a>><br>
> <br>
> I get NOERROR but no data in the response. dnsmasq logs:<br>
> I0913 06:15:04.790606 1 nanny.go:146] dnsmasq[86]: 44065 <br>
> <a href="http://10.64.1.4/33015" rel="noreferrer" target="_blank">10.64.1.4/33015</a> <<a href="http://10.64.1.4/33015" rel="noreferrer" target="_blank">http://10.64.1.4/33015</a>> query[A] <br>
> kubernetes.default.svc.CLUSTER.LOCAL from 10.64.1.4<br>
> I0913 06:15:04.851065 1 nanny.go:146] dnsmasq[86]: 44065 <br>
> <a href="http://10.64.1.4/33015" rel="noreferrer" target="_blank">10.64.1.4/33015</a> <<a href="http://10.64.1.4/33015" rel="noreferrer" target="_blank">http://10.64.1.4/33015</a>> forwarded <br>
> kubernetes.default.svc.CLUSTER.LOCAL to 169.254.169.254<br>
> <br>
> As you can see dnsmasq doesn't modify the domain. Because it's a <br>
> "CLUSTER.LOCAL" and not a "cluster.local" it's forwarded to the server <br>
> 169.254.169.254 set in the /etc/resolv.conf. And not the <br>
> --server=/cluster.local/<a href="http://127.0.0.1#10053" rel="noreferrer" target="_blank">127.0.0.1#10053</a> <<a href="http://127.0.0.1/#10053" rel="noreferrer" target="_blank">http://127.0.0.1/#10053</a>><br>
> <br>
> 2. When I run exactly the same query but over UDP not TCP:<br>
> dig kubernetes.default.svc.CLUSTER.LOCAL @<a href="http://10.64.0.7" rel="noreferrer" target="_blank">10.64.0.7</a> <<a href="http://10.64.0.7/" rel="noreferrer" target="_blank">http://10.64.0.7/</a>><br>
> <br>
> I get NOERROR and correct response:<br>
> kubernetes.default.svc.CLUSTER.LOCAL. 30 IN A 10.68.0.1<br>
> <br>
> dnsmasq logs in this case:<br>
> I0913 06:19:20.820425 1 nanny.go:146] dnsmasq[11]: 44471 <br>
> <a href="http://10.64.1.4/49622" rel="noreferrer" target="_blank">10.64.1.4/49622</a> <<a href="http://10.64.1.4/49622" rel="noreferrer" target="_blank">http://10.64.1.4/49622</a>> query[A] <br>
> kubernetes.default.svc.CLUSTER.LOCAL from 10.64.1.4<br>
> I0913 06:19:20.820866 1 nanny.go:146] dnsmasq[11]: 44471 <br>
> <a href="http://10.64.1.4/49622" rel="noreferrer" target="_blank">10.64.1.4/49622</a> <<a href="http://10.64.1.4/49622" rel="noreferrer" target="_blank">http://10.64.1.4/49622</a>> forwarded <br>
> kubernetes.default.svc.cluster.local to 127.0.0.1<br>
> <br>
> In this case the domain in the query is changed to the lower-case and it <br>
> matches "cluster.local" and forwards to 127.0.0.1 as expected.<br>
> <br>
> 3. When I run exactly the same query over TCP but fully lower-case it <br>
> works as well.<br>
> <br>
> Is this a bug or intended behaviour or maybe I misunderstood the logs?<br>
> Thanks!<br>
> <br>
<br>
Definitely not intended behaviour.<br>
<br>
Also not immediately reproducible in the current development code, <br>
though I don't recall fixing anything that might cause this. Would it be <br>
easy for you to repeat the tests using the git HEAD branch for a quick <br>
win? If that fails for you I'll try harder to reproduce the problem.<br>
<br>
<br>
Cheers,<br>
<br>
Simon.<br>
<br>
> _______________________________________________<br>
> Dnsmasq-discuss mailing list<br>
> <a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
> <a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a><br>
<br>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><span style="color:rgb(153,153,153)">Dmitry Pasiukevich</span><br style="color:rgb(153,153,153)"><span style="color:rgb(153,153,153)">Software Engineer</span><br></div></div>