Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification

2019-11-25 Thread Which Nameserver 
On Mon, Nov 25, 2019 at 05:39:36PM -0500, Brian J. Murrell wrote:
> On Mon, 2019-11-25 at 22:44 +0100, Geert Stappers wrote:
> > 
> > note twice a query on NS of example.com
> 
> Yes.  That is part of my original report.  I query it twice and it
> returns inconsistent results.
 
Strange  and, I think, the reason why we have this thread.


> > # dig +short @127.0.0.1 example.com. ns
> > > server.example.com.
> > > # dig +short @127.0.0.1 mail.example.com.
> > > 9.1.1.18
> > > # dig +short @127.0.0.1 interlinx.bc.ca. ns
> > 
> > Hey, that one was not in the original post.
> 
> Oh damnit.  Was just doing a bit of anonymizing and missed one.
> That will teach me not to use tools for that.

Better not alternating facts.


> In any case "interlinx.bc.ca" should actually be "example.com" to
> maintain consistency of the report.
> 
> > Back to what the original problem is.  (explain what
> >   inconsistent use of a server=/example.com/ specification
> > is supposed to mean)
> 
> It's inconsistent in that multiple queries for example.com's NSes
> return inconsistent results.  Sometimes it returns the address
> configured with:
> 
> server=/example.com/10.75.22.247
> 
> (i.e. returns 10.75.22.247) and other times it returns the addresses
> configured on the global Internet for the NSes for example.com.  But it
> shouldn't be doing that.  The above server=/example.com/10.75.22.247
> should be preventing any lookup of example.com's NSes from anywhere. 
> They should be "fixed" in dnsmasq's configuration to be 10.75.22.247
> per the above server= configuration.

So "The above server=/example.com/10.75.22.247 should be preventing
any lookup of example.com's NSes from anywhere."

I think I begin to understand what Original Poster wants. But NOT
what might be causing the inconsistancy. I hope that OP digs deeper.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Domain name wildcard match in the --server option

2019-11-25 Thread Mingjian Hong 
Hi,

I looked around the source code and made some modifications to fit my needs.
With this patch,

server=/.google./127.0.0.1#5053  # match domains with .google. in it or
ending with .google
#server=/.google/127.0.0.1#5053  # ditto
server=/.google.co./127.0.0.1#5053# the same as server=/.
google.co/127.0.0.1#5053
server=/.google.com/127.0.0.1#5053  # the same as server=/.google.com./
127.0.0.1#5053

.google.com.hk will match the /.google.com/, and .google.co.hk will match
the /.google.co./

Regards,
hmj

---
diff --git a/src/forward.c b/src/forward.c
index e4745a3..6b5976e 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -150,10 +150,19 @@ static unsigned int search_servers(time_t now, union
all_addr **addrpp, unsigned
   }
 else if (serv->flags & SERV_HAS_DOMAIN)
   {
+ int isequal;
  unsigned int domainlen = strlen(serv->domain);
- char *matchstart = qdomain + namelen - domainlen;
+ char *matchstart = strcasestr(qdomain, serv->domain);
+ if ((matchstart != NULL) && (*(matchstart+domainlen) == 0 ||
*(matchstart+domainlen) == '.'))
+isequal = 1;
+ else
+  {
+matchstart = qdomain + namelen - domainlen;
+isequal = hostname_isequal(matchstart, serv->domain);
+  }
+
  if (namelen >= domainlen &&
-hostname_isequal(matchstart, serv->domain) &&
+isequal &&
 (domainlen == 0 || namelen == domainlen || *(matchstart-1) == '.' ))
   {
 if ((serv->flags & SERV_NO_REBIND) && norebind)
@@ -589,9 +598,17 @@ static size_t process_reply(struct dns_header *header,
time_t now, struct server
   unsigned int matchlen = 0;
   for (ipset_pos = daemon->ipsets; ipset_pos; ipset_pos =
ipset_pos->next)
  {
+  int isequal;
   unsigned int domainlen = strlen(ipset_pos->domain);
-  char *matchstart = daemon->namebuff + namelen - domainlen;
-  if (namelen >= domainlen && hostname_isequal(matchstart,
ipset_pos->domain) &&
+  char *matchstart = strcasestr(daemon->namebuff, ipset_pos->domain);
+  if ((matchstart != NULL) && (*(matchstart+domainlen) == 0 ||
*(matchstart+domainlen) == '.'))
+  isequal = 1;
+  else
+{
+  matchstart = daemon->namebuff + namelen - domainlen;
+  isequal = hostname_isequal(matchstart, ipset_pos->domain);
+}
+  if (namelen >= domainlen && isequal &&
   (domainlen == 0 || namelen == domainlen || *(matchstart - 1) == '.'
) &&
   domainlen >= matchlen)
 {
--

