Re: [Dnsmasq-discuss] domain-needed is ignored
The manual states that A and records won't be forwarded. Both of your examples were forwarding MX record requests. On 2018-06-21 5:34 AM, Spon Spon wrote: The lookup is forwarded to upstream DNS server. This can be seen in log and also through tcpdump. So even domain-needed is used the lookup leaks to upstream server, and as per this settings it should not. *From:* Geert Stappers *To:* dnsmasq-discuss@lists.thekelleys.org.uk *Sent:* Thursday, June 21, 2018 11:20 AM *Subject:* Re: [Dnsmasq-discuss] domain-needed is ignored On Thu, Jun 21, 2018 at 06:15:30AM +, Spon Spon wrote: > Hi, > I have following configuration of dnsmasq: ... > domain-needed ... > > Because of domain-needed option I expected that host only lookup, > without domain part will not forwarded to upstream servers (in my case > 192.168.2.1, but this seems it is not the case. Please elaborate "seems" Is it being polite or only having "forwarded" in logging and no further proof? > The dnsmasq run on an EdgeRouter and has following version: > root@bucuresti <mailto:root@bucuresti>:/etc# /usr/sbin/dnsmasq --version > Dnsmasq version 2.78-20-geaeda96 Copyright (c) 2000-2017 Simon Kelley > Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify > > This software comes with ABSOLUTELY NO WARRANTY. > Dnsmasq is free software, and you are welcome to redistribute it > under the terms of the GNU General Public License, version 2 or 3. > > If I lookup a host with local domain, then the request is not going > to upstream server. Please see below the logged queries: > > Jun 21 09:13:31 dnsmasq[21398]: query[A] rrr from 127.0.0.1 > Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv4 > Jun 21 09:13:31 dnsmasq[21398]: query[] rrr from 127.0.0.1 > Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv6 > Jun 21 09:13:31 dnsmasq[21398]: query[MX] rrr from 127.0.0.1 > Jun 21 09:13:31 dnsmasq[21398]: forwarded rrr to 192.168.2.1 > Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1 > Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN > Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1 > Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN > > Is this a bug? Is there any configuration missing? I expected that > rrr lookup wil not be forwarded to upstream server (192.168.2.1) > Dnsmasq manual pages says -D, --domain-needed Tells dnsmasq to never forward A or queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned. So it would prevent the cost of a dail-out connection. . local testing . Jun 21 09:41:14 weiss dnsmasq[24942]: query[MX] inertia from 172.24.0.36 Jun 21 09:41:14 weiss dnsmasq[24942]: forwarded inertia to 172.24.0.10 That un-expected, due 'domain-needed', forward is visible with tcpdump at my upstream DNS :-( Groeten Geert Stappers -- Leven en laten leven ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk <mailto:Dnsmasq-discuss@lists.thekelleys.org.uk> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -- Daryl Richards Isle Technical Services Inc. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] domain-needed is ignored
>On Thu, Jun 21, 2018 at 06:15:30AM +, Spon Spon wrote: >> Hi, >> I have following configuration of dnsmasq: > ... >> domain-needed > ... >> >> Because of domain-needed option I expected that host only lookup, >> without domain part will not forwarded to upstream servers (in my case >> 192.168.2.1, but this seems it is not the case. > >Please elaborate "seems" >Is it being polite or only having "forwarded" in logging and no further proof?> > > >> The dnsmasq run on an EdgeRouter and has following version: >> root@bucuresti:/etc# /usr/sbin/dnsmasq --version >> Dnsmasq version 2.78-20-geaeda96 Copyright (c) 2000-2017 Simon Kelley >> Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP >> conntrack ipset auth DNSSEC loop-detect >inotify >> >> This software comes with ABSOLUTELY NO WARRANTY. >> Dnsmasq is free software, and you are welcome to redistribute it >> under the terms of the GNU General Public License, version 2 or 3. >> >> If I lookup a host with local domain, then the request is not going >> to upstream server. Please see below the logged queries: >> >> Jun 21 09:13:31 dnsmasq[21398]: query[A] rrr from 127.0.0.1 >> Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv4 >> Jun 21 09:13:31 dnsmasq[21398]: query[] rrr from 127.0.0.1 >> Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv6 >> Jun 21 09:13:31 dnsmasq[21398]: query[MX] rrr from 127.0.0.1 >> Jun 21 09:13:31 dnsmasq[21398]: forwarded rrr to 192.168.2.1 >> Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1 >> Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN >> Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1 >> Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN >> >> Is this a bug? Is there any configuration missing? I expected that >> rrr lookup wil not be forwarded to upstream server (192.168.2.1)> >> > >Dnsmasq manual pages says > > -D, --domain-needed > Tells dnsmasq to never forward A or queries for plain names, > without dots or domain parts, to upstream nameservers. If > the name is not known from /etc/hosts or DHCP then a "not found" > answer is returned. > >So it would prevent the cost of a dail-out connection. > > > . local testing . > > >Jun 21 09:41:14 weiss dnsmasq[24942]: query[MX] inertia from 172.24.0.36 >Jun 21 09:41:14 weiss dnsmasq[24942]: forwarded inertia to 172.24.0.10 > >That un-expected, due 'domain-needed', forward is visible with tcpdump >at my upstream DNS :-( > > >Groeten >Geert Stappers >-- >Leven en laten leven Through testing I discovered following:If I issue host then the request is forwarded to upstream server and is should not If I issue ping then the request is NOT forwarded to upstream server as expected.(I put and , just to be sure cache is not involved) the tcpdump (first 2 packets (between process to dnsmasq and his reply are below: In case of host rrr we have:13:40:19.858325 IP localhost.40987 > localhost.domain: 54601+ A? . (22) 0x: 0304 0006 0800 0x0010: 4500 0032 2960 4011 5359 7f00 0001 E..2)`..@.SY 0x0020: 7f00 0001 a01b 0035 001e fe31 d549 0100 ...5...1.I.. 0x0030: 0001 046a 6a6a 6a00 0001 .... 0x0040: 0001 .. 13:40:19.860678 IP localhost.domain > localhost.40987: 54601 0/0/0 (22) 0x: 0304 0006 0800 0x0010: 4500 0032 2961 4000 4011 1358 7f00 0001 E..2)a@.@..X 0x0020: 7f00 0001 0035 a01b 001e fe31 d549 8180 .5.1.I.. 0x0030: 0001 046a 6a6a 6a00 0001 .... 0x0040: 0001 .. in case of ping we have : 13:41:17.232389 IP localhost.58411 > localhost.domain: 1381+ A? . (22) 0x: 0304 0006 0800 0x0010: 4500 0032 4d72 4000 4011 ef46 7f00 0001 E..2Mr@.@..F 0x0020: 7f00 0001 e42b 0035 001e fe31 0565 0100 .+.5...1.e.. 0x0030: 0001 046b 6b6b 6b00 0001 .... 0x0040: 0001 .. 13:41:17.416815 IP localhost.domain > localhost.58411: 1381 0/0/0 (22) 0x: 0304 0006 0800 0x0010: 4500 0032 4d8c 4000 4011 ef2c 7f00 0001 E..2M.@.@.., 0x0020: 7f00 0001 0035 e42b 001e fe31 0565 8180 .5.+...1.e.. 0x0030: 0001 046b 6b6b 6b00 0001 .... 0x0040: 0001 .. Thanks,Spon ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] domain-needed is ignored
On Thu, Jun 21, 2018 at 06:15:30AM +, Spon Spon wrote: > Hi, > I have following configuration of dnsmasq: ... > domain-needed ... > > Because of domain-needed option I expected that host only lookup, > without domain part will not forwarded to upstream servers (in my case > 192.168.2.1, but this seems it is not the case. Please elaborate "seems" Is it being polite or only having "forwarded" in logging and no further proof? > The dnsmasq run on an EdgeRouter and has following version: > root@bucuresti:/etc# /usr/sbin/dnsmasq --version > Dnsmasq version 2.78-20-geaeda96 Copyright (c) 2000-2017 Simon Kelley > Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP > conntrack ipset auth DNSSEC loop-detect inotify > > This software comes with ABSOLUTELY NO WARRANTY. > Dnsmasq is free software, and you are welcome to redistribute it > under the terms of the GNU General Public License, version 2 or 3. > > If I lookup a host with local domain, then the request is not going > to upstream server. Please see below the logged queries: > > Jun 21 09:13:31 dnsmasq[21398]: query[A] rrr from 127.0.0.1 > Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv4 > Jun 21 09:13:31 dnsmasq[21398]: query[] rrr from 127.0.0.1 > Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv6 > Jun 21 09:13:31 dnsmasq[21398]: query[MX] rrr from 127.0.0.1 > Jun 21 09:13:31 dnsmasq[21398]: forwarded rrr to 192.168.2.1 > Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1 > Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN > Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1 > Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN > > Is this a bug? Is there any configuration missing? I expected that > rrr lookup wil not be forwarded to upstream server (192.168.2.1) > Dnsmasq manual pages says -D, --domain-needed Tells dnsmasq to never forward A or queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned. So it would prevent the cost of a dail-out connection. . local testing . Jun 21 09:41:14 weiss dnsmasq[24942]: query[MX] inertia from 172.24.0.36 Jun 21 09:41:14 weiss dnsmasq[24942]: forwarded inertia to 172.24.0.10 That un-expected, due 'domain-needed', forward is visible with tcpdump at my upstream DNS :-( Groeten Geert Stappers -- Leven en laten leven ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] domain-needed is ignored
Hi, I have following configuration of dnsmasq: log-facility=/var/log/dnsmasq.log interface=switch0 cache-size=1024 domain-needed no-negcache expand-hosts domain=b bogus-nxdomain=86.35.3.192 bogus-nxdomain=86.35.3.193 stop-dns-rebind rebind-domain-ok=c log-queries localise-queries bogus-priv local=/b/ server=192.168.2.1 Because of domain-needed option I expected that host only lookup, without domain part will not forwarded to upstream servers (in my case 192.168.2.1, but this seems it is not the case.The dnsmasq run on an EdgeRouter and has following version: root@bucuresti:/etc# /usr/sbin/dnsmasq --version Dnsmasq version 2.78-20-geaeda96 Copyright (c) 2000-2017 Simon Kelley Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify This software comes with ABSOLUTELY NO WARRANTY. Dnsmasq is free software, and you are welcome to redistribute it under the terms of the GNU General Public License, version 2 or 3. If I lookup a host with local domain, then the request is not going to upstream server. Please see below the logged queries: Jun 21 09:13:31 dnsmasq[21398]: query[A] rrr from 127.0.0.1 Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv4 Jun 21 09:13:31 dnsmasq[21398]: query[] rrr from 127.0.0.1 Jun 21 09:13:31 dnsmasq[21398]: config rrr is NODATA-IPv6 Jun 21 09:13:31 dnsmasq[21398]: query[MX] rrr from 127.0.0.1 Jun 21 09:13:31 dnsmasq[21398]: forwarded rrr to 192.168.2.1 Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1 Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN Jun 21 09:13:38 dnsmasq[21398]: query[A] rrr.b from 127.0.0.1 Jun 21 09:13:38 dnsmasq[21398]: config rrr.b is NXDOMAIN Is this a bug? Is there any configuration missing? I expected that rrr lookup wil not be forwarded to upstream server (192.168.2.1) Thanks,Spon ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss