On 15/11/12 20:08, Andrew Elwell wrote: > Hi Folks > > (warning, this is behaviour noticed with the version of dnsmasq on my router - > version.bind. 0 CH TXT "dnsmasq-2.61" > apologies if fixed in a newer version) > > > I've been using OpenDNS with nxdomain to filter out their annoying > brain-dead NXDOMAIN mangling. however If I do this, it breaks on IPv6 > addresses > > ie - an expected result > > $ host indicodev2.ipv6.cern.ch 8.8.8.8 > Using domain server: > Name: 8.8.8.8 > Address: 8.8.8.8#53 > Aliases: > > indicodev2.ipv6.cern.ch has IPv6 address 2001:1458:201:b5b9::100:10 > > > -- there's an IPv6 AAAA record, but no A record for this machine > > howver if I use opendns I get > > $ host indicodev2.ipv6.cern.ch 208.67.222.222 > Using domain server: > Name: 208.67.222.222 > Address: 208.67.222.222#53 > Aliases: > > indicodev2.ipv6.cern.ch has address 67.215.65.132 <<<< BOGUS > indicodev2.ipv6.cern.ch has IPv6 address 2001:1458:201:b5b9::100:10 > > and with bogus-nxdomain 67.215.65.132 it bails after the A record and > doesn't try AAAA unless specifically asked > > > $ host indicodev2.ipv6.cern.ch > Host indicodev2.ipv6.cern.ch not found: 3(NXDOMAIN) > > $ host -t AAAA indicodev2.ipv6.cern.ch > indicodev2.ipv6.cern.ch has IPv6 address 2001:1458:201:b5b9::100:10 > > > Any ideas if I can work around this via configuration or do I have to > give up with opendns > > > Many thanks > > Andrew >
And the nasty hacks will come back and bite you. It might take 10 years, but they will bite you. What's happening is that dnsmasq is re-writing the reply indicodev2.ipv6.cern.ch has address 67.215.65.132 <<<< BOGUS as indicodev2.ipv6.cern.ch is no-such-domain. Note that it's _not_ asserting "indicodev2.ipv6.cern.ch" has no IPv4 address, it's asserting "indicodev2.ipv6.cern.ch" does not exist. So the host command is quite right not to even try and find the IPv6 address for that domain, since it's already been told that it doesn't exist. This might not bite you in real life, if whatever is looking up that domain does the A and AAAA lookups separately, and isn't bright enough to make the inference that host does. This could be fixed in dnsmasq by re-writing to a NODATA reply instead of NXDOMAIN. but I'm worried about doing that in case it finds a different set of problems: now you're starting to assert that lots of domains which DON'T exist do. Cheers, Simon. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
