Re: [Dnsmasq-discuss] CNAME caching issue in Dnsmasq(2.76)

2019-01-22 Thread Yossi Boaron
OK, thanks for the clarification.

‫בתאריך יום ג׳, 22 בינו׳ 2019 ב-1:43 מאת ‪Simon Kelley‬‏ <‪
si...@thekelleys.org.uk‬‏>:‬

>
>
> On 21/01/2019 07:33, Yossi Boaron wrote:
>
> >
> > Is this dnsmasq limitation is just due to lack of support in code/bug?
> > or it requires massive architectural changes of dnsmasq?
> > If it's the first one, I can try to fix this issue.
> >
>
> It's the second, unfortunately. a DNS query can be answered from an
> upstream source, or locally, but not by a mixture of both.
>
> Simon.
>
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] CNAME caching issue in Dnsmasq(2.76)

2019-01-21 Thread Simon Kelley


On 21/01/2019 07:33, Yossi Boaron wrote:

> 
> Is this dnsmasq limitation is just due to lack of support in code/bug? 
> or it requires massive architectural changes of dnsmasq?
> If it's the first one, I can try to fix this issue.
> 

It's the second, unfortunately. a DNS query can be answered from an
upstream source, or locally, but not by a mixture of both.

Simon.


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] CNAME caching issue in Dnsmasq(2.76)

2019-01-21 Thread Yossi Boaron
Hi Simon,

Thanks a lot for a prompt response.
Unfortunately, I can't have both (CNAME and host) entries in upstream
neither in dnsmasq.

I'll add a few words about what I need to do,
As Openstack tenant, I run an application that composed of few VMs,  the
VMs communicate with other VMs using hostname (the one that defined CNAME)
and VMs may recreate on the fly (means VM's IP changed).

>From one side, as OpenStack tenant I'm not allowed to add CNAME entries to
dnsmasq and from the other side, since the VMs IPs may change dynamically
it isn't practical to store the target IPs in the upstream server.

So, having the CNAME in upstream server and VMs IPs in dnsmasq is the most
suitable solution for me.

Is this dnsmasq limitation is just due to lack of support in code/bug?
or it requires massive architectural changes of dnsmasq?
If it's the first one, I can try to fix this issue.

Thanks
Yossi


‫בתאריך יום ב׳, 21 בינו׳ 2019 ב-0:29 מאת ‪Simon Kelley‬‏ <‪
si...@thekelleys.org.uk‬‏>:‬

