Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification
On Mon, Nov 25, 2019 at 05:39:36PM -0500, Brian J. Murrell wrote: > On Mon, 2019-11-25 at 22:44 +0100, Geert Stappers wrote: > > > > note twice a query on NS of example.com > > Yes. That is part of my original report. I query it twice and it > returns inconsistent results. Strange and, I think, the reason why we have this thread. > > # dig +short @127.0.0.1 example.com. ns > > > server.example.com. > > > # dig +short @127.0.0.1 mail.example.com. > > > 9.1.1.18 > > > # dig +short @127.0.0.1 interlinx.bc.ca. ns > > > > Hey, that one was not in the original post. > > Oh damnit. Was just doing a bit of anonymizing and missed one. > That will teach me not to use tools for that. Better not alternating facts. > In any case "interlinx.bc.ca" should actually be "example.com" to > maintain consistency of the report. > > > Back to what the original problem is. (explain what > > inconsistent use of a server=/example.com/ specification > > is supposed to mean) > > It's inconsistent in that multiple queries for example.com's NSes > return inconsistent results. Sometimes it returns the address > configured with: > > server=/example.com/10.75.22.247 > > (i.e. returns 10.75.22.247) and other times it returns the addresses > configured on the global Internet for the NSes for example.com. But it > shouldn't be doing that. The above server=/example.com/10.75.22.247 > should be preventing any lookup of example.com's NSes from anywhere. > They should be "fixed" in dnsmasq's configuration to be 10.75.22.247 > per the above server= configuration. So "The above server=/example.com/10.75.22.247 should be preventing any lookup of example.com's NSes from anywhere." I think I begin to understand what Original Poster wants. But NOT what might be causing the inconsistancy. I hope that OP digs deeper. Groeten Geert Stappers -- Leven en laten leven ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Domain name wildcard match in the --server option
Hi, I looked around the source code and made some modifications to fit my needs. With this patch, server=/.google./127.0.0.1#5053 # match domains with .google. in it or ending with .google #server=/.google/127.0.0.1#5053 # ditto server=/.google.co./127.0.0.1#5053# the same as server=/. google.co/127.0.0.1#5053 server=/.google.com/127.0.0.1#5053 # the same as server=/.google.com./ 127.0.0.1#5053 .google.com.hk will match the /.google.com/, and .google.co.hk will match the /.google.co./ Regards, hmj --- diff --git a/src/forward.c b/src/forward.c index e4745a3..6b5976e 100644 --- a/src/forward.c +++ b/src/forward.c @@ -150,10 +150,19 @@ static unsigned int search_servers(time_t now, union all_addr **addrpp, unsigned } else if (serv->flags & SERV_HAS_DOMAIN) { + int isequal; unsigned int domainlen = strlen(serv->domain); - char *matchstart = qdomain + namelen - domainlen; + char *matchstart = strcasestr(qdomain, serv->domain); + if ((matchstart != NULL) && (*(matchstart+domainlen) == 0 || *(matchstart+domainlen) == '.')) +isequal = 1; + else + { +matchstart = qdomain + namelen - domainlen; +isequal = hostname_isequal(matchstart, serv->domain); + } + if (namelen >= domainlen && -hostname_isequal(matchstart, serv->domain) && +isequal && (domainlen == 0 || namelen == domainlen || *(matchstart-1) == '.' )) { if ((serv->flags & SERV_NO_REBIND) && norebind) @@ -589,9 +598,17 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server unsigned int matchlen = 0; for (ipset_pos = daemon->ipsets; ipset_pos; ipset_pos = ipset_pos->next) { + int isequal; unsigned int domainlen = strlen(ipset_pos->domain); - char *matchstart = daemon->namebuff + namelen - domainlen; - if (namelen >= domainlen && hostname_isequal(matchstart, ipset_pos->domain) && + char *matchstart = strcasestr(daemon->namebuff, ipset_pos->domain); + if ((matchstart != NULL) && (*(matchstart+domainlen) == 0 || *(matchstart+domainlen) == '.')) + isequal = 1; + else +{ + matchstart = daemon->namebuff + namelen - domainlen; + isequal = hostname_isequal(matchstart, ipset_pos->domain); +} + if (namelen >= domainlen && isequal && (domainlen == 0 || namelen == domainlen || *(matchstart - 1) == '.' ) && domainlen >= matchlen) { -- On Sun, Nov 24, 2019 at 4:45 PM Geert Stappers wrote: > On Sun, Nov 24, 2019 at 09:09:20AM +0800, Top Quoter wrote: > > On Sun, Nov 24, 2019 at 1:10 AM Geert Stappers wrote: > > > On Sat, Nov 23, 2019 at 11:48:45PM +0800, New to Mailinglists wrote: > > > > In the config file, I have to write several lines for all domains . > > > > google.com.ar, .google.com.jp, etc. For example, > > > > > > > > server=/.google.com.ar/127.0.0.1#5053 > > > > server=/.google.com.jp/127.0.0.1#5053 > > > > > > > > I just wonder it may be more friendly to use only one line, as > follows, > > > > > > > >server=/.google.com./127.0.0.1#5053 > > > > > > > > to match any .google.com.XX > > > > > > > > > > Please report back if > > > > > > server=/.google.com.