On Sun, Nov 24, 2019 at 4:45 PM Geert Stappers  wrote:

> On Sun, Nov 24, 2019 at 09:09:20AM +0800, Top Quoter wrote:
> > On Sun, Nov 24, 2019 at 1:10 AM Geert Stappers wrote:
> > > On Sat, Nov 23, 2019 at 11:48:45PM +0800, New to Mailinglists wrote:
> > > > In the config file, I have to write several lines for all domains .
> > > > google.com.ar, .google.com.jp, etc. For example,
> > > >
> > > > server=/.google.com.ar/127.0.0.1#5053
> > > > server=/.google.com.jp/127.0.0.1#5053
> > > >
> > > > I just wonder it may be more friendly to use only one line, as
> follows,
> > > >
> > > >server=/.google.com./127.0.0.1#5053
> > > >
> > > > to match any .google.com.XX
> > > >
> > >
> > > Please report back if
> > >
> > > server=/.google.com.*/127.0.0.1#5053
> > >
> > > fits your needs.
> > >
> > >
> > No.
> >
> > server=/.google.com.*/127.0.0.1#5053
> >
> > will not match .google.com.XX
>
>
> Acknowledge.
>
> Time will tell which other possiblities exist.
>
>
> Regards
> Geert Stappers
>
> P.S.
> Make reading in the discussion order possible.
> Example given
> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q4/013526.html
> Reply below the text.
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification

2019-11-25 Thread Brian J. Murrell 
I am using version 2.80 and finding dnsmasq's specification of a
domain->server_address configuration to be inconsistent.  My dnsmasq
configuration has:

/etc/NetworkManager/dnsmasq.d/00-local:server=/example.com/10.75.22.247

But observe the effects of this configuration:

# dig example.com. ns

; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54659
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: db73aa72005723f41aa030675ddc02cdc50f67cb39133a14 (good)
;; QUESTION SECTION:
;example.com.   IN  NS

;; ANSWER SECTION:
example.com.86400   IN  NS  server.example.com.

;; ADDITIONAL SECTION:
server.example.com. 1200IN  A   10.75.22.247
server.example.com. 1200IN  fd31:aeb1:48df::2

;; Query time: 73 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 25 11:35:25 EST 2019
;; MSG SIZE  rcvd: 165

# dig mail.example.com.

; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> mail.example.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17966
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.example.com.  IN  A

;; ANSWER SECTION:
mail.example.com.   300 IN  A   9.1.1.18

;; Query time: 45 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 25 11:43:59 EST 2019
;; MSG SIZE  rcvd: 65

# dig example.com. ns

; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35073
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com.   IN  NS

;; ANSWER SECTION:
example.com.60  IN  NS  ns5.he.net.
example.com.60  IN  NS  ns1.he.net.
example.com.60  IN  NS  ns3.he.net.
example.com.60  IN  NS  server.example.ca.
example.com.60  IN  NS  ns2.he.net.
example.com.60  IN  NS  ns4.he.net.

;; Query time: 52 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 25 11:45:34 EST 2019
;; MSG SIZE  rcvd: 169

As you can see, the first dig returned the proper NS value for the
domain as specified in the dnsmasq configuration.  But the second dig
command returned the address 9.1.1.18 for mail.example.com.  That is
the wrong address.  That is the address that the global Internet copy
of that zone has for that name, not the copy on 10.75.22.247.  Then the
third dig command, which is a duplicate of the first command starts
returning the global Internet addresses for the NSes of example.com,
not the 10.75.22.247 that is configured into dnsmasq.

