The manual states that A and AAAA records won't be forwarded. Both of
your examples were forwarding MX record requests.
On 2018-06-21 5:34 AM, Spon Spon wrote:
The lookup is forwarded to upstream DNS server. This can be seen in
log and also through tcpdump. So even domain-needed is used the lookup
leaks to upstream server, and as per this settings it should not.
------------------------------------------------------------------------
*From:* Geert Stappers <stapp...@stappers.nl>
*To:* dnsmasq-discuss@lists.thekelleys.org.uk
*Sent:* Thursday, June 21, 2018 11:20 AM
*Subject:* Re: [Dnsmasq-discuss] domain-needed is ignored
On Thu, Jun 21, 2018 at 06:15:30AM +0000, Spon Spon wrote:
> Hi,
> I have following configuration of dnsmasq:
...
> domain-needed
...
>
> Because of domain-needed option I expected that host only lookup,
> without domain part will not forwarded to upstream servers (in my case
> 192.168.2.1, but this seems it is not the case.
Please elaborate "seems"
Is it being polite or only having "forwarded" in logging and no
further proof?
> The dnsmasq run on an EdgeRouter and has following version:
> root@bucuresti <mailto:root@bucuresti>:/etc# /usr/sbin/dnsmasq --version
> Dnsmasq version 2.78-20-geaeda96 Copyright (c) 2000-2017 Simon Kelley
> Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6
no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
>
> This software comes with ABSOLUTELY NO WARRANTY.
> Dnsmasq is free software, and you are welcome to redistribute it
> under the terms of the GNU General Public License, version 2 or 3.
>
> If I lookup a host with local domain, then the request is not going
> to upstream server. Please see below the logged queries:
>
> Jun 21 09:13:31 dnsmasq[21398]: query[A] rrr from 127.0.0.1
> Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv4
> Jun 21 09:13:31 dnsmasq[21398]: query[AAAA] rrr from 127.0.0.1
> Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv6
> Jun 21 09:13:31 dnsmasq[21398]: query[MX] rrr from 127.0.0.1
> Jun 21 09:13:31 dnsmasq[21398]: forwarded rrr to 192.168.2.1
> Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1
> Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN
> Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1
> Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN
>
> Is this a bug? Is there any configuration missing? I expected that
> rrr lookup wil not be forwarded to upstream server (192.168.2.1)
>
Dnsmasq manual pages says
-D, --domain-needed
Tells dnsmasq to never forward A or AAAA queries for plain names,
without dots or domain parts, to upstream nameservers. If
the name is not known from /etc/hosts or DHCP then a "not found"
answer is returned.
So it would prevent the cost of a dail-out connection.
..... local testing .....
Jun 21 09:41:14 weiss dnsmasq[24942]: query[MX] inertia from 172.24.0.36
Jun 21 09:41:14 weiss dnsmasq[24942]: forwarded inertia to 172.24.0.10
That un-expected, due 'domain-needed', forward is visible with tcpdump
at my upstream DNS :-(
Groeten
Geert Stappers
--
Leven en laten leven
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
<mailto:Dnsmasq-discuss@lists.thekelleys.org.uk>
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
--
Daryl Richards
Isle Technical Services Inc.
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
