Hi Trey,
Are there any specific applications requiring this patch? It seems to me
most of work should be spent on applications not handling IPv4 addresses
correctly. Also, I would implement filtering of both address families if
it is required.
Are there specific applications, where we can help escalate the problem
on their side instead? As you have already said, when they ask for A
address, they should receive one. Whether it is useful or not, clients
should be able to process it. And skipping to IPv6 in case of no IPv4
connectivity should be immediate. We lack full IPv6 connectivity at
office, so far I know only svn is not able to switch to IPv4 only. Which
is solved by switching to git. Filtering of AAAA record would have
solved it too.
Do you have examples of applications, where this change would help?
Cheers,
Petr
On 6/16/21 1:26 PM, Trey Sis wrote:
> On 6/14/2021 1:43, Trey Sis wrote:
>> On 6/13/2021 22:01, Geert Stappers via Dnsmasq-discuss wrote:
>>> On Wed, Jun 09, 2021 at 02:13:34PM +0200, Trey Sis wrote:
>>>> Dropping the patch file as attachment.
>>>> From 57c7fcb0b3caccae7376f71ab1a9ae74f0e7f6d9 Mon Sep 17 00:00:00
>>>> 2001
>>>> From: treysis <trey...@gmx.net>
>>>> Date: Sat, 5 Jun 2021 15:27:26 +0200
>>>> Subject: [PATCH] Add option to filter A record requests
>>>>
>>> [1]
>>>
>>>
>>>> ---
>>>> src/dnsmasq.h | 3 ++-
>>>> src/option.c | 3 +++
>>>> src/rfc1035.c | 11 +++++++++++
>>>> 3 files changed, 16 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
>>>> index b27737b..2fec7d1 100644
>>>> --- a/src/dnsmasq.h
>>>> +++ b/src/dnsmasq.h
>>>> @@ -272,7 +272,8 @@ struct event_desc {
>>>> #define OPT_LOG_DEBUG 62
>>>> #define OPT_UMBRELLA 63
>>>> #define OPT_UMBRELLA_DEVID 64
>>>> -#define OPT_LAST 65
>>>> +#define OPT_FILTER_A 65
>>>> +#define OPT_LAST 66
>>>>
>>>> #define OPTION_BITS (sizeof(unsigned int)*8)
>>>> #define OPTION_SIZE (
>>>> (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
>>>> diff --git a/src/option.c b/src/option.c
>>>> index cacfaa6..43dc3cb 100644
>>>> --- a/src/option.c
>>>> +++ b/src/option.c
>>>> @@ -171,6 +171,7 @@ struct myoption {
>>>> #define LOPT_DYNHOST 362
>>>> #define LOPT_LOG_DEBUG 363
>>>> #define LOPT_UMBRELLA 364
>>>> +#define LOPT_FILTER_A 365
>>>>
>>>> #ifdef HAVE_GETOPT_LONG
>>>> static const struct option opts[] =
>>>> @@ -347,6 +348,7 @@ static const struct myoption opts[] =
>>>> { "dynamic-host", 1, 0, LOPT_DYNHOST },
>>>> { "log-debug", 0, 0, LOPT_LOG_DEBUG },
>>>> { "umbrella", 2, 0, LOPT_UMBRELLA },
>>>> + { "filter-a", 0, 0, LOPT_FILTER_A },
>>>> { NULL, 0, 0, 0 }
>>>> };
>>>>
>>>> @@ -530,6 +532,7 @@ static struct {
>>>> { LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which
>>>> packets to dump"), NULL },
>>>> { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call
>>>> dhcp-script when lease expiry changes."), NULL },
>>>> { LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]", gettext_noop("Send
>>>> Cisco Umbrella identifiers including remote IP."), NULL },
>>>> + { LOPT_FILTER_A, OPT_FILTER_A, NULL, gettext_noop("Filter all A
>>>> requests."), NULL },
>>>> { 0, 0, NULL, NULL, NULL }
>>>> };
>>>>
>>>> diff --git a/src/rfc1035.c b/src/rfc1035.c
>>>> index 9bc5ef2..1043773 100644
>>>> --- a/src/rfc1035.c
>>>> +++ b/src/rfc1035.c
>>>> @@ -1843,6 +1843,17 @@ size_t answer_request(struct dns_header
>>>> *header, char *limit, size_t qlen,
>>>> }
>>>> }
>>>>
>>>> + /* filter A forwards */
>>>> + if (qtype == T_A && option_bool(OPT_FILTER_A))
>>>> + {
>>>> + /* return a null reply */
>>>> + ans = 1;
>>>> + if (!dryrun)
>>>> + log_query(F_CONFIG | F_IPV6 | F_NEG, name, &addr, NULL);
>>>> + break;
>>>> + }
>>>> + /* end of filtering A */
>>>> +
>>>> if (!ans)
>>>> return 0; /* failed to answer a question */
>>>> }
>>>
>>>
>>> /home/stappers/src/dnsmasq/.git/rebase-apply/patch:62: trailing
>>> whitespace.
>>> if (!dryrun)
>>> warning: 1 line adds whitespace errors.
>>
>> My bad! Fixed. Find the new patch attached to this message.
>>
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss@lists.thekelleys.org.uk
>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
> Hello everyone,
>
> I was wondering if anyone has any suggestions or objections for the
> patch?
>
> I still think it would be very valuable for many setups out there to
> drop A records. Most OS don't query for AAAA if there is no IPv6
> connection. But none don't query for A if there is no IPv4. That often
> causes problems with applications that did not (yet) implement happy
> eyeballs. Getting this upstream would make it much easier to handle
> IPv6-only environments.
>
> What do you think?
>
> Regards,
>
> Treysis
>
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