So somehow, that "server=/example.com/10.75.22.247" is being discarded
by dnsmasq in favour of the global Internet's NS addresses for that
domain.

To be clear, that domain exists both on the global Internet with
addresses suitable for the global Internet but it also exists, with
different content, suitable for the private network at 10.75.22.247. 
dnsmasq should only ever be looking at that latter copy, per the
configuration directive.  But that doesn't seem to be what's happening.
It seems to start out that way and then at some point reverts to the
global Internet copy of the domain.

Thoughts?

b.



signature.asc
Description: This is a digitally signed message part
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification

2019-11-25 Thread Brian J. Murrell 
On Mon, 2019-11-25 at 19:15 +0100, Geert Stappers wrote:
> 
> hostname && cat /etc/resolv.conf

# hostname
host.example.com
# cat /etc/resolv.conf 
# Generated by NetworkManager
search example.com
nameserver 127.0.0.1

Cheers,
b.



signature.asc
Description: This is a digitally signed message part
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification

2019-11-25 Thread Geert Stappers 
On Mon, Nov 25, 2019 at 01:44:48PM -0500, Brian J. Murrell wrote:
> On Mon, 2019-11-25 at 19:15 +0100, Geert Stappers wrote:
> > On 25-11-2019 18:41, Brian J. Murrell wrote:
> > 
> > > I am using version 2.80 and finding dnsmasq's specification of a
> > > domain->server_address configuration to be inconsistent.  My dnsmasq
> > > configuration has:
> > >
> > > /etc/NetworkManager/dnsmasq.d/00-local:server=/example.com/10.75.22.247
> > >
> > > But observe the effects of this configuration:
> > >
> > > # dig example.com. ns
> > > example.com.  86400   IN  NS  server.example.com.
> > > server.example.com.   1200IN  A   10.75.22.247
> > > server.example.com.   1200IN  fd31:aeb1:48df::2
> > >
> > > # dig mail.example.com.
> > > mail.example.com. 300 IN  A   9.1.1.18
> > >
> > > # dig example.com. ns
> > > example.com.  60  IN  NS  ns5.he.net.
> > > example.com.  60  IN  NS  ns1.he.net.
> > > example.com.  60  IN  NS  ns3.he.net.
> > > example.com.  60  IN  NS  server.example.ca.
> > > example.com.  60  IN  NS  ns2.he.net.
> > > example.com.  60  IN  NS  ns4.he.net.
> > >
> > > As you can see, the first dig returned the proper NS value for the
> > > domain as specified in the dnsmasq configuration.  But the second dig
> > > command returned the address 9.1.1.18 for mail.example.com.  That is
> > > the wrong address.  That is the address that the global Internet copy
> > > of that zone has for that name, not the copy on 10.75.22.247.  Then the
> > > third dig command, which is a duplicate of the first command starts
> > > returning the global Internet addresses for the NSes of example.com,
> > > not the 10.75.22.247 that is configured into dnsmasq.
> > >
> > > So somehow, that "server=/example.com/10.75.22.247" is being discarded
> > > by dnsmasq in favour of the global Internet's NS addresses for that
> > > domain.
> > >
> > > To be clear, that domain exists both on the global Internet with
> > > addresses suitable for the global Internet but it also exists, with
> > > different content, suitable for the private network at 10.75.22.247. 
> > > dnsmasq should only ever be looking at that latter copy, per the
> > > configuration directive.  But that doesn't seem to be what's happening.
> > > It seems to start out that way and then at some point reverts to the
> > > global Internet copy of the domain.
> > >
> > > Thoughts?
> > >
> > 
> > hostname && cat /etc/resolv.conf
> > 
> 
> # hostname
> host.example.com

Please confirm that each of the above `dig` commands
was **all** done at `host.example.com`

Please, pretty please, say if I missed that `dig example.com. ns` was
done on two different machines.


