Re: [Dnsmasq-discuss] New option --no-ANY

Thu, 08 Feb 2024 04:42:55 -0800

I do not think this is good approach. One thing is any queries need to be handled by upstream resolver somehow. Whatever it is, dnsmasq will reply whatever upstream resolvers chosen to do that. The only exception is local data, for example authoritative services.
I would prefer sending just A or AAAA queries, whatever from them comes first. Or maybe excluding other types and using just A and AAAA records, if they are in cache. Reference 4.3 <https://www.rfc-editor.org/rfc/rfc8482#section-4.3>. Alternatively do what unbound does, return NOTIMPL error. 

Shown localhost example:

; <<>> DiG 9.18.21 <<>> @localhost -p 2053 -t any localhost
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60904
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;localhost.            IN    ANY

;; ANSWER SECTION:
localhost.        0    IN    A    127.0.0.1
localhost.        0    IN    AAAA    ::1


With --no-ANY, it returns empty response. I have changed continue; to 
return 0; That gives incorrect results and should not be used. But your 
patch did not apply to my master, on top of commit 
762a3f243099d26b1e87aad2b1b4b696cd8c33ac.


; <<>> DiG 9.18.21 <<>> @localhost -p 2053 -t any localhost
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48980
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;localhost.            IN    ANY

;; AUTHORITY SECTION:

localhost.        10800    IN    SOA    localhost. nobody.invalid. 1 
3600 1200 604800 10800



I think we can modify ANY type query to provide just single type or 
synthetized answer, but empty response seems wrong. I think || qtype == 
T_ANY should be removed from most of types, to make answer smaller. 
Unlike mDNS ANY is not specified in DNS to provide all answers known. If 
anyone relies on it, that would be wrong too.


I disagree with current proposal.

On 06. 02. 24 18:00, Dominik Derigs via Dnsmasq-discuss wrote:

RFC 8482


--
Petr Menšík
Software Engineer, RHEL
Red Hat,http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB




Attachment:
OpenPGP_0x4931CA5B6C9FC5CB.asc

Description: OpenPGP public key



Attachment:
OpenPGP_signature.asc

Description: OpenPGP digital signature


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss






















					Reply via email to