*/127.0.0.1#5053 > > > > > > fits your needs. > > > > > > > > No. > > > > server=/.google.com.*/127.0.0.1#5053 > > > > will not match .google.com.XX > > > Acknowledge. > > Time will tell which other possiblities exist. > > > Regards > Geert Stappers > > P.S. > Make reading in the discussion order possible. > Example given > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q4/013526.html > Reply below the text. > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification
I am using version 2.80 and finding dnsmasq's specification of a domain->server_address configuration to be inconsistent. My dnsmasq configuration has: /etc/NetworkManager/dnsmasq.d/00-local:server=/example.com/10.75.22.247 But observe the effects of this configuration: # dig example.com. ns ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54659 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 4 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: db73aa72005723f41aa030675ddc02cdc50f67cb39133a14 (good) ;; QUESTION SECTION: ;example.com. IN NS ;; ANSWER SECTION: example.com.86400 IN NS server.example.com. ;; ADDITIONAL SECTION: server.example.com. 1200IN A 10.75.22.247 server.example.com. 1200IN fd31:aeb1:48df::2 ;; Query time: 73 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Nov 25 11:35:25 EST 2019 ;; MSG SIZE rcvd: 165 # dig mail.example.com. ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> mail.example.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17966 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mail.example.com. IN A ;; ANSWER SECTION: mail.example.com. 300 IN A 9.1.1.18 ;; Query time: 45 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Nov 25 11:43:59 EST 2019 ;; MSG SIZE rcvd: 65 # dig example.com. ns ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35073 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;example.com. IN NS ;; ANSWER SECTION: example.com.60 IN NS ns5.he.net. example.com.60 IN NS ns1.he.net. example.com.60 IN NS ns3.he.net. example.com.60 IN NS server.example.ca. example.com.60 IN NS ns2.he.net. example.com.60 IN NS ns4.he.net. ;; Query time: 52 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Nov 25 11:45:34 EST 2019 ;; MSG SIZE rcvd: 169 As you can see, the first dig returned the proper NS value for the domain as specified in the dnsmasq configuration. But the second dig command returned the address 9.1.1.18 for mail.example.com. That is the wrong address. That is the address that the global Internet copy of that zone has for that name, not the copy on 10.75.22.247. Then the third dig command, which is a duplicate of the first command starts returning the global Internet addresses for the NSes of example.com, not the 10.75.22.247 that is configured into dnsmasq. So somehow, that "server=/example.com/10.75.22.247" is being discarded by dnsmasq in favour of the global Internet's NS addresses for that domain. To be clear, that domain exists both on the global Internet with addresses suitable for the global Internet but it also exists, with different content, suitable for the private network at 10.75.22.247. dnsmasq should only ever be looking at that latter copy, per the configuration directive. But that doesn't seem to be what's happening. It seems to start out that way and then at some point reverts to the global Internet copy of the domain. Thoughts? b. signature.asc Description: This is a digitally signed message part ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification
On Mon, 2019-11-25 at 19:15 +0100, Geert Stappers wrote: > > hostname && cat /etc/resolv.conf # hostname host.example.com # cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 127.0.0.1 Cheers, b. signature.asc Description: This is a digitally signed message part ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification
On Mon, Nov 25, 2019 at 01:44:48PM -0500, Brian J. Murrell wrote: > On Mon, 2019-11-25 at 19:15 +0100, Geert Stappers wrote: > > On 25-11-2019 18:41, Brian J. Murrell wrote: > > > > > I am using version 2.80 and finding dnsmasq's specification of a > > > domain->server_address configuration to be inconsistent. My dnsmasq > > > configuration has: > > > > > > /etc/NetworkManager/dnsmasq.d/00-local:server=/example.com/10.75.22.247 > > > > > > But observe the effects of this configuration: > > > > > > # dig example.com. ns > > > example.com. 86400 IN NS server.example.com. > > > server.example.com. 1200IN A 10.75.22.247 > > > server.example.com. 1200IN fd31:aeb1:48df::2 > > > > > > # dig mail.example.com. > > > mail.example.com. 300 IN A 9.1.1.18 > > > > > > # dig example.com. ns > > > example.com. 60 IN NS ns5.he.net. > > > example.com. 60 IN NS ns1.he.net. > > > example.com. 60 IN NS ns3.he.net. > > > example.com. 60 IN NS server.example.ca. > > > example.com. 60 IN NS ns2.he.net. > > > example.com. 60 IN NS ns4.he.net. > > > > > > As you can see, the first dig returned the proper NS value for the > > > domain as specified in the dnsmasq configuration. But the second dig > > > command returned the address 9.1.1.18 for mail.example.com. That is > > > the wrong address. That is the address that the global Internet copy > > > of that zone has for that name, not the copy on 10.75.22.247. Then the > > > third dig command, which is a duplicate of the first command starts > > > returning the global Internet addresses for the NSes of example.com, > > > not the 10.75.22.247 that is configured into dnsmasq. > > > > > > So somehow, that "server=/example.com/10.75.22.247" is being discarded > > > by dnsmasq in favour of the global Internet's NS addresses for that > > > domain. > > > > > > To be clear, that domain exists both on the global Internet with > > > addresses suitable for the global Internet but it also exists, with > > > different content, suitable for the private network at 10.75.22.247. > > > dnsmasq should only ever be looking at that latter copy, per the > > > configuration directive. But that doesn't seem to be what's happening. > > > It seems to start out that way and then at some point reverts to the > > > global Internet copy of the domain. > > > > > > Thoughts? > > > > > > > hostname && cat /etc/resolv.conf > > > > # hostname > host.example.com Please confirm that each of the above `dig` commands was **all** done at `host.example.com` Please, pretty please, say if I missed that `dig example.com. ns` was done on two different machines. > # cat /etc/resolv.conf > # Generated by NetworkManager > search example.com > nameserver 127.0.0.1 Acknowledge. Please repeat the original test[1] with dig +short @127.0.0.1 example.com. ns dig +short @127.0.0.1 mail.example.com. dig +short @127.0.0.1 example.com. ns and report back. Groeten Geert Stappers [1] multiple tests in case multiple servers were involved in the original test. -- Leven en laten leven ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification
On 25-11-2019 18:41, Brian J. Murrell wrote: > I am using version 2.80 and finding dnsmasq's specification of a > domain->server_address configuration to be inconsistent. My dnsmasq > configuration has: > > /etc/NetworkManager/dnsmasq.d/00-local:server=/example.com/10.75.22.247 > > But observe the effects of this configuration: > > # dig example.com. ns > > ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54659 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 4 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ; COOKIE: db73aa72005723f41aa030675ddc02cdc50f67cb39133a14 (good) > ;; QUESTION SECTION: > ;example.com. IN NS > > ;; ANSWER SECTION: > example.com. 86400 IN NS server.example.com. > > ;; ADDITIONAL SECTION: > server.example.com. 1200IN A 10.75.22.247 > server.example.com. 1200IN fd31:aeb1:48df::2 > > ;; Query time: 73 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Mon Nov 25 11:35:25 EST 2019 > ;; MSG SIZE rcvd: 165 > > # dig mail.example.com. > > ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> mail.example.com. > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17966 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;mail.example.com.IN A > > ;; ANSWER SECTION: > mail.example.com. 300 IN A 9.1.1.18 > > ;; Query time: 45 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Mon Nov 25 11:43:59 EST 2019 > ;; MSG SIZE rcvd: 65 > > # dig example.com. ns > > ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> example.com. ns > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35073 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;example.com. IN NS > > ;; ANSWER SECTION: > example.com. 60 IN NS ns5.he.net. > example.com. 60 IN NS ns1.he.net. > example.com. 60 IN NS ns3.he.net. > example.com. 60 IN NS server.example.ca. > example.com. 60 IN NS ns2.he.net. > example.com. 60 IN NS ns4.he.net. > > ;; Query time: 52 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Mon Nov 25 11:45:34 EST 2019 > ;; MSG SIZE rcvd: 169 > > As you can see, the first dig returned the proper NS value for the > domain as specified in the dnsmasq configuration. But the second dig > command returned the address 9.1.1.18 for mail.example.com. That is > the wrong address. That is the address that the global Internet copy > of that zone has for that name, not the copy on 10.75.22.247. Then the > third dig command, which is a duplicate of the first command starts > returning the global Internet addresses for the NSes of example.com, > not the 10.75.22.247 that is configured into dnsmasq. > > So somehow, that "server=/example.com/10.75.22.247" is being discarded > by dnsmasq in favour of the global Internet's NS addresses for that > domain. > > To be clear, that domain exists both on the global Internet with > addresses suitable for the global Internet but it also exists, with > different content, suitable for the private network at 10.75.22.247. > dnsmasq should only ever be looking at that latter copy, per the > configuration directive. But that doesn't seem to be what's happening. > It seems to start out that way and then at some point reverts to the > global Internet copy of the domain. > > Thoughts? > hostname && cat /etc/resolv.conf ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Domain name wildcard match in the --server option
On Mon, Nov 25, 2019 at 11:56:56PM +0800, Mingjian Hong wrote: > On Sun, Nov 24, 2019 at 4:45 PM Geert Stappers wrote: > > On Sun, Nov 24, 2019 at 09:09:20AM +0800, Top Quoter wrote: > > > On Sun, Nov 24, 2019 at 1:10 AM Geert Stappers wrote: > > > > On Sat, Nov 23, 2019 at 11:48:45PM +0800, New to Mailinglists wrote: > > > > > In the config file, I have to write several lines for all domains . > > > > > google.com.ar, .google.com.jp, etc. For example, > > > > > > > > > > server=/.google.com.ar/127.0.0.1#5053 > > > > > server=/.google.com.jp/127.0.0.1#5053 > > > > > > > > > > I just wonder it may be more friendly to use only one line, as > > > > > follows, > > > > > > > > > >server=/.google.com./127.0.0.1#5053 > > > > > > > > > > to match any .google.com.XX > > > > > > > > > > > > > Please report back if > > > > > > > > server=/.google.com.*/127.0.0.1#5053 > > > > > > > > fits your needs. > > > > > > > > > > > No. > > > > > > server=/.google.com.*/127.0.0.1#5053 > > > > > > will not match .google.com.XX > > > > > > Acknowledge. > > > > Time will tell which other possiblities exist. > > > > > Hi, > > I looked around the source code and made some modifications to fit my needs. > With this patch, Nice > > server=/.google./127.0.0.1#5053 # match domains with .google. in it or > ending with .google > #server=/.google/127.0.0.1#5053 # ditto > server=/.google.co./127.0.0.1#5053# the same as server=/. > google.co/127.0.0.1#5053 > server=/.google.com/127.0.0.1#5053 # the same as server=/.google.com./ > 127.0.0.1#5053 > > .google.com.hk will match the /.google.com/, and .google.co.hk will match > the /.google.co./ > > Regards, > hmj > > --- > diff --git a/src/forward.c b/src/forward.c > index e4745a3..6b5976e 100644 > --- a/src/forward.c > +++ b/src/forward.c > @@ -150,10 +150,19 @@ static unsigned int search_servers(time_t now, union > all_addr **addrpp, unsigned >} > else if (serv->flags & SERV_HAS_DOMAIN) >{ > + int isequal; > unsigned int domainlen = strlen(serv->domain); > - char *matchstart = qdomain + namelen - domainlen; > + char *matchstart = strcasestr(qdomain, serv->domain); > + if ((matchstart != NULL) && (*(matchstart+domainlen) == 0 || > *(matchstart+domainlen) == '.')) > +isequal = 1; > + else > + { > +matchstart = qdomain + namelen - domainlen; > +isequal = hostname_isequal(matchstart, serv->domain); > + } > + > if (namelen >= domainlen && > -hostname_isequal(matchstart, serv->domain) && > +isequal && > (domainlen == 0 || namelen == domainlen || *(matchstart-1) == '.' )) >{ > if ((serv->flags & SERV_NO_REBIND) && norebind) > @@ -589,9 +598,17 @@ static size_t process_reply(struct dns_header *header, > time_t now, struct server >unsigned int matchlen = 0; >for (ipset_pos = daemon->ipsets; ipset_pos; ipset_pos = > ipset_pos->next) > { > + int isequal; >unsigned int domainlen = strlen(ipset_pos->domain); > - char *matchstart = daemon->namebuff + namelen - domainlen; > - if (namelen >= domainlen && hostname_isequal(matchstart, > ipset_pos->domain) && > + char *matchstart = strcasestr(daemon->namebuff, ipset_pos->domain); > + if ((matchstart != NULL) && (*(matchstart+domainlen) == 0 || > *(matchstart+domainlen) == '.')) > + isequal = 1; > + else > +{ > + matchstart = daemon->namebuff + namelen - domainlen; > + isequal = hostname_isequal(matchstart, ipset_pos->domain); > +} > + if (namelen >= domainlen && isequal && >(domainlen == 0 || namelen == domainlen || *(matchstart - 1) == '.' > ) && >domainlen >= matchlen) > { > -- Patch got damaged in email. Please email again, but different. * email as attachment * email with email program that doesn't do line wrapping. Groeten Geert Stappers -- Leven en laten leven ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification
On Mon, 2019-11-25 at 20:59 +0100, Geert Stappers wrote: > > Please confirm that each of the above `dig` commands > was **all** done at `host.example.com` Yes, of course. > Please, pretty please, say if I missed that `dig example.com. ns` was > done on two different machines. No it was not. It would not be a valid bug report if it were. > Acknowledge. Please repeat the original test[1] with > > dig +short @127.0.0.1 example.com. ns > dig +short @127.0.0.1 mail.example.com. > dig +short @127.0.0.1 example.com. ns You can see from the previous dig results that they were all @127.0.0.1. All reported: ;; SERVER: 127.0.0.1#53(127.0.0.1) in their trailer. In any case: # dig +short @127.0.0.1 example.com. ns server.example.com. # dig +short @127.0.0.1 mail.example.com. 9.1.1.18 # dig +short @127.0.0.1 interlinx.bc.ca. ns server.example.ca. ns1.he.net. ns2.he.net. ns3.he.net. ns4.he.net. ns5.he.net. Cheers, b. signature.asc Description: This is a digitally signed message part ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification
On Mon, Nov 25, 2019 at 03:54:47PM -0500, Brian J. Murrell wrote: > On Mon, 2019-11-25 at 20:59 +0100, Geert Stappers wrote: > > > > Please confirm that each of the above `dig` commands > > was **all** done at `host.example.com` > > Yes, of course. Acknowlegde on confirmation of "all at same host" > } } } cat /etc/resolv.conf > } } server 127.0.0.1 > > Acknowledge. Please repeat the original test[1] with > > > > dig +short @127.0.0.1 example.com. ns > > dig +short @127.0.0.1 mail.example.com. > > dig +short @127.0.0.1 example.com. ns note twice a query on NS of example.com > # dig +short @127.0.0.1 example.com. ns > server.example.com. > # dig +short @127.0.0.1 mail.example.com. > 9.1.1.18 > # dig +short @127.0.0.1 interlinx.bc.ca. ns Hey, that one was not in the original post. > server.example.ca. > ns1.he.net. > ns2.he.net. > ns3.he.net. > ns4.he.net. > ns5.he.net. Acknowledge. Back to what the original problem is. (explain what inconsistent use of a server=/example.com/ specification is supposed to mean) Groeten Geert Stappers -- Leven en laten leven ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] inconsistent use of a server=/example.com/ specification
On Mon, 2019-11-25 at 22:44 +0100, Geert Stappers wrote: > > note twice a query on NS of example.com Yes. That is part of my original report. I query it twice and it returns inconsistent results. > # dig +short @127.0.0.1 example.com. ns > > server.example.com. > > # dig +short @127.0.0.1 mail.example.com. > > 9.1.1.18 > > # dig +short @127.0.0.1 interlinx.bc.ca. ns > > Hey, that one was not in the original post. Oh damnit. Was just doing a bit of anonymizing and missed one. That will teach me not to use tools for that. In any case "interlinx.bc.ca" should actually be "example.com" to maintain consistency of the report. > Back to what the original problem is. (explain what > inconsistent use of a server=/example.com/ specification > is supposed to mean) It's inconsistent in that multiple queries for example.com's NSes return inconsistent results. Sometimes it returns the address configured with: server=/example.com/10.75.22.247 (i.e. returns 10.75.22.247) and other times it returns the addresses configured on the global Internet for the NSes for example.com. But it shouldn't be doing that. The above server=/example.com/10.75.22.247 should be preventing any lookup of example.com's NSes from anywhere. They should be "fixed" in dnsmasq's configuration to be 10.75.22.247 per the above server= configuration. Cheers, b. signature.asc Description: This is a digitally signed message part ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss