On 21/10/2018 00:05, Michael Biebl wrote: > After rebuilding the LXC chroot, I was able to reproduce the issue after > all. > > Runnig a git bisect shows the following as the first faulty commit > > > commit 1682d15a744880b0398af75eadf68fe66128af78 > Author: Simon Kelley <si...@thekelleys.org.uk> > Date: Fri Aug 3 20:38:18 2018 +0100 > > Add missing EDNS0 section. > EDNS0 section missing in replies to EDNS0-containing queries where > answer generated from --local=/<domain>/ > > > Reverting that commit on top of 2.80-1, I was able to make the systemd > test suite pass again. > At this point I consider this a dnsmasq issue and leave it up to Simon > to deal with it. > Simon, if you see in an issue in how systemd is using dnsmasq in the > test-suite, please let us know. >
There are a couple of things here. First, on looking at the reply from the query in the test, there is a problem. The ad (authenticated data) bit is getting copied straight though from the query to the reply. If the ad bit is set in the query (dig does this by default) then a bogus ad bit will be set in the answer. That's wrong, and will be fixed. However, that's not a regression introduced by the commit you're fingering. It happens in the 2.79 release code too, so can't be what is failing the test. What the commit does is to add an EDNS0 pseudoheader to the reply. This is correct, in fact it's more correct than before the commit, when dnsmasq would usually reply with an EDNS0 header, but omit it when the reply came from --address=/example.com/1.2.3.4 Ironically, this inconsistency confuses systemd-resolved, so the change was introduced to get dnsmasq to work better with systemd :) I'm not sure how to find out exactly what the systemd test is, and what it's looking for in the reply, but if it's looking for ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @127.0.0.1 -p 10000 wibble.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12712 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;wibble.com. IN A ;; ANSWER SECTION: wibble.com. 0 IN A 1.2.3.4 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#10000(127.0.0.1) ;; WHEN: Sun Oct 21 21:57:20 BST 2018 ;; MSG SIZE rcvd: 44 and receiving ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @127.0.0.1 -p 10000 wibble.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64851 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;wibble.com. IN A ;; ANSWER SECTION: wibble.com. 0 IN A 1.2.3.4 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#10000(127.0.0.1) ;; WHEN: Sun Oct 21 21:58:48 BST 2018 ;; MSG SIZE rcvd: 55 instead, fails the test then the test needs to be revised. Cheers, Simon.
signature.asc
Description: OpenPGP digital signature
