Re: [Dnsmasq-discuss] address option doesn't work correctly if the target domain is a cname
18.04.2022 16:38, Simon Kelley пишет: What's not obvious is what to do about it: In versions before 2.86, this wouldn't be a problem, because address=/api.ott.kinopoisk.ru/:: would stop any queries for api.ott.kinopoisk.ru, including the IPv4 query, being sent upstream. That means the an A query (or any other query) would return NODATA, and an query would return ::, which is all consistent. Not quite true. 1) In versions before 2.86 I used the following syntax to achieve the same behaviour: server=/domain.com/# address=/domain.com/:: This way query returned :: and A query was forwarded to upstream servers (and this is exactly what I want - to block for specific domains) And this configuration had the same issue with CNAME. If domain.com is a CNAME to someotherdomain.com, after making a query to someotherdomain.com, queries to domain.com returns upstream record instead of :: 2) Since 2.86 for some reason this config doesn't work: server=/domain.com/# address=/domain.com/:: The query return ::, but A query return NODATA, ignoring the server directive. 3) But if I throw away server=/domain.com/# this works as expected - query returns :: and A query is forwarded to upstream servers address=/domain.com/:: Anyway, if you do any changes please do not break the possibility to send :: for specific domains while forwarding A queries to upstream servers. filter- is not a solution because I want to prevent IPv6 resolution only for specific domains. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] address option doesn't work correctly if the target domain is a cname
On 16/04/2022 18:13, Анна Тихомирова via Dnsmasq-discuss wrote: Hello. I'm using dnsmasq version 2.86. I've found that address option works incorrectly if the target domain is a cname. Here is an example: 1) Add a domain to dnsmasq configuration: address=/api.ott.kinopoisk.ru/:: 2) Make a DNS query for this domain. Everything is fine now: dnsmasq replies with an IPv4 address received from the upstream DNS server and an IPv6 address from the configuration file root@veronika:~# nslookup api.ott.kinopoisk.ru Server: 127.0.0.1 Address: 127.0.0.1:53 Name: api.ott.kinopoisk.ru Address: :: Non-authoritative answer: api.ott.kinopoisk.ru canonical name = ott-api-production-balancer.ott.yandex.net Name: ott-api-production-balancer.ott.yandex.net Address: 93.158.134.102 Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 query[A] api.ott.kinopoisk.ru from 127.0.0.1 Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 forwarded api.ott.kinopoisk.ru to 213.234.192.7 Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 420 127.0.0.1/58719 query[] api.ott.kinopoisk.ru from 127.0.0.1 Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 420 127.0.0.1/58719 config api.ott.kinopoisk.ru is :: Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 reply api.ott.kinopoisk.ru is Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 reply ott-api-production-balancer.ott.yandex.net is 93.158.134.102 3) You may repeat a query and everything is still fine: root@veronika:~# nslookup api.ott.kinopoisk.ru Server: 127.0.0.1 Address: 127.0.0.1:53 Non-authoritative answer: api.ott.kinopoisk.ru canonical name = ott-api-production-balancer.ott.yandex.net Name: ott-api-production-balancer.ott.yandex.net Address: 93.158.134.102 Name: api.ott.kinopoisk.ru Address: :: Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 431 127.0.0.1/34089 query[A] api.ott.kinopoisk.ru from 127.0.0.1 Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 431 127.0.0.1/34089 cached api.ott.kinopoisk.ru is Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 431 127.0.0.1/34089 cached ott-api-production-balancer.ott.yandex.net is 93.158.134.102 Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 432 127.0.0.1/34089 query[] api.ott.kinopoisk.ru from 127.0.0.1 Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 432 127.0.0.1/34089 cached api.ott.kinopoisk.ru is Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 432 127.0.0.1/34089 config api.ott.kinopoisk.ru is :: 4) Now query the original domain to which our configured domain points to: root@veronika:~# nslookup ott-api-production-balancer.ott.yandex.net Server: 127.0.0.1 Address: 127.0.0.1:53 Non-authoritative answer: Name: ott-api-production-balancer.ott.yandex.net Address: 93.158.134.102 Non-authoritative answer: Name: ott-api-production-balancer.ott.yandex.net Address: 2a02:6b8::272 Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 442 127.0.0.1/51782 query[A] ott-api-production-balancer.ott.yandex.net from 127.0.0.1 Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 442 127.0.0.1/51782 cached ott-api-production-balancer.ott.yandex.net is 93.158.134.102 Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 443 127.0.0.1/51782 query[] ott-api-production-balancer.ott.yandex.net from 127.0.0.1 Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 443 127.0.0.1/51782 forwarded ott-api-production-balancer.ott.yandex.net to 213.234.192.7 Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 443 127.0.0.1/51782 reply ott-api-production-balancer.ott.yandex.net is 2a02:6b8::272 5) Let's query our configured domain again. Now you can see that dnsmasq starts to reply with IPv6 from upstream server instead of our configured IPv6: root@veronika:~# nslookup api.ott.kinopoisk.ru Server: 127.0.0.1 Address: 127.0.0.1:53 Non-authoritative answer: api.ott.kinopoisk.ru canonical name = ott-api-production-balancer.ott.yandex.net Name: ott-api-production-balancer.ott.yandex.net Address: 93.158.134.102 Non-authoritative answer: api.ott.kinopoisk.ru canonical name = ott-api-production-balancer.ott.yandex.net Name: ott-api-production-balancer.ott.yandex.net Address: 2a02:6b8::272 Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 query[A] api.ott.kinopoisk.ru from 127.0.0.1 Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 cached api.ott.kinopoisk.ru is Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 cached ott-api-production-balancer.ott.yandex.net is 93.158.134.102 Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 459 127.0.0.1/35410 query[] api.ott.kinopoisk.ru from 127.0.0.1 Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 459 127.0.0.1/35410 cached api.ott.kinopoisk.ru is Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 459 127.0.0.1/35410 cached
Re: [Dnsmasq-discuss] address option doesn't work correctly if the target domain is a cname
17.04.2022 12:36, Geert Stappers via Dnsmasq-discuss пишет: 1) Add a domain to dnsmasq configuration: address=/api.ott.kinopoisk.ru/:: ??? Is address=/api.ott.kinopoisk.ru/::1 meant? No, :: is meant (null address). It is used to selectively block IPv6 for specific domains. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] address option doesn't work correctly if the target domain is a cname
On Sat, Apr 16, 2022 at 08:13:27PM +0300, Анна Тихомирова via Dnsmasq-discuss wrote: > Hello. > > I'm using dnsmasq version 2.86. > > I've found that address option works incorrectly if the target domain is a > cname. > > Here is an example: > > 1) Add a domain to dnsmasq configuration: > > address=/api.ott.kinopoisk.ru/:: ??? Is address=/api.ott.kinopoisk.ru/::1 meant? > 2) Make a DNS query for this domain. Everything is fine now: dnsmasq replies > with an IPv4 address received from the upstream DNS server and an IPv6 > address from the configuration file > > root@veronika:~# nslookup api.ott.kinopoisk.ru > Server: 127.0.0.1 > Address: 127.0.0.1:53 > > Name: api.ott.kinopoisk.ru > Address: :: > > Non-authoritative answer: > api.ott.kinopoisk.ru canonical name = > ott-api-production-balancer.ott.yandex.net > Name: ott-api-production-balancer.ott.yandex.net > Address: 93.158.134.102 > > Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 query[A] > api.ott.kinopoisk.ru from 127.0.0.1 > Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 > forwarded api.ott.kinopoisk.ru to 213.234.192.7 > Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 420 127.0.0.1/58719 > query[] api.ott.kinopoisk.ru from 127.0.0.1 > Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 420 127.0.0.1/58719 config > api.ott.kinopoisk.ru is :: > Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 reply > api.ott.kinopoisk.ru is > Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 reply > ott-api-production-balancer.ott.yandex.net is 93.158.134.102 > > 3) You may repeat a query and everything is still fine: > > root@veronika:~# nslookup api.ott.kinopoisk.ru > Server: 127.0.0.1 > Address: 127.0.0.1:53 > > Non-authoritative answer: > api.ott.kinopoisk.ru canonical name = > ott-api-production-balancer.ott.yandex.net > Name: ott-api-production-balancer.ott.yandex.net > Address: 93.158.134.102 > > Name: api.ott.kinopoisk.ru > Address: :: > > Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 431 127.0.0.1/34089 query[A] > api.ott.kinopoisk.ru from 127.0.0.1 > Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 431 127.0.0.1/34089 cached > api.ott.kinopoisk.ru is > Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 431 127.0.0.1/34089 cached > ott-api-production-balancer.ott.yandex.net is 93.158.134.102 > Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 432 127.0.0.1/34089 > query[] api.ott.kinopoisk.ru from 127.0.0.1 > Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 432 127.0.0.1/34089 cached > api.ott.kinopoisk.ru is > Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 432 127.0.0.1/34089 config > api.ott.kinopoisk.ru is :: > > 4) Now query the original domain to which our configured domain points to: > > root@veronika:~# nslookup ott-api-production-balancer.ott.yandex.net > Server: 127.0.0.1 > Address: 127.0.0.1:53 > > Non-authoritative answer: > Name: ott-api-production-balancer.ott.yandex.net > Address: 93.158.134.102 > > Non-authoritative answer: > Name: ott-api-production-balancer.ott.yandex.net > Address: 2a02:6b8::272 > > > Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 442 127.0.0.1/51782 query[A] > ott-api-production-balancer.ott.yandex.net from 127.0.0.1 > Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 442 127.0.0.1/51782 cached > ott-api-production-balancer.ott.yandex.net is 93.158.134.102 > Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 443 127.0.0.1/51782 > query[] ott-api-production-balancer.ott.yandex.net from 127.0.0.1 > Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 443 127.0.0.1/51782 > forwarded ott-api-production-balancer.ott.yandex.net to 213.234.192.7 > Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 443 127.0.0.1/51782 reply > ott-api-production-balancer.ott.yandex.net is 2a02:6b8::272 > > 5) Let's query our configured domain again. Now you can see that dnsmasq > starts to reply with IPv6 from upstream server instead of our configured > IPv6: > > root@veronika:~# nslookup api.ott.kinopoisk.ru > Server: 127.0.0.1 > Address: 127.0.0.1:53 > > Non-authoritative answer: > api.ott.kinopoisk.ru canonical name = > ott-api-production-balancer.ott.yandex.net > Name: ott-api-production-balancer.ott.yandex.net > Address: 93.158.134.102 > > Non-authoritative answer: > api.ott.kinopoisk.ru canonical name = > ott-api-production-balancer.ott.yandex.net > Name: ott-api-production-balancer.ott.yandex.net > Address: 2a02:6b8::272 > > > Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 query[A] > api.ott.kinopoisk.ru from 127.0.0.1 > Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 cached > api.ott.kinopoisk.ru is > Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 cached > ott-api-production-balancer.ott.yandex.net is 93.158.134.102 > Sat Apr 16 19:13:37 2022
[Dnsmasq-discuss] address option doesn't work correctly if the target domain is a cname
Hello. I'm using dnsmasq version 2.86. I've found that address option works incorrectly if the target domain is a cname. Here is an example: 1) Add a domain to dnsmasq configuration: address=/api.ott.kinopoisk.ru/:: 2) Make a DNS query for this domain. Everything is fine now: dnsmasq replies with an IPv4 address received from the upstream DNS server and an IPv6 address from the configuration file root@veronika:~# nslookup api.ott.kinopoisk.ru Server: 127.0.0.1 Address: 127.0.0.1:53 Name: api.ott.kinopoisk.ru Address: :: Non-authoritative answer: api.ott.kinopoisk.ru canonical name = ott-api-production-balancer.ott.yandex.net Name: ott-api-production-balancer.ott.yandex.net Address: 93.158.134.102 Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 query[A] api.ott.kinopoisk.ru from 127.0.0.1 Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 forwarded api.ott.kinopoisk.ru to 213.234.192.7 Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 420 127.0.0.1/58719 query[] api.ott.kinopoisk.ru from 127.0.0.1 Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 420 127.0.0.1/58719 config api.ott.kinopoisk.ru is :: Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 reply api.ott.kinopoisk.ru is Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 reply ott-api-production-balancer.ott.yandex.net is 93.158.134.102 3) You may repeat a query and everything is still fine: root@veronika:~# nslookup api.ott.kinopoisk.ru Server: 127.0.0.1 Address: 127.0.0.1:53 Non-authoritative answer: api.ott.kinopoisk.ru canonical name = ott-api-production-balancer.ott.yandex.net Name: ott-api-production-balancer.ott.yandex.net Address: 93.158.134.102 Name: api.ott.kinopoisk.ru Address: :: Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 431 127.0.0.1/34089 query[A] api.ott.kinopoisk.ru from 127.0.0.1 Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 431 127.0.0.1/34089 cached api.ott.kinopoisk.ru is Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 431 127.0.0.1/34089 cached ott-api-production-balancer.ott.yandex.net is 93.158.134.102 Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 432 127.0.0.1/34089 query[] api.ott.kinopoisk.ru from 127.0.0.1 Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 432 127.0.0.1/34089 cached api.ott.kinopoisk.ru is Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 432 127.0.0.1/34089 config api.ott.kinopoisk.ru is :: 4) Now query the original domain to which our configured domain points to: root@veronika:~# nslookup ott-api-production-balancer.ott.yandex.net Server: 127.0.0.1 Address: 127.0.0.1:53 Non-authoritative answer: Name: ott-api-production-balancer.ott.yandex.net Address: 93.158.134.102 Non-authoritative answer: Name: ott-api-production-balancer.ott.yandex.net Address: 2a02:6b8::272 Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 442 127.0.0.1/51782 query[A] ott-api-production-balancer.ott.yandex.net from 127.0.0.1 Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 442 127.0.0.1/51782 cached ott-api-production-balancer.ott.yandex.net is 93.158.134.102 Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 443 127.0.0.1/51782 query[] ott-api-production-balancer.ott.yandex.net from 127.0.0.1 Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 443 127.0.0.1/51782 forwarded ott-api-production-balancer.ott.yandex.net to 213.234.192.7 Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 443 127.0.0.1/51782 reply ott-api-production-balancer.ott.yandex.net is 2a02:6b8::272 5) Let's query our configured domain again. Now you can see that dnsmasq starts to reply with IPv6 from upstream server instead of our configured IPv6: root@veronika:~# nslookup api.ott.kinopoisk.ru Server: 127.0.0.1 Address: 127.0.0.1:53 Non-authoritative answer: api.ott.kinopoisk.ru canonical name = ott-api-production-balancer.ott.yandex.net Name: ott-api-production-balancer.ott.yandex.net Address: 93.158.134.102 Non-authoritative answer: api.ott.kinopoisk.ru canonical name = ott-api-production-balancer.ott.yandex.net Name: ott-api-production-balancer.ott.yandex.net Address: 2a02:6b8::272 Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 query[A] api.ott.kinopoisk.ru from 127.0.0.1 Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 cached api.ott.kinopoisk.ru is Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 cached ott-api-production-balancer.ott.yandex.net is 93.158.134.102 Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 459 127.0.0.1/35410 query[] api.ott.kinopoisk.ru from 127.0.0.1 Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 459 127.0.0.1/35410 cached api.ott.kinopoisk.ru is Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 459 127.0.0.1/35410 cached ott-api-production-balancer.ott.yandex.net is 2a02:6b8::272