** Description changed: [SRU] [ Impact ] - Sometimes dnsmasq is incorrectly converting NXDOMAIN responses from - authoritative dns servers into NODATA. This prevents the name resolution - for normally working records fails in third party plugins/applications, - as autopath (coredns). + Sometimes dnsmasq is incorrectly is returning NODATA instead of + NXDOMAIN. This can lead to erroneous actions by clients who need to + determine whether a domain name exists or not. [ Test Plan ] - In a focal VM, before disabling systemd-resolved - (https://askubuntu.com/questions/907246/how-to-disable-systemd-resolved- - in-ubuntu), install dnsmasq (apt install dnsmasq-base) if it wasn't + In a focal VM, install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet. - #0 Enabling and checking name resolution through dnsmasq - root@F-dnsmasq:~# sudo lsof -i -P -n | grep LISTEN - sudo: unable to resolve host F-dnsmasq: Temporary failure in name resolution - sshd 221 root 3u IPv4 120681 0t0 TCP *:22 (LISTEN) - sshd 221 root 4u IPv6 120692 0t0 TCP *:22 (LISTEN) - root@F-dnsmasq:~# dnsmasq --server 8.8.8.8 - root@F-dnsmasq:~# sudo lsof -i -P -n | grep LISTEN - sudo: unable to resolve host F-dnsmasq: Name or service not known - sshd 221 root 3u IPv4 120681 0t0 TCP *:22 (LISTEN) - sshd 221 root 4u IPv6 120692 0t0 TCP *:22 (LISTEN) - dnsmasq 1485 nobody 5u IPv4 183531 0t0 TCP *:53 (LISTEN) - dnsmasq 1485 nobody 7u IPv6 183533 0t0 TCP *:53 (LISTEN) + #0 Disabling systemd-resolved service and enabling resolution through dnsmasq. - root@F-dnsmasq:~# ping www.google.com - PING [www.google.com](http://www.google.com/) (142.250.200.68) 56(84) bytes of data. - 64 bytes from [mad07s24-in-f4.1e100.net](http://mad07s24-in-f4.1e100.net/) (142.250.200.68): icmp_seq=1 ttl=114 time=16.5 ms - 64 bytes from [mad07s24-in-f4.1e100.net](http://mad07s24-in-f4.1e100.net/) (142.250.200.68): icmp_seq=2 ttl=114 time=19.4 ms - ^C - --- [www.google.com](http://www.google.com/) ping statistics --- - 2 packets transmitted, 2 received, 0% packet loss, time 1002ms - rtt min/avg/max/mdev = 16.468/17.927/19.387/1.459 ms + # systemctl disable --now systemd-resolved.service + # rm -f /etc/resolv.conf + # cat > /etc/resolv.conf << __EOF__ + nameserver 8.8.8.8 + __EOF__ + # systemctl start dnsmasq.service + #1 Bad case - root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done + # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record test.foo has no TXT record test.foo has no SRV record #2 Good case #2.1 Installing new package - root@F-dnsmasq:~# l *.deb - dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb - dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb dnsmasq_2.80-1.1ubuntu1.6_all.deb - root@F-dnsmasq:~# dpkg -i *.deb - (Reading database ... 32079 files and directories currently installed.) + # ls -1 *.deb + dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb + dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb + dnsmasq_2.80-1.1ubuntu1.6_all.deb + + # dpkg -i *.deb + (Reading database ... 32073 files and directories currently installed.) Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Selecting previously unselected package dnsmasq-utils. Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ... Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ... Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ... Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ... Setting up dnsmasq (2.80-1.1ubuntu1.6) ... - Job for dnsmasq.service failed because the control process exited with error code. - See "systemctl status dnsmasq.service" and "journalctl -xe" for details. - invoke-rc.d: initscript dnsmasq, action "start" failed. - ● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server - Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled) - Active: failed (Result: exit-code) since Tue 2022-11-15 11:42:49 UTC; 8ms ago - Process: 1641 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS) - Process: 1642 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=2) - - Nov 15 11:42:49 F-dnsmasq systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server... - Nov 15 11:42:49 F-dnsmasq dnsmasq[1641]: dnsmasq: syntax check OK. - Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: dnsmasq: failed to create listening socket for port 53: Address already in use - Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: failed to create listening socket for port 53: Address already in use - Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: FAILED to start up - Nov 15 11:42:49 F-dnsmasq systemd[1]: dnsmasq.service: Control process exited, code=exited, status=2/INVALIDARGUMENT - Nov 15 11:42:49 F-dnsmasq systemd[1]: dnsmasq.service: Failed with result 'exit-code'. - Nov 15 11:42:49 F-dnsmasq systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server. Processing triggers for dbus (1.12.16-2ubuntu2.3) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for systemd (245.4-4ubuntu3.18) ... - Errors were encountered while processing: - dnsmasq-base-lua_2.80-1.1ubuntu1.6_amd64.deb - root@F-dnsmasq:~# dpkg -l | grep dnsmasq + + + # dpkg -l | grep dnsmasq ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases - #2.2 Testing OK (after killing previous dnsmasq) + #2.2 Testing OK - root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done - test.foo has no SRV record - test.foo has no TXT record - Host test.foo. not found: 3(NXDOMAIN) - test.foo has no A record - Host test.foo. not found: 3(NXDOMAIN) - test.foo has no A record - test.foo has no TXT record - test.foo has no SRV record - root@F-dnsmasq:~# ps -ef | grep dnsmasq - nobody 1485 1 0 11:33 ? 00:00:00 dnsmasq --server 8.8.8.8 - root 1863 390 0 11:44 pts/1 00:00:00 grep --color=auto dnsmasq - root@F-dnsmasq:~# pkill dnsmasq - root@F-dnsmasq:~# dnsmasq --server 8.8.8.8 - root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done + # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) - [ Where problems could occur ] It correctly changes the program's behaviour in this kind of situation, so users that didn't recognize this as an error can see an increment in their dns cached records, so, in the end, it's not a problem. [ Other Info ] - - The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067 + + The patch is applied upstream and originated from a bug filed on Fedora + side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067 [Original Report] --------------------------------------------------- We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN. This is already fixed upstream with the following commit [1]. The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix. [1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1995260 Title: dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Focal: In Progress Bug description: [SRU] [ Impact ] Sometimes dnsmasq is incorrectly is returning NODATA instead of NXDOMAIN. This can lead to erroneous actions by clients who need to determine whether a domain name exists or not. [ Test Plan ] In a focal VM, install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet. #0 Disabling systemd-resolved service and enabling resolution through dnsmasq. # systemctl disable --now systemd-resolved.service # rm -f /etc/resolv.conf # cat > /etc/resolv.conf << __EOF__ nameserver 8.8.8.8 __EOF__ # systemctl start dnsmasq.service #1 Bad case # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record test.foo has no TXT record test.foo has no SRV record #2 Good case #2.1 Installing new package # ls -1 *.deb dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb dnsmasq_2.80-1.1ubuntu1.6_all.deb # dpkg -i *.deb (Reading database ... 32073 files and directories currently installed.) Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Selecting previously unselected package dnsmasq-utils. Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ... Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ... Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ... Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ... Setting up dnsmasq (2.80-1.1ubuntu1.6) ... Processing triggers for dbus (1.12.16-2ubuntu2.3) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for systemd (245.4-4ubuntu3.18) ... # dpkg -l | grep dnsmasq ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases #2.2 Testing OK # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) [ Where problems could occur ] It correctly changes the program's behaviour in this kind of situation, so users that didn't recognize this as an error can see an increment in their dns cached records, so, in the end, it's not a problem. [ Other Info ] The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067 [Original Report] --------------------------------------------------- We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN. This is already fixed upstream with the following commit [1]. The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix. [1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1995260/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
