dnsmasq 2.80 (Debian).

Performing an "A" query against www.freesat.co.uk returns the expected
response on the first query.

However, the target of the CNAME is cached as a negative response,
even though it was never looked up.  This could be considered a form
of cache poisoning.

The problem could be that both A and CNAME records are returned by the
domain's authoritative server and this is confusing dnsmasq's cache.

The DNS zone configuration here is definitely incorrect, but dnsmasq's
behaviour in this instance is a concern.

Setting "no-negcache" in dnsmasq.conf works around this problem.



Feb 17 18:03:15 thinkpad dnsmasq[10582]: query[A] www.freesat.co.uk from 
127.0.0.1
Feb 17 18:03:15 thinkpad dnsmasq[10582]: forwarded www.freesat.co.uk to 1.1.1.1
Feb 17 18:03:15 thinkpad dnsmasq[10582]: reply www.freesat.co.uk is <CNAME>
Feb 17 18:03:15 thinkpad dnsmasq[10582]: reply ghs.googlehosted.com is 
NODATA-IPv4

Feb 17 18:05:51 thinkpad dnsmasq[10582]: query[A] www.freesat.co.uk from 
127.0.0.1
Feb 17 18:05:51 thinkpad dnsmasq[10582]: cached www.freesat.co.uk is <CNAME>
Feb 17 18:05:51 thinkpad dnsmasq[10582]: cached ghs.googlehosted.com is 
NODATA-IPv4

Feb 17 18:06:12 thinkpad dnsmasq[10582]: query[A] ghs.googlehosted.com from 
127.0.0.1
Feb 17 18:06:12 thinkpad dnsmasq[10582]: cached ghs.googlehosted.com is 
NODATA-IPv4



$ dig www.freesat.co.uk @ns1.peer1.net

; <<>> DiG 9.11.14-3-Debian <<>> www.freesat.co.uk @ns1.peer1.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22745
;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.freesat.co.uk.             IN      A

h;; ANSWER SECTION:
www.freesat.co.uk.      300     IN      CNAME   ghs.googlehosted.com.
www.freesat.co.uk.      300     IN      A       216.239.34.21
www.freesat.co.uk.      300     IN      A       216.239.32.21
www.freesat.co.uk.      300     IN      A       216.239.36.21
www.freesat.co.uk.      300     IN      A       216.239.38.21

;; AUTHORITY SECTION:
freesat.co.uk.          259200  IN      NS      ns1.peer1.net.
freesat.co.uk.          259200  IN      NS      ns2.peer1.net.

;; ADDITIONAL SECTION:
ns1.peer1.net.          21600   IN      A       69.90.13.5
ns2.peer1.net.          21600   IN      A       69.90.13.6

;; Query time: 12 msec
;; SERVER: 69.90.13.5#53(69.90.13.5)
;; WHEN: Mon Feb 17 17:42:57 GMT 2020
;; MSG SIZE  rcvd: 210

$ dig www.freesat.co.uk a

; <<>> DiG 9.11.14-3-Debian <<>> www.freesat.co.uk a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51256
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.freesat.co.uk.             IN      A

;; ANSWER SECTION:
www.freesat.co.uk.      300     IN      CNAME   ghs.googlehosted.com.
www.freesat.co.uk.      300     IN      A       216.239.36.21
www.freesat.co.uk.      300     IN      A       216.239.34.21
www.freesat.co.uk.      300     IN      A       216.239.38.21
www.freesat.co.uk.      300     IN      A       216.239.32.21

;; Query time: 14 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 17 18:03:15 GMT 2020
;; MSG SIZE  rcvd: 144

$ dig www.freesat.co.uk a

; <<>> DiG 9.11.14-3-Debian <<>> www.freesat.co.uk a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24120
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.freesat.co.uk.             IN      A

;; ANSWER SECTION:
www.freesat.co.uk.      144     IN      CNAME   ghs.googlehosted.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 17 18:05:51 GMT 2020
;; MSG SIZE  rcvd: 80

$ dig ghs.googlehosted.com a

; <<>> DiG 9.11.14-3-Debian <<>> ghs.googlehosted.com a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9646
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ghs.googlehosted.com.          IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 17 18:06:12 GMT 2020
;; MSG SIZE  rcvd: 49



(I have already sent an email trying to get freesat.co.uk to fix their
zone but suspect that it will fall on deaf ears.)

-- 
Paul Martin <p...@nowster.org.uk>

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to