> It's a known limitation. The  actual limitation is that a CNAME and it's
> target must both either originate from an upstream server, or both
> originate from the dnsmasq local configuration. Mixing sources (ie CNAME
> from upstream and target from dnsmasq, or vice-versa) is not allowed.
>
> The commonest situation, when a CNAME is defined in dnsmasq's
> configuration whose target comes from upstream, is noted a a problem in
> the man page, but that doesn't mention what you're doing, defining the
> CNAME upstream but the target in dnsmasq. It should probably do that.
>
> Workaround is to add the CNAME to the dnsmasq configuration.
>
> Cheers,
>
> Simon.
>
>
>
>
> On 20/01/2019 11:03, Yossi Boaron wrote:
> >
> > Hi All,
> > I have the following DNS topology (In my Openstack deployment):
> > VM --> DNSMASQ --> external DNS server
> > domain name= shiftstack.com , and Dnsmasq 2.76
> > is used at this Openstack deployment.
> >
> > I run the following test:
> > 1. Define CNAME record at external DNS server
> >
> > ostest-etcd-5.shiftstack.com .
> >  IN   CNAMEostest-master-2
> >
> > 2. while 'ostest-master-2' is defined in --addn-hosts at Dnsmasq:
> > the relevant entry:
> > 10.0.1.214  ostest-master-2.shiftstack.com
> > . ostest-master-2
> >
> > 3. next step, I tried to resolve 'ostest-etcd-5.shiftstack.com
> > .' from the VM.
> > I expected that dig ostest-etcd-5.shiftstack.com
> > . should be replied with the
> > ostest-master-2 IP (10.0.1.214).
> >
> > Actual behavior:
> > When I run dig (see 1)  just for type A, Dnsmasq replied only with the
> > CNAME entry and doesn't return ostest-master-2 IP address.
> >
> > But when I run dig (see 2) for types  and A (at this order), I can
> > see that Dnsmasq resolves  ostest-master-2 IP address as expected.
> >
> > It seems to me like an issue of CNAME caching  at Dnsmasq (2.76),
> > Is it a known issue?
> >
> > Thanks in advance
> > Yossi
> >
> >
> > [1]
> > $ dig +noedns  ostest-etcd-5.shiftstack.com
> > .  A
> >
> > ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>>
> > +noedns ostest-etcd-5.shiftstack.com
> > . A
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13837
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;ostest-etcd-5.shiftstack.com .
> > IN  A
> >
> > ;; ANSWER SECTION:
> > ostest-etcd-5.shiftstack.com .
> > 3600 IN   CNAME   ostest-master-2.shiftstack.com
> > .
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.0.0.2#53(10.0.0.2)
> > ;; WHEN: Sun Jan 20 09:52:48 UTC 2019
> > ;; MSG SIZE  rcvd: 118
> >
> > $
> >
> > [2]
> > $ dig +noedns ostest-etcd-5.shiftstack.com
> > .
> >   ostest-etcd-5.shiftstack.com
> > .  A
> >
> > ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>>
> > +noedns ostest-etcd-5.shiftstack.com
> > .
> >  ostest-etcd-5.shiftstack.com .
> A
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63573
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;ostest-etcd-5.shiftstack.com .
> > IN  
> >
> > ;; ANSWER SECTION:
> > ostest-etcd-5.shiftstack.com .
> > 3600 IN   CNAME   ostest-master-2.shiftstack.com
> > .
> >
> > ;; Query time: 3 msec
> > ;; SERVER: 10.0.0.2#53(10.0.0.2)
> > ;; WHEN: Sun Jan 

Re: [Dnsmasq-discuss] CNAME caching issue in Dnsmasq(2.76)

2019-01-20 Thread Simon Kelley
It's a known limitation. The  actual limitation is that a CNAME and it's
target must both either originate from an upstream server, or both
originate from the dnsmasq local configuration. Mixing sources (ie CNAME
from upstream and target from dnsmasq, or vice-versa) is not allowed.

The commonest situation, when a CNAME is defined in dnsmasq's
configuration whose target comes from upstream, is noted a a problem in
the man page, but that doesn't mention what you're doing, defining the
CNAME upstream but the target in dnsmasq. It should probably do that.

Workaround is to add the CNAME to the dnsmasq configuration.

Cheers,

Simon.




