[Dnsmasq-discuss] Uppercase queries are forwarded differently depending on the protocol (tcp vs udp)

Wed, 14 Sep 2022 15:04:09 -0700 

Hi,

TLDR: DNS request to dnsmasq with upper-case domain is handled differently
if request is sent over TCP vs UDP

I run a server to forward "cluster.local" queries to another process:
/usr/sbin/dnsmasq-k--cache-size=1000--no-negcache--dns-forward-max=1500--log-facility=---server=/cluster.local/
127.0.0.1#10053--log-queries=extra--log-debug
<http://127.0.0.1/#10053--log-queries=extra--log-debug>

dnsmasq 2.86 with IP 10.64.0.7

1. When I run:
dig +tcp kubernetes.default.svc.cluster.LOCAL @10.64.0.7

I get NOERROR but no data in the response. dnsmasq logs:
I0913 06:15:04.790606       1 nanny.go:146] dnsmasq[86]: 44065
10.64.1.4/33015 query[A] kubernetes.default.svc.CLUSTER.LOCAL from 10.64.1.4
I0913 06:15:04.851065       1 nanny.go:146] dnsmasq[86]: 44065
10.64.1.4/33015 forwarded kubernetes.default.svc.CLUSTER.LOCAL to
169.254.169.254

As you can see dnsmasq doesn't modify the domain. Because it's a
"CLUSTER.LOCAL" and not a "cluster.local" it's forwarded to the server
169.254.169.254 set in the /etc/resolv.conf. And not the
--server=/cluster.local/127.0.0.1#10053 <http://127.0.0.1/#10053>

2. When I run exactly the same query but over UDP not TCP:
dig kubernetes.default.svc.CLUSTER.LOCAL @10.64.0.7

I get NOERROR and correct response:
kubernetes.default.svc.CLUSTER.LOCAL. 30 IN A   10.68.0.1

dnsmasq logs in this case:
I0913 06:19:20.820425       1 nanny.go:146] dnsmasq[11]: 44471
10.64.1.4/49622 query[A] kubernetes.default.svc.CLUSTER.LOCAL from 10.64.1.4
I0913 06:19:20.820866       1 nanny.go:146] dnsmasq[11]: 44471
10.64.1.4/49622 forwarded kubernetes.default.svc.cluster.local to 127.0.0.1

In this case the domain in the query is changed to the lower-case and it
matches "cluster.local" and forwards to 127.0.0.1 as expected.

3. When I run exactly the same query over TCP but fully lower-case it works
as well.

Is this a bug or intended behaviour or maybe I misunderstood the logs?
Thanks!

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Reply via email to