> # cat /etc/resolv.conf 
> # Generated by NetworkManager
> search example.com
> nameserver 127.0.0.1

Acknowledge. Please repeat the original test[1] with

dig +short @127.0.0.1 example.com. ns
dig +short @127.0.0.1 mail.example.com.
dig +short @127.0.0.1 example.com. ns

and report back.


Groeten
Geert Stappers

[1] multiple tests
in case multiple servers were involved in the original test.
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification

2019-11-25 Thread Geert Stappers 
On 25-11-2019 18:41, Brian J. Murrell wrote:

> I am using version 2.80 and finding dnsmasq's specification of a
> domain->server_address configuration to be inconsistent.  My dnsmasq
> configuration has:
>
> /etc/NetworkManager/dnsmasq.d/00-local:server=/example.com/10.75.22.247
>
> But observe the effects of this configuration:
>
> # dig example.com. ns
>
> ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54659
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 4
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: db73aa72005723f41aa030675ddc02cdc50f67cb39133a14 (good)
> ;; QUESTION SECTION:
> ;example.com. IN  NS
>
> ;; ANSWER SECTION:
> example.com.  86400   IN  NS  server.example.com.
>
> ;; ADDITIONAL SECTION:
> server.example.com.   1200IN  A   10.75.22.247
> server.example.com.   1200IN  fd31:aeb1:48df::2
>
> ;; Query time: 73 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Nov 25 11:35:25 EST 2019
> ;; MSG SIZE  rcvd: 165
>
> # dig mail.example.com.
>
> ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> mail.example.com.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17966
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;mail.example.com.IN  A
>
> ;; ANSWER SECTION:
> mail.example.com. 300 IN  A   9.1.1.18
>
> ;; Query time: 45 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Nov 25 11:43:59 EST 2019
> ;; MSG SIZE  rcvd: 65
>
> # dig example.com. ns
>
> ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35073
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;example.com. IN  NS
>
> ;; ANSWER SECTION:
> example.com.  60  IN  NS  ns5.he.net.
> example.com.  60  IN  NS  ns1.he.net.
> example.com.  60  IN  NS  ns3.he.net.
> example.com.  60  IN  NS  server.example.ca.
> example.com.  60  IN  NS  ns2.he.net.
> example.com.  60  IN  NS  ns4.he.net.
>
> ;; Query time: 52 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Nov 25 11:45:34 EST 2019
> ;; MSG SIZE  rcvd: 169
>
> As you can see, the first dig returned the proper NS value for the
> domain as specified in the dnsmasq configuration.  But the second dig
> command returned the address 9.1.1.18 for mail.example.com.  That is
> the wrong address.  That is the address that the global Internet copy
> of that zone has for that name, not the copy on 10.75.22.247.  Then the
> third dig command, which is a duplicate of the first command starts
> returning the global Internet addresses for the NSes of example.com,
> not the 10.75.22.247 that is configured into dnsmasq.
>
> So somehow, that "server=/example.com/10.75.22.247" is being discarded
> by dnsmasq in favour of the global Internet's NS addresses for that
> domain.
>
> To be clear, that domain exists both on the global Internet with
> addresses suitable for the global Internet but it also exists, with
> different content, suitable for the private network at 10.75.22.247. 
> dnsmasq should only ever be looking at that latter copy, per the
> configuration directive.  But that doesn't seem to be what's happening.
> It seems to start out that way and then at some point reverts to the
> global Internet copy of the domain.
>
> Thoughts?
>

hostname && cat /etc/resolv.conf




___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Domain name wildcard match in the --server option

2019-11-25 Thread Geert Stappers 
On Mon, Nov 25, 2019 at 11:56:56PM +0800, Mingjian Hong wrote:
> On Sun, Nov 24, 2019 at 4:45 PM Geert Stappers wrote:
> > On Sun, Nov 24, 2019 at 09:09:20AM +0800, Top Quoter wrote:
> > > On Sun, Nov 24, 2019 at 1:10 AM Geert Stappers wrote:
> > > > On Sat, Nov 23, 2019 at 11:48:45PM +0800, New to Mailinglists wrote:
> > > > > In the config file, I have to write several lines for all domains .
> > > > > google.com.ar, .google.com.jp, etc. For example,
> > > > >
> > > > > server=/.google.com.ar/127.0.0.1#5053
> > > > > server=/.google.com.jp/127.0.0.1#5053
> > > > >
> > > > > I just wonder it may be more friendly to use only one line, as 
> > > > > follows,
> > > > >
> > > > >server=/.google.com./127.0.0.1#5053
> > > > >
> > > > > to match any .google.com.XX
> > > > >
> > > >
> > > > Please report back if
> > > >
> > > > server=/.google.com.*/127.0.0.1#5053
> > > >
> > > > fits your needs.
> > > >
> > > >
> > > No.
> > >
> > > server=/.google.com.*/127.0.0.1#5053
> > >
> > > will not match .google.com.XX
> >
> >
> > Acknowledge.
> >
> > Time will tell which other possiblities exist.
> >
> >
> Hi,
> 
> I looked around the source code and made some modifications to fit my needs.
> With this patch,

Nice

> 
> server=/.google./127.0.0.1#5053  # match domains with .google. in it or
> ending with .google
> #server=/.google/127.0.0.1#5053  # ditto
> server=/.google.co./127.0.0.1#5053# the same as server=/.
> google.co/127.0.0.1#5053
> server=/.google.com/127.0.0.1#5053  # the same as server=/.google.com./
> 127.0.0.1#5053
> 
> .google.com.hk will match the /.google.com/, and .google.co.hk will match
> the /.google.co./
> 
> Regards,
> hmj
> 
> ---
> diff --git a/src/forward.c b/src/forward.c
> index e4745a3..6b5976e 100644
> --- a/src/forward.c
> +++ b/src/forward.c
> @@ -150,10 +150,19 @@ static unsigned int search_servers(time_t now, union
> all_addr **addrpp, unsigned
>}
>  else if (serv->flags & SERV_HAS_DOMAIN)
>{
> + int isequal;
>   unsigned int domainlen = strlen(serv->domain);
> - char *matchstart = qdomain + namelen - domainlen;
> + char *matchstart = strcasestr(qdomain, serv->domain);
> + if ((matchstart != NULL) && (*(matchstart+domainlen) == 0 ||
> *(matchstart+domainlen) == '.'))
> +isequal = 1;
> + else
> +  {
> +matchstart = qdomain + namelen - domainlen;
> +isequal = hostname_isequal(matchstart, serv->domain);
> +  }
> +
>   if (namelen >= domainlen &&
> -hostname_isequal(matchstart, serv->domain) &&
> +isequal &&
>  (domainlen == 0 || namelen == domainlen || *(matchstart-1) == '.' ))
>{
>  if ((serv->flags & SERV_NO_REBIND) && norebind)
> @@ -589,9 +598,17 @@ static size_t process_reply(struct dns_header *header,
> time_t now, struct server
>unsigned int matchlen = 0;
>for (ipset_pos = daemon->ipsets; ipset_pos; ipset_pos =
> ipset_pos->next)
>   {
> +  int isequal;
>unsigned int domainlen = strlen(ipset_pos->domain);
> -  char *matchstart = daemon->namebuff + namelen - domainlen;
> -  if (namelen >= domainlen && hostname_isequal(matchstart,
> ipset_pos->domain) &&
> +  char *matchstart = strcasestr(daemon->namebuff, ipset_pos->domain);
> +  if ((matchstart != NULL) && (*(matchstart+domainlen) == 0 ||
> *(matchstart+domainlen) == '.'))
> +  isequal = 1;
> +  else
> +{
> +  matchstart = daemon->namebuff + namelen - domainlen;
> +  isequal = hostname_isequal(matchstart, ipset_pos->domain);
> +}
> +  if (namelen >= domainlen && isequal &&
>(domainlen == 0 || namelen == domainlen || *(matchstart - 1) == '.'
> ) &&
>domainlen >= matchlen)
>  {
> --
 
Patch got damaged in email. Please email again, but different.
* email as attachment
* email with email program that doesn't do line wrapping.


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification

2019-11-25 Thread Brian J. Murrell 
On Mon, 2019-11-25 at 20:59 +0100, Geert Stappers wrote:
> 
> Please confirm that each of the above `dig` commands
> was **all** done at `host.example.com`

Yes, of course.

> Please, pretty please, say if I missed that `dig example.com. ns` was
> done on two different machines.

No it was not.  It would not be a valid bug report if it were.

> Acknowledge. Please repeat the original test[1] with
> 
> dig +short @127.0.0.1 example.com. ns
> dig +short @127.0.0.1 mail.example.com.
> dig +short @127.0.0.1 example.com. ns

You can see from the previous dig results that they were all
@127.0.0.1.  All reported:

;; SERVER: 127.0.0.1#53(127.0.0.1)

in their trailer.

In any case:

# dig +short @127.0.0.1 example.com. ns
server.example.com.
# dig +short @127.0.0.1 mail.example.com.
9.1.1.18
# dig +short @127.0.0.1 interlinx.bc.ca. ns
server.example.ca.
ns1.he.net.
ns2.he.net.
ns3.he.net.
ns4.he.net.
ns5.he.net.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification

2019-11-25 Thread Geert Stappers 
On Mon, Nov 25, 2019 at 03:54:47PM -0500, Brian J. Murrell wrote:
> On Mon, 2019-11-25 at 20:59 +0100, Geert Stappers wrote:
> > 
> > Please confirm that each of the above `dig` commands
> > was **all** done at `host.example.com`
> 
> Yes, of course.

Acknowlegde on confirmation of "all at same host"
 
> } } } cat /etc/resolv.conf
> } } server 127.0.0.1
> > Acknowledge. Please repeat the original test[1] with
> > 
> > dig +short @127.0.0.1 example.com. ns
> > dig +short @127.0.0.1 mail.example.com.
> > dig +short @127.0.0.1 example.com. ns

note twice a query on NS of example.com

 
> # dig +short @127.0.0.1 example.com. ns
> server.example.com.
> # dig +short @127.0.0.1 mail.example.com.
> 9.1.1.18
> # dig +short @127.0.0.1 interlinx.bc.ca. ns

Hey, that one was not in the original post.


> server.example.ca.
> ns1.he.net.
> ns2.he.net.
> ns3.he.net.
> ns4.he.net.
> ns5.he.net.

Acknowledge.


Back to what the original problem is.  (explain what
  inconsistent use of a server=/example.com/ specification
is supposed to mean)


Groeten
Geert Stappers
-- 
Leven en laten leven

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification

2019-11-25 Thread Brian J. Murrell 
On Mon, 2019-11-25 at 22:44 +0100, Geert Stappers wrote:
> 
> note twice a query on NS of example.com

Yes.  That is part of my original report.  I query it twice and it
returns inconsistent results.

> # dig +short @127.0.0.1 example.com. ns
> > server.example.com.
> > # dig +short @127.0.0.1 mail.example.com.
> > 9.1.1.18
> > # dig +short @127.0.0.1 interlinx.bc.ca. ns
> 
> Hey, that one was not in the original post.

Oh damnit.  Was just doing a bit of anonymizing and missed one.  That
will teach me not to use tools for that.  In any case "interlinx.bc.ca"
should actually be "example.com" to maintain consistency of the report.

> Back to what the original problem is.  (explain what
>   inconsistent use of a server=/example.com/ specification
> is supposed to mean)

It's inconsistent in that multiple queries for example.com's NSes
return inconsistent results.  Sometimes it returns the address
configured with:

server=/example.com/10.75.22.247

(i.e. returns 10.75.22.247) and other times it returns the addresses
configured on the global Internet for the NSes for example.com.  But it
shouldn't be doing that.  The above server=/example.com/10.75.22.247
should be preventing any lookup of example.com's NSes from anywhere. 
They should be "fixed" in dnsmasq's configuration to be 10.75.22.247
per the above server= configuration.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss