The lookup is forwarded to upstream DNS server. This can be seen in log and also through tcpdump. So even domain-needed is used the lookup leaks to upstream server, and as per this settings it should not.
From: Geert Stappers <stapp...@stappers.nl> To: dnsmasq-discuss@lists.thekelleys.org.uk Sent: Thursday, June 21, 2018 11:20 AM Subject: Re: [Dnsmasq-discuss] domain-needed is ignored On Thu, Jun 21, 2018 at 06:15:30AM +0000, Spon Spon wrote: > Hi, > I have following configuration of dnsmasq: ... > domain-needed ... > > Because of domain-needed option I expected that host only lookup, > without domain part will not forwarded to upstream servers (in my case > 192.168.2.1, but this seems it is not the case. Please elaborate "seems" Is it being polite or only having "forwarded" in logging and no further proof? > The dnsmasq run on an EdgeRouter and has following version: > root@bucuresti:/etc# /usr/sbin/dnsmasq --version > Dnsmasq version 2.78-20-geaeda96 Copyright (c) 2000-2017 Simon Kelley > Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP > conntrack ipset auth DNSSEC loop-detect inotify > > This software comes with ABSOLUTELY NO WARRANTY. > Dnsmasq is free software, and you are welcome to redistribute it > under the terms of the GNU General Public License, version 2 or 3. > > If I lookup a host with local domain, then the request is not going > to upstream server. Please see below the logged queries: > > Jun 21 09:13:31 dnsmasq[21398]: query[A] rrr from 127.0.0.1 > Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv4 > Jun 21 09:13:31 dnsmasq[21398]: query[AAAA] rrr from 127.0.0.1 > Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv6 > Jun 21 09:13:31 dnsmasq[21398]: query[MX] rrr from 127.0.0.1 > Jun 21 09:13:31 dnsmasq[21398]: forwarded rrr to 192.168.2.1 > Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1 > Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN > Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1 > Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN > > Is this a bug? Is there any configuration missing? I expected that > rrr lookup wil not be forwarded to upstream server (192.168.2.1) > Dnsmasq manual pages says -D, --domain-needed Tells dnsmasq to never forward A or AAAA queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned. So it would prevent the cost of a dail-out connection. ..... local testing ..... Jun 21 09:41:14 weiss dnsmasq[24942]: query[MX] inertia from 172.24.0.36 Jun 21 09:41:14 weiss dnsmasq[24942]: forwarded inertia to 172.24.0.10 That un-expected, due 'domain-needed', forward is visible with tcpdump at my upstream DNS :-( Groeten Geert Stappers -- Leven en laten leven _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss