date:20161207

Re: [Dnsmasq-discuss] Format Errors using add-subnet

2016-12-07 Thread Scott Bonar

Albert,


First let me be clear - I don't believe this is a DNSMasq issue since I can 
reproduce it with dig.  I was just hoping with all the DNS experts on this 
forum that someone would have seen this issue with the Windows Server and give 
me some pointers on possible solutions.


Second, here is an example trace of the error.


No. Time   SourceDestination   Protocol 
Length Info
  1 0.00   172.19.9.210  65.153.116.46 DNS  97  
   Standard query 0x7613 A www.google.com OPT

Frame 1: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
Ethernet II, Src: Shuttle_97:5f:7c (80:ee:73:97:5f:7c), Dst: JuniperN_b1:4a:e0 
(0c:86:10:b1:4a:e0)
Internet Protocol Version 4, Src: 172.19.9.210, Dst: 65.153.116.46
User Datagram Protocol, Src Port: 54012, Dst Port: 53
Domain Name System (query)
[Response In: 2]
Transaction ID: 0x7613
Flags: 0x0120 Standard query
0...    = Response: Message is a query
.000 0...   = Opcode: Standard query (0)
 ..0.   = Truncated: Message is not truncated
 ...1   = Recursion desired: Do query recursively
  .0..  = Z: reserved (0)
  ..1.  = AD bit: Set
  ...0  = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.google.com: type A, class IN
Name: www.google.com
[Name Length: 14]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
: type OPT
Name: 
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x
0...    = DO bit: Cannot handle DNSSEC security RRs
.000    = Reserved: 0x
Data length: 12
Option: CSUBNET - Client subnet
Option Code: CSUBNET - Client subnet (8)
Option Length: 8
Option Data: 00012000ac1309d2
Family: IPv4 (1)
Source Netmask: 32
Scope Netmask: 0
Client Subnet: 172.19.9.210

No. Time   SourceDestination   Protocol 
Length Info
  2 0.025748   65.153.116.46 172.19.9.210  DNS  97  
   Standard query response 0x7613 Format error A www.google.com OPT

Frame 2: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
Ethernet II, Src: JuniperN_b1:4a:e0 (0c:86:10:b1:4a:e0), Dst: Shuttle_97:5f:7c 
(80:ee:73:97:5f:7c)
Internet Protocol Version 4, Src: 65.153.116.46, Dst: 172.19.9.210
User Datagram Protocol, Src Port: 53, Dst Port: 54012
Domain Name System (response)
[Request In: 1]
[Time: 0.025748000 seconds]
Transaction ID: 0x7613
Flags: 0x8101 Standard query response, Format error
1...    = Response: Message is a response
.000 0...   = Opcode: Standard query (0)
 .0..   = Authoritative: Server is not an authority for 
domain
 ..0.   = Truncated: Message is not truncated
 ...1   = Recursion desired: Do query recursively
  0...  = Recursion available: Server can't do recursive 
queries
  .0..  = Z: reserved (0)
  ..0.  = Answer authenticated: Answer/authority portion 
was not authenticated by the server
  ...0  = Non-authenticated data: Unacceptable
   0001 = Reply code: Format error (1)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.google.com: type A, class IN
Name: www.google.com
[Name Length: 14]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
: type OPT
Name: 
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x
0...    = DO bit: Cannot handle DNSSEC security RRs
.000    = Reserved: 0x
Data length: 12
Option: CSUBNET - Client subnet
Option Code: CSUBNET - Client subnet (8)
Option Length: 8
Option Data: 00012000ac1309d2
Family: IPv4 (1)
Source Netmask: 32
Scope Netmask: 0
Client Subnet: 172.19.9.210



From: Albert ARIBAUD 
Sent: Wednesday, December 7, 2016 6:20:32 AM
To: Scott Bonar
Cc: dnsmasq-discuss@lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] Format Errors

Re: [Dnsmasq-discuss] listen-backlog option to override default (too small) value

2016-12-07 Thread Donatas Abraitis

Of course patch is tested ;-)
Some output:
% ./src/dnsmasq --port 1025 --listen-backlog 100
% ss -ntl sport = :1025
Recv-Q Send-Q
Local
Address:Port
Peer Address:Port
0
100
:::1025
:::*
0
100
*:1025

On Wed, Dec 7, 2016 at 3:28 PM, Albert ARIBAUD 
wrote:

> Hi Donatas,
>
> Le Wed, 7 Dec 2016 14:43:22 +0200
> Donatas Abraitis  a écrit:
>
> > Hi folks,
> >
> > for our case at Hostinger, we have a problem while too much
> > TcpListenOverflows:
> > [root@us-imm-dns1 ~]# nstat -az | grep TcpExtListenOverflows
> > TcpExtListenOverflows   2990.0
> > [root@us-imm-dns1 ~]# ss -ntl sport = :53
> > State   Recv-Q Send-Q
> > Local
> > Address:Port
> > Peer Address:Port LISTEN  0
> > 5
> > *:53
> > *:*
> > LISTEN  0
> > 5
> > :::53
> > :::*
> >
> > probe kernel.function("tcp_check_req")
> > {
> > tcphdr = __get_skb_tcphdr($skb);
> > dport = __tcp_skb_dport(tcphdr)
> > if ($sk->sk_ack_backlog > $sk->sk_max_ack_backlog)
> > printf("listen queue for port(%d): %d/%d\n",
> > dport,
> > $sk->sk_ack_backlog,
> > $sk->sk_max_ack_backlog);
> > }
> >
> > [root@us-imm-dns1 ~]# staprun overflow.ko
> > listen queue for port(53): 13/5
> > listen queue for port(53): 13/5
> > listen queue for port(53): 14/5
> >
> > here is the proposed patch:
> >
> > commit fa610cd424b905720832afc8636373bb132f49c1
> > Author: Donatas Abraitis 
> > Date:   Sun Dec 9 09:58:51 2012 +0200
> >
> > Add `listen-backlog` option to override default 5 (too small)
> >
> > diff --git a/src/dnsmasq.h b/src/dnsmasq.h
> > index 4b55bb5..b717df3 100644
> > --- a/src/dnsmasq.h
> > +++ b/src/dnsmasq.h
> > @@ -980,6 +980,7 @@ extern struct daemon {
> >struct dhcp_netid_list *force_broadcast, *bootp_dynamic;
> >struct hostsfile *dhcp_hosts_file, *dhcp_opts_file, *dynamic_dirs;
> >int dhcp_max, tftp_max, tftp_mtu;
> > +  int listen_backlog;
> >int dhcp_server_port, dhcp_client_port;
> >int start_tftp_port, end_tftp_port;
> >unsigned int min_leasetime;
> > diff --git a/src/network.c b/src/network.c
> > index d87d08f..1e9d188 100644
> > --- a/src/network.c
> > +++ b/src/network.c
> > @@ -746,7 +746,7 @@ static int make_sock(union mysockaddr *addr, int
> > type, int dienow)
> >
> >if (type == SOCK_STREAM)
> >  {
> > -  if (listen(fd, 5) == -1)
> > +  if (listen(fd, daemon->listen_backlog) == -1)
> > goto err;
> >  }
> >else if (family == AF_INET)
> > diff --git a/src/option.c b/src/option.c
> > index d0d9509..220303e 100644
> > --- a/src/option.c
> > +++ b/src/option.c
> > @@ -159,6 +159,7 @@ struct myoption {
> >  #define LOPT_SCRIPT_ARP347
> >  #define LOPT_DHCPTTL   348
> >  #define LOPT_TFTP_MTU  349
> > +#define LOPT_BACKLOG   350
> >
> >  #ifdef HAVE_GETOPT_LONG
> >  static const struct option opts[] =
> > @@ -190,6 +191,7 @@ static const struct myoption opts[] =
> >  { "domain-suffix", 1, 0, 's' },
> >  { "interface", 1, 0, 'i' },
> >  { "listen-address", 1, 0, 'a' },
> > +{ "listen-backlog", 1, 0, LOPT_BACKLOG },
> >  { "local-service", 0, 0, LOPT_LOCAL_SERVICE },
> >  { "bogus-priv", 0, 0, 'b' },
> >  { "bogus-nxdomain", 1, 0, 'B' },
> > @@ -394,6 +396,7 @@ static struct {
> >{ 't', ARG_ONE, "", gettext_noop("Specify default
> > target in an MX record."), NULL },
> >{ 'T', ARG_ONE, "", gettext_noop("Specify time-to-live in
> > seconds for replies from /etc/hosts."), NULL },
> >{ LOPT_NEGTTL, ARG_ONE, "", gettext_noop("Specify
> > time-to-live in seconds for negative caching."), NULL },
> > +  { LOPT_BACKLOG, ARG_ONE, "", gettext_noop("Set the backlog
> > queue limit."), NULL },
> >{ LOPT_MAXTTL, ARG_ONE, "", gettext_noop("Specify
> > time-to-live in seconds for maximum TTL to send to clients."), NULL },
> >{ LOPT_MAXCTTL, ARG_ONE, "", gettext_noop("Specify
> > time-to-live ceiling for cache."), NULL },
> >{ LOPT_MINCTTL, ARG_ONE, "", gettext_noop("Specify
> > time-to-live floor for cache."), NULL },
> > @@ -2286,7 +2289,11 @@ static int one_opt(int option, char *arg, char
> > *errstr, char *gen_err, int comma
> >   ret_err(gen_err); /* error */
> > break;
> >}
> > -
> > +
> > +case LOPT_BACKLOG: /* --listen-backlog */
> > +  if (!atoi_check(arg, >listen_backlog))
> > +ret_err(gen_err);
> > +  break;
> >  case 'a':  /* --listen-address */
> >  case LOPT_AUTHPEER: /* --auth-peer */
> >do {
> > @@ -4517,6 +4524,7 @@ void read_opts(int argc, char **argv, char
> > *compile_opts)
> >daemon->cachesize = CACHESIZ;
> >daemon->ftabsize = FTABSIZ;
> >daemon->port = NAMESERVER_PORT;
> > +  daemon->listen_backlog = 5;
> >daemon->dhcp_client_port = DHCP_CLIENT_PORT;
> >daemon->dhcp_server_port = DHCP_SERVER_PORT;
> >

Re: [Dnsmasq-discuss] listen-backlog option to override default (too small) value

2016-12-07 Thread Albert ARIBAUD

Hi Donatas,

Le Wed, 7 Dec 2016 14:43:22 +0200
Donatas Abraitis  a écrit:

> Hi folks,
> 
> for our case at Hostinger, we have a problem while too much
> TcpListenOverflows:
> [root@us-imm-dns1 ~]# nstat -az | grep TcpExtListenOverflows
> TcpExtListenOverflows   2990.0
> [root@us-imm-dns1 ~]# ss -ntl sport = :53
> State   Recv-Q Send-Q
> Local
> Address:Port
> Peer Address:Port LISTEN  0
> 5
> *:53
> *:*
> LISTEN  0
> 5
> :::53
> :::*
> 
> probe kernel.function("tcp_check_req")
> {
> tcphdr = __get_skb_tcphdr($skb);
> dport = __tcp_skb_dport(tcphdr)
> if ($sk->sk_ack_backlog > $sk->sk_max_ack_backlog)
> printf("listen queue for port(%d): %d/%d\n",
> dport,
> $sk->sk_ack_backlog,
> $sk->sk_max_ack_backlog);
> }
> 
> [root@us-imm-dns1 ~]# staprun overflow.ko
> listen queue for port(53): 13/5
> listen queue for port(53): 13/5
> listen queue for port(53): 14/5
> 
> here is the proposed patch:
> 
> commit fa610cd424b905720832afc8636373bb132f49c1
> Author: Donatas Abraitis 
> Date:   Sun Dec 9 09:58:51 2012 +0200
> 
> Add `listen-backlog` option to override default 5 (too small)
> 
> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
> index 4b55bb5..b717df3 100644
> --- a/src/dnsmasq.h
> +++ b/src/dnsmasq.h
> @@ -980,6 +980,7 @@ extern struct daemon {
>struct dhcp_netid_list *force_broadcast, *bootp_dynamic;
>struct hostsfile *dhcp_hosts_file, *dhcp_opts_file, *dynamic_dirs;
>int dhcp_max, tftp_max, tftp_mtu;
> +  int listen_backlog;
>int dhcp_server_port, dhcp_client_port;
>int start_tftp_port, end_tftp_port;
>unsigned int min_leasetime;
> diff --git a/src/network.c b/src/network.c
> index d87d08f..1e9d188 100644
> --- a/src/network.c
> +++ b/src/network.c
> @@ -746,7 +746,7 @@ static int make_sock(union mysockaddr *addr, int
> type, int dienow)
> 
>if (type == SOCK_STREAM)
>  {
> -  if (listen(fd, 5) == -1)
> +  if (listen(fd, daemon->listen_backlog) == -1)
> goto err;
>  }
>else if (family == AF_INET)
> diff --git a/src/option.c b/src/option.c
> index d0d9509..220303e 100644
> --- a/src/option.c
> +++ b/src/option.c
> @@ -159,6 +159,7 @@ struct myoption {
>  #define LOPT_SCRIPT_ARP347
>  #define LOPT_DHCPTTL   348
>  #define LOPT_TFTP_MTU  349
> +#define LOPT_BACKLOG   350
> 
>  #ifdef HAVE_GETOPT_LONG
>  static const struct option opts[] =
> @@ -190,6 +191,7 @@ static const struct myoption opts[] =
>  { "domain-suffix", 1, 0, 's' },
>  { "interface", 1, 0, 'i' },
>  { "listen-address", 1, 0, 'a' },
> +{ "listen-backlog", 1, 0, LOPT_BACKLOG },
>  { "local-service", 0, 0, LOPT_LOCAL_SERVICE },
>  { "bogus-priv", 0, 0, 'b' },
>  { "bogus-nxdomain", 1, 0, 'B' },
> @@ -394,6 +396,7 @@ static struct {
>{ 't', ARG_ONE, "", gettext_noop("Specify default
> target in an MX record."), NULL },
>{ 'T', ARG_ONE, "", gettext_noop("Specify time-to-live in
> seconds for replies from /etc/hosts."), NULL },
>{ LOPT_NEGTTL, ARG_ONE, "", gettext_noop("Specify
> time-to-live in seconds for negative caching."), NULL },
> +  { LOPT_BACKLOG, ARG_ONE, "", gettext_noop("Set the backlog
> queue limit."), NULL },
>{ LOPT_MAXTTL, ARG_ONE, "", gettext_noop("Specify
> time-to-live in seconds for maximum TTL to send to clients."), NULL },
>{ LOPT_MAXCTTL, ARG_ONE, "", gettext_noop("Specify
> time-to-live ceiling for cache."), NULL },
>{ LOPT_MINCTTL, ARG_ONE, "", gettext_noop("Specify
> time-to-live floor for cache."), NULL },
> @@ -2286,7 +2289,11 @@ static int one_opt(int option, char *arg, char
> *errstr, char *gen_err, int comma
>   ret_err(gen_err); /* error */
> break;
>}
> -
> +
> +case LOPT_BACKLOG: /* --listen-backlog */
> +  if (!atoi_check(arg, >listen_backlog))
> +ret_err(gen_err);
> +  break;
>  case 'a':  /* --listen-address */
>  case LOPT_AUTHPEER: /* --auth-peer */
>do {
> @@ -4517,6 +4524,7 @@ void read_opts(int argc, char **argv, char
> *compile_opts)
>daemon->cachesize = CACHESIZ;
>daemon->ftabsize = FTABSIZ;
>daemon->port = NAMESERVER_PORT;
> +  daemon->listen_backlog = 5;
>daemon->dhcp_client_port = DHCP_CLIENT_PORT;
>daemon->dhcp_server_port = DHCP_SERVER_PORT;
>daemon->default_resolv.is_default = 1;

I am not qualified to determine if your patch is the right solution to
your problem, but FWIW, I find this patch clear enough and I assume you
have tested it :) and that it actually solves the issue for you. The
only two remarks I have are:

- it would be nice to also add a description for the option
  and its rationale to the manpage;

- is there a way for dnsmasq to detect excessive backlog and emit a
  diagnostic message pointing the operator to the existence and use of
  the listen-backlog

Re: [Dnsmasq-discuss] Format Errors using add-subnet

2016-12-07 Thread Albert ARIBAUD

Hi Scott,

Le Mon, 5 Dec 2016 20:10:44 +
Scott Bonar  a écrit:

> When using this option (which I really need to do) for DNS queries, I
> get Format Errors from the upstream DNS servers if they are Windows
> Servers 2008 through at least 2012.  Has anyone seen this and is
> there a workaround either in DNSMasq or Windows?
> 
> Your help is appreciated.

Maybe an actual example (ideally with a Wireshark or tcdump capture)
could help pinpoint the issue.

> Scott Bonar

Amicalement,
-- 
Albert.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] listen-backlog option to override default (too small) value

2016-12-07 Thread Donatas Abraitis

Hi folks,

for our case at Hostinger, we have a problem while too much
TcpListenOverflows:
[root@us-imm-dns1 ~]# nstat -az | grep TcpExtListenOverflows
TcpExtListenOverflows   2990.0
[root@us-imm-dns1 ~]# ss -ntl sport = :53
State   Recv-Q Send-Q  Local
Address:Port Peer
Address:Port
LISTEN  0
5
*:53
*:*
LISTEN  0
5
:::53
:::*

probe kernel.function("tcp_check_req")
{
tcphdr = __get_skb_tcphdr($skb);
dport = __tcp_skb_dport(tcphdr)
if ($sk->sk_ack_backlog > $sk->sk_max_ack_backlog)
printf("listen queue for port(%d): %d/%d\n",
dport,
$sk->sk_ack_backlog,
$sk->sk_max_ack_backlog);
}

[root@us-imm-dns1 ~]# staprun overflow.ko
listen queue for port(53): 13/5
listen queue for port(53): 13/5
listen queue for port(53): 14/5

here is the proposed patch:

commit fa610cd424b905720832afc8636373bb132f49c1
Author: Donatas Abraitis 
Date:   Sun Dec 9 09:58:51 2012 +0200

Add `listen-backlog` option to override default 5 (too small)

diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 4b55bb5..b717df3 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -980,6 +980,7 @@ extern struct daemon {
   struct dhcp_netid_list *force_broadcast, *bootp_dynamic;
   struct hostsfile *dhcp_hosts_file, *dhcp_opts_file, *dynamic_dirs;
   int dhcp_max, tftp_max, tftp_mtu;
+  int listen_backlog;
   int dhcp_server_port, dhcp_client_port;
   int start_tftp_port, end_tftp_port;
   unsigned int min_leasetime;
diff --git a/src/network.c b/src/network.c
index d87d08f..1e9d188 100644
--- a/src/network.c
+++ b/src/network.c
@@ -746,7 +746,7 @@ static int make_sock(union mysockaddr *addr, int type,
int dienow)

   if (type == SOCK_STREAM)
 {
-  if (listen(fd, 5) == -1)
+  if (listen(fd, daemon->listen_backlog) == -1)
goto err;
 }
   else if (family == AF_INET)
diff --git a/src/option.c b/src/option.c
index d0d9509..220303e 100644
--- a/src/option.c
+++ b/src/option.c
@@ -159,6 +159,7 @@ struct myoption {
 #define LOPT_SCRIPT_ARP347
 #define LOPT_DHCPTTL   348
 #define LOPT_TFTP_MTU  349
+#define LOPT_BACKLOG   350

 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =
@@ -190,6 +191,7 @@ static const struct myoption opts[] =
 { "domain-suffix", 1, 0, 's' },
 { "interface", 1, 0, 'i' },
 { "listen-address", 1, 0, 'a' },
+{ "listen-backlog", 1, 0, LOPT_BACKLOG },
 { "local-service", 0, 0, LOPT_LOCAL_SERVICE },
 { "bogus-priv", 0, 0, 'b' },
 { "bogus-nxdomain", 1, 0, 'B' },
@@ -394,6 +396,7 @@ static struct {
   { 't', ARG_ONE, "", gettext_noop("Specify default target in
an MX record."), NULL },
   { 'T', ARG_ONE, "", gettext_noop("Specify time-to-live in
seconds for replies from /etc/hosts."), NULL },
   { LOPT_NEGTTL, ARG_ONE, "", gettext_noop("Specify time-to-live
in seconds for negative caching."), NULL },
+  { LOPT_BACKLOG, ARG_ONE, "", gettext_noop("Set the backlog
queue limit."), NULL },
   { LOPT_MAXTTL, ARG_ONE, "", gettext_noop("Specify time-to-live
in seconds for maximum TTL to send to clients."), NULL },
   { LOPT_MAXCTTL, ARG_ONE, "", gettext_noop("Specify time-to-live
ceiling for cache."), NULL },
   { LOPT_MINCTTL, ARG_ONE, "", gettext_noop("Specify time-to-live
floor for cache."), NULL },
@@ -2286,7 +2289,11 @@ static int one_opt(int option, char *arg, char
*errstr, char *gen_err, int comma
  ret_err(gen_err); /* error */
break;
   }
-
+
+case LOPT_BACKLOG: /* --listen-backlog */
+  if (!atoi_check(arg, >listen_backlog))
+ret_err(gen_err);
+  break;
 case 'a':  /* --listen-address */
 case LOPT_AUTHPEER: /* --auth-peer */
   do {
@@ -4517,6 +4524,7 @@ void read_opts(int argc, char **argv, char
*compile_opts)
   daemon->cachesize = CACHESIZ;
   daemon->ftabsize = FTABSIZ;
   daemon->port = NAMESERVER_PORT;
+  daemon->listen_backlog = 5;
   daemon->dhcp_client_port = DHCP_CLIENT_PORT;
   daemon->dhcp_server_port = DHCP_SERVER_PORT;
   daemon->default_resolv.is_default = 1;

-- 
Donatas
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Format Errors using add-subnet

Re: [Dnsmasq-discuss] listen-backlog option to override default (too small) value

Re: [Dnsmasq-discuss] listen-backlog option to override default (too small) value

Re: [Dnsmasq-discuss] Format Errors using add-subnet

[Dnsmasq-discuss] listen-backlog option to override default (too small) value

5 matches

Site Navigation

Mail list logo

Footer information