Re: [Dnsmasq-discuss] Infinite loop in dnsmasq v2.86?

>> 1) I guess you're using DNSSEC, if that correct? Yes, >> 2) How difficult is that to reproduce? It happened twice in the last week. One interesting thing stood out: all three were to the admanmedia.com domain. The messages from one look like this: Jan 4

Re: [Dnsmasq-discuss] Infinite loop in dnsmasq v2.86?

On 09/01/2022 22:27, Simon Kelley wrote: > On 09/01/2022 10:09, Andreas Metzler wrote: >> On 2022-01-06 Andreas Metzler wrote: >>> On 2022-01-05 Simon Kelley wrote: On 04/01/2022 17:11, Andreas Metzler wrote: >>> [...] > FWIW this looks similar to https://bugs.debian.org/1001576 which

Re: [Dnsmasq-discuss] Infinite loop in dnsmasq v2.86?

On 09/01/2022 10:09, Andreas Metzler wrote: > On 2022-01-06 Andreas Metzler wrote: >> On 2022-01-05 Simon Kelley wrote: >>> On 04/01/2022 17:11, Andreas Metzler wrote: >> [...] FWIW this looks similar to https://bugs.debian.org/1001576 which > [...] >>> Are you running with the

Re: [Dnsmasq-discuss] ipset add ipv6 address to ipv4 sets.

On 09/01/2022 06:37, Justin wrote: > So. i have > > local=/google.com/8.8.8.8 > ipset=/google.com/proxy > > when "curl google.com" > dnsmasq log shows: > > ipset add proxy 142.250.217.142 google.com > ipset add proxy 2607:f8b0:4007:818::200e google.com > > looks like dnsmasq does not check the

Re: [Dnsmasq-discuss] strict-order with no-resolv; multi ignore-address

On 09.01.22 13:51, Justin wrote: 3) --all-servers says: By default, when dnsmasq has more than one up‐ stream server available, it will send queries to just one server. by default it will send query to one server, and continues with different server after

[Dnsmasq-discuss] [PATCH] DNS flag day 2020: Minimum safe size is 1232

Hey Simon, Minimum safe size is recommended to be 1232. See https://dnsflagday.net/2020/, relevant parts below: > This year, we are focusing on problems with IP fragmentation of DNS packets. > > IP fragmentation is unreliable on the Internet today, and can cause transmission failures when large

Re: [Dnsmasq-discuss] Infinite loop in dnsmasq v2.86?

On 2022-01-06 Andreas Metzler wrote: > On 2022-01-05 Simon Kelley wrote: >> On 04/01/2022 17:11, Andreas Metzler wrote: > [...] >>> FWIW this looks similar to https://bugs.debian.org/1001576 which [...] >> Are you running with the --strict-order config? The backtrace looks, at >> least

[Dnsmasq-discuss] [PATCH] Alternative to previously submitted patch

Hey Simon, this is alternative PR to previously submitted patch (title "Don't accept queries arriving on alias interface if configured not to do this "). In contrast to the other patch, this one does not fix the bug of listening on both interfaces when asked only to listen on the alias interface

[Dnsmasq-discuss] [PATCH] Log source of ignored query when local-service is used

Hey Simon, this patch adds logging of the source of ignored query when -- local-service is used. The warning itself may not be enough to investigate possible firewall holes, etc. As before, only one message is printed but they may already give enough information for users to fix their firewall

[Dnsmasq-discuss] [PATCH] Don't accept queries arriving on alias interface if configured not to do this

Hey Simon, I found the following bug/misbehavior (whatever you wanna call it): Real interface is eth0. an alias is created as eth0:0 Config --interface=eth0 Queries on eth0 and eth0:0 are accepted because dnsmasq only compares the physical interface name string. Config --interface=eth0:0

Re: [Dnsmasq-discuss] strict-order with no-resolv; multi ignore-address

Hey Justin, On Sun, 2022-01-09 at 13:51 +0800, Justin wrote: > 3) > > --all-servers says: > > By  default,  when  dnsmasq has more than one up‐ >               stream server available, it will send queries  to >               just one server. > > --strict-order says: > >  By default, dnsmasq