On 20/01/2019 11:03, Yossi Boaron wrote:
> 
> Hi All,
> I have the following DNS topology (In my Openstack deployment):
> VM --> DNSMASQ --> external DNS server 
> domain name= shiftstack.com , and Dnsmasq 2.76
> is used at this Openstack deployment.
> 
> I run the following test:
> 1. Define CNAME record at external DNS server
> 
> ostest-etcd-5.shiftstack.com .   
>  IN   CNAME        ostest-master-2
> 
> 2. while 'ostest-master-2' is defined in --addn-hosts at Dnsmasq:
> the relevant entry:
> 10.0.1.214      ostest-master-2.shiftstack.com
> . ostest-master-2
> 
> 3. next step, I tried to resolve 'ostest-etcd-5.shiftstack.com
> .' from the VM.
> I expected that dig ostest-etcd-5.shiftstack.com
> . should be replied with the
> ostest-master-2 IP (10.0.1.214).
> 
> Actual behavior:
> When I run dig (see 1)  just for type A, Dnsmasq replied only with the
> CNAME entry and doesn't return ostest-master-2 IP address.
> 
> But when I run dig (see 2) for types  and A (at this order), I can
> see that Dnsmasq resolves  ostest-master-2 IP address as expected.
> 
> It seems to me like an issue of CNAME caching  at Dnsmasq (2.76), 
> Is it a known issue?
> 
> Thanks in advance
> Yossi
> 
> 
> [1] 
> $ dig +noedns  ostest-etcd-5.shiftstack.com
> .  A
> 
> ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>>
> +noedns ostest-etcd-5.shiftstack.com
> . A
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13837
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;ostest-etcd-5.shiftstack.com . 
> IN      A
> 
> ;; ANSWER SECTION:
> ostest-etcd-5.shiftstack.com .
> 3600 IN   CNAME   ostest-master-2.shiftstack.com
> .
> 
> ;; Query time: 2 msec
> ;; SERVER: 10.0.0.2#53(10.0.0.2)
> ;; WHEN: Sun Jan 20 09:52:48 UTC 2019
> ;; MSG SIZE  rcvd: 118
> 
> $ 
> 
> [2] 
> $ dig +noedns ostest-etcd-5.shiftstack.com
> .
>   ostest-etcd-5.shiftstack.com
> .  A
> 
> ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>>
> +noedns ostest-etcd-5.shiftstack.com
> .
>  ostest-etcd-5.shiftstack.com . A
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63573
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;ostest-etcd-5.shiftstack.com . 
> IN      
> 
> ;; ANSWER SECTION:
> ostest-etcd-5.shiftstack.com .
> 3600 IN   CNAME   ostest-master-2.shiftstack.com
> .
> 
> ;; Query time: 3 msec
> ;; SERVER: 10.0.0.2#53(10.0.0.2)
> ;; WHEN: Sun Jan 20 09:53:59 UTC 2019
> ;; MSG SIZE  rcvd: 118
> 
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15671
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;ostest-etcd-5.shiftstack.com . 
> IN      A
> 
> ;; ANSWER SECTION:
> ostest-etcd-5.shiftstack.com .
> 3600 IN   CNAME   ostest-master-2.shiftstack.com
> .
> ostest-master-2.shiftstack.com .
> 0 IN    A       10.0.1.214
> 
> ;; Query time: 0 msec
> ;; SERVER: 10.0.0.2#53(10.0.0.2)
> ;; WHEN: Sun Jan 20 09:53:59 UTC 2019
> ;; MSG SIZE  rcvd: 106
> 
> $ 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] CNAME caching issue in Dnsmasq(2.76)

2019-01-20 Thread Yossi Boaron
I run the same test with Dnsmasq 2.80 (2.80-32-g28cfe36) - and got the
similiar results.

10.0.2.200 is the VM's IP address
10.46.4.43 - is the IP address of the external DNS server

The dnsmasq log as response to ' dig +noedns  ostest-etcd-5.shiftstack.com.
A'

Jan 20 12:54:37 dnsmasq[711308]: query[A] ostest-etcd-5.shiftstack.com from
10.0.2.200
Jan 20 12:54:37 dnsmasq[711308]: forwarded ostest-etcd-5.shiftstack.com to
10.46.4.43
Jan 20 12:54:37 dnsmasq[711308]: reply ostest-etcd-5.shiftstack.com is

Jan 20 12:54:37 dnsmasq[711308]: reply ostest-master-2.shiftstack.com is
NODATA-IPv4

The dnsmasq log as response to ' dig +noedns ostest-etcd-5.shiftstack.com.
  ostest-etcd-5.shiftstack.com.  A'

Jan 20 13:07:33 dnsmasq[711308]: query[] ostest-etcd-5.shiftstack.com
from 10.0.2.200
Jan 20 13:07:33 dnsmasq[711308]: forwarded ostest-etcd-5.shiftstack.com to
10.46.4.43
Jan 20 13:07:33 dnsmasq[711308]: reply ostest-etcd-5.shiftstack.com is

Jan 20 13:07:33 dnsmasq[711308]: reply ostest-master-2.shiftstack.com is
NODATA-IPv6
Jan 20 13:07:33 dnsmasq[711308]: query[A] ostest-etcd-5.shiftstack.com from
10.0.2.200
Jan 20 13:07:33 dnsmasq[711308]: cached ostest-etcd-5.shiftstack.com is

Jan 20 13:07:33 dnsmasq[711308]:
/var/lib/neutron/dhcp/1555837d-1114-41af-9820-a4c420f6a1ae/addn_hosts
ostest-master-2.shiftstack.com is 10.0.1.214


After I run once the dig , seems that dig A command works as expected
(probably because CNAME was chached):

Jan 20 13:43:23 dnsmasq[837744]: 2655 10.0.2.200/59700 query[A]
ostest-etcd-5.shiftstack.com from 10.0.2.200
Jan 20 13:43:23 dnsmasq[837744]: 2655 10.0.2.200/59700 cached
ostest-etcd-5.shiftstack.com is 
Jan 20 13:43:23 dnsmasq[837744]: 2655 10.0.2.200/59700
/var/lib/neutron/dhcp/1555837d-1114-41af-9820-a4c420f6a1ae/addn_hosts
ostest-master-2.shiftstack.com is 10.0.1.214

Any help will be appreciated
Yossi


‫בתאריך יום א׳, 20 בינו׳ 2019 ב-13:03 מאת ‪Yossi Boaron‬‏ <‪
yossi.boaron.1...@gmail.com‬‏>:‬

>
> Hi All,
> I have the following DNS topology (In my Openstack deployment):
> VM --> DNSMASQ --> external DNS server
> domain name= shiftstack.com, and Dnsmasq 2.76 is used at this Openstack
> deployment.
>
> I run the following test:
> 1. Define CNAME record at external DNS server
>
> ostest-etcd-5.shiftstack.com. IN   CNAMEostest-master-2
>
> 2. while 'ostest-master-2' is defined in --addn-hosts at Dnsmasq:
> the relevant entry:
> 10.0.1.214  ostest-master-2.shiftstack.com. ostest-master-2
>
> 3. next step, I tried to resolve 'ostest-etcd-5.shiftstack.com.' from the
> VM.
> I expected that dig ostest-etcd-5.shiftstack.com. should be replied with
> the ostest-master-2 IP (10.0.1.214).
>
> Actual behavior:
> When I run dig (see 1)  just for type A, Dnsmasq replied only with the
> CNAME entry and doesn't return ostest-master-2 IP address.
>
> But when I run dig (see 2) for types  and A (at this order), I can see
> that Dnsmasq resolves  ostest-master-2 IP address as expected.
>
> It seems to me like an issue of CNAME caching  at Dnsmasq (2.76),
> Is it a known issue?
>
> Thanks in advance
> Yossi
>
>
> [1]
> $ dig +noedns  ostest-etcd-5.shiftstack.com.  A
>
> ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> +noedns
> ostest-etcd-5.shiftstack.com. A
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13837
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ostest-etcd-5.shiftstack.com.  IN  A
>
> ;; ANSWER SECTION:
> ostest-etcd-5.shiftstack.com. 3600 IN   CNAME
> ostest-master-2.shiftstack.com.
>
> ;; Query time: 2 msec
> ;; SERVER: 10.0.0.2#53(10.0.0.2)
> ;; WHEN: Sun Jan 20 09:52:48 UTC 2019
> ;; MSG SIZE  rcvd: 118
>
> $
>
> [2]
> $ dig +noedns ostest-etcd-5.shiftstack.com. 
> ostest-etcd-5.shiftstack.com.  A
>
> ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> +noedns
> ostest-etcd-5.shiftstack.com.  ostest-etcd-5.shiftstack.com. A
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63573
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ostest-etcd-5.shiftstack.com.  IN  
>
> ;; ANSWER SECTION:
> ostest-etcd-5.shiftstack.com. 3600 IN   CNAME
> ostest-master-2.shiftstack.com.
>
> ;; Query time: 3 msec
> ;; SERVER: 10.0.0.2#53(10.0.0.2)
> ;; WHEN: Sun Jan 20 09:53:59 UTC 2019
> ;; MSG SIZE  rcvd: 118
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15671
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ostest-etcd-5.shiftstack.com.  IN  A
>
> ;; ANSWER SECTION:
> ostest-etcd-5.shiftstack.com. 3600 IN   CNAME
> ostest-master-2.shiftstack.com.
> ostest-master-2.shiftstack.com. 0 INA   10.0.1.214
>
> ;; Query time: 0 msec
> ;; SERVER: 10.0.0.2#53(10.0.0.2)
> ;; WHEN: Sun Jan 20 09:53:59 UTC 2019
> ;; MSG SIZE  rcvd: 106
>
> $
>

[Dnsmasq-discuss] CNAME caching issue in Dnsmasq(2.76)

2019-01-20 Thread Yossi Boaron
Hi All,
I have the following DNS topology (In my Openstack deployment):
VM --> DNSMASQ --> external DNS server
domain name= shiftstack.com, and Dnsmasq 2.76 is used at this Openstack
deployment.

I run the following test:
1. Define CNAME record at external DNS server

ostest-etcd-5.shiftstack.com. IN   CNAMEostest-master-2

2. while 'ostest-master-2' is defined in --addn-hosts at Dnsmasq:
the relevant entry:
10.0.1.214  ostest-master-2.shiftstack.com. ostest-master-2

3. next step, I tried to resolve 'ostest-etcd-5.shiftstack.com.' from the
VM.
I expected that dig ostest-etcd-5.shiftstack.com. should be replied with
the ostest-master-2 IP (10.0.1.214).

Actual behavior:
When I run dig (see 1)  just for type A, Dnsmasq replied only with the
CNAME entry and doesn't return ostest-master-2 IP address.

But when I run dig (see 2) for types  and A (at this order), I can see
that Dnsmasq resolves  ostest-master-2 IP address as expected.

It seems to me like an issue of CNAME caching  at Dnsmasq (2.76),
Is it a known issue?

Thanks in advance
Yossi


[1]
$ dig +noedns  ostest-etcd-5.shiftstack.com.  A

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> +noedns
ostest-etcd-5.shiftstack.com. A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13837
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ostest-etcd-5.shiftstack.com.  IN  A

;; ANSWER SECTION:
ostest-etcd-5.shiftstack.com. 3600 IN   CNAME
ostest-master-2.shiftstack.com.

;; Query time: 2 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Sun Jan 20 09:52:48 UTC 2019
;; MSG SIZE  rcvd: 118

$

[2]
$ dig +noedns ostest-etcd-5.shiftstack.com. 
ostest-etcd-5.shiftstack.com.  A

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> +noedns
ostest-etcd-5.shiftstack.com.  ostest-etcd-5.shiftstack.com. A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63573
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ostest-etcd-5.shiftstack.com.  IN  

;; ANSWER SECTION:
ostest-etcd-5.shiftstack.com. 3600 IN   CNAME
ostest-master-2.shiftstack.com.

;; Query time: 3 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Sun Jan 20 09:53:59 UTC 2019
;; MSG SIZE  rcvd: 118

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15671
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ostest-etcd-5.shiftstack.com.  IN  A

;; ANSWER SECTION:
ostest-etcd-5.shiftstack.com. 3600 IN   CNAME
ostest-master-2.shiftstack.com.
ostest-master-2.shiftstack.com. 0 INA   10.0.1.214

;; Query time: 0 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Sun Jan 20 09:53:59 UTC 2019
;; MSG SIZE  rcvd: 106

$
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss