Hello Simon *Reply your message *
*Thanks for the report. I've just pushed a code change which improves the checking of received packets to conform better with section 15.https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=7500157cff8ea28ab03e6e62e0d1575e4d01746b <https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=7500157cff8ea28ab03e6e62e0d1575e4d01746b>Out of interest, did this cause problems in a real installation, or were you running a test suite?Cheers,Simon.* *I've cloned the latest git repo and build it and tested, the issue is fixed. thank you.* *On Tue, May 2, 2023 at 13:23 Justin <cattyho...@gmail.com <cattyho...@gmail.com>> wrote:* > *it turns out, after sending stale cache to client (macOS), dnsmasq tries > to query upstream, but this time, it is sending malformed packet: * > > *Queries* > > *api.github.com <http://api.github.com>: type A, class IN* > > *Name: api.github.com <http://api.github.com>* > > *[Name Length: 14]* > > *[Label Count: 3]* > > *Type: A (Host Address) (1)* > > *Class: IN (0x0001)* > > *Additional records* > > *[Malformed Packet: DNS]* > > *[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]* > > *[Malformed Packet (Exception occurred)]* > > *[Severity level: Error]* > > *and all the rest of query are sent to upstream like that.* > > *notice: only reproducable if the client is macOS, and upstream is a > DoH/DoT proxy like adguard/dnsproxy * > > > > *On Mon, May 1, 2023 at 03:42 Justin <cattyho...@gmail.com > <cattyho...@gmail.com>> wrote:* > >> >> *Hello devs* >> >> *in order to use DOH/DOT, a proxy upstream is configured, when dnsmasq >> enables use-stale-cache, some upstream may return error when dnsmasq tries >> to refresh the record from upstream after stale cache is sent to client. * >> >> *i reported the issue here in dnsproxy project, as this is the DOH proxy >> i am currently using. however i've tried many other Go/Rust DOH proxy ( >> namely doh-client, dns-over-https, dnss, cloudflared) , they all return >> error when dnsmasq tries to refresh the record.* >> >> *https://github.com/AdguardTeam/dnsproxy/issues/328* >> <https://github.com/AdguardTeam/dnsproxy/issues/328> >> >> *only reproducible : if the requesting client is macOS and the upstream >> is a DOH proxy, Linux does not have this issue. using a udp upstream like >> 1.1.1.1 does not have this issue either.* >> >> *hope you could take a look at the issue posted.* >> > > *-- * > > > *RegardsJustin He* > -- Regards Justin He
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
