Re: [Dnsmasq-discuss] dnsmasq: /#/ and error "config error is REFUSED (EDE: not ready)“

Tue, 28 Nov 2023 05:16:31 -0800

It seems to me the second example does not have specified any normal servers. Or better, you expect /#/ has special meaning, but I have found only server=/example/# to have documented special meaning. New version do not recognize /#/ a special value anymore. I think that has changed with 2.86 release.
Only --address=/#/ special handling were documented, at least in RHEL9 2.85 version. I think Simon considered its usage in --server as an implementation error and that why it is not working anymore. Or better, it has no special meaning anymore. 

Few comments below.

On 9/26/23 10:28, Yann ILAS wrote:

Ok

With that config file :

> listen-address=127.0.0.1
> bind-interfaces
> server=8.8.8.8
> server=/svc.cluster.local/10.96.0.10 <http://10.96.0.10>
> cache-size=500

# dig @127.0.0.1 <http://127.0.0.1> perdu.com <http://perdu.com> A +short
172.67.133.176
104.21.5.178

Output from the dnsmasq server :

| # dnsmasq --no-daemon --log-queries --log-debug
| dnsmasq: started, version 2.89 cachesize 500

| dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n 
IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash 
DNSSEC loop-detect inotify dumpfile

| dnsmasq: using nameserver 8.8.8.8#53
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: reading /etc/resolv.conf
| dnsmasq: using nameserver 8.8.8.8#53
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: ignoring nameserver 127.0.0.1 - local interface
| dnsmasq: read /etc/hosts - 7 names
|
| dnsmasq: query[A] perdu.com <http://perdu.com> from 127.0.0.1
| dnsmasq: forwarded perdu.com <http://perdu.com> to 8.8.8.8
| dnsmasq: reply perdu.com <http://perdu.com> is 172.67.133.176
| dnsmasq: reply perdu.com <http://perdu.com> is 104.21.5.178


That seems okay.


With that config file :

> listen-address=127.0.0.1
> bind-interfaces
> server=/#/9.9.9.9 <http://9.9.9.9>
> server=/svc.cluster.local/10.96.0.10 <http://10.96.0.10>
> cache-size=500

And what server=/#/ is supposed to mean here? I think you can use 
instead server=/./9.9.9.9, but I fail to see to use that syntax here. I 
haven't found in man dnsmasq what is should do. I think it used to work 
as a replacement for /./, because that was not accepted before. I would 
say that is corner case.



| root@bookworm:/tmp# dig @127.0.0.1 <http://127.0.0.1> perdu.com 
<http://perdu.com> A +short

| root@bookworm:/tmp#

Output from the dnsmasq server :

| root@bookworm:~# dnsmasq --no-daemon --log-queries --log-debug
| dnsmasq: started, version 2.89 cachesize 500

| dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n 
IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash 
DNSSEC loop-detect inotify dumpfile

| dnsmasq: using nameserver 9.9.9.9#53 for domain #
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: reading /etc/resolv.conf
| dnsmasq: using nameserver 9.9.9.9#53 for domain #
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: ignoring nameserver 127.0.0.1 - local interface
| dnsmasq: read /etc/hosts - 7 names
|
| dnsmasq: query[A] perdu.com <http://perdu.com> from 127.0.0.1
| dnsmasq: config error is REFUSED (EDE: not ready)


With that last config file, the output of dnsmasq (version `2.85`) 
mentions the default nameserver which will be used => `using 
nameserver 9.9.9.9#53 for default` :

Yes, that makes server=/#/ is now server=/./. server=/#/ has no special 
meaning and this means now simply only "#" domain is redirected to 
9.9.9.9. Try dig "test.#" @localhost.


| root@debian11:~# dnsmasq --no-daemon --log-queries --log-debug
| dnsmasq: started, version 2.85 cachesize 500

| dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n 
IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC 
loop-detect inotify dumpfile

| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: using nameserver 9.9.9.9#53 for default
| dnsmasq: reading /etc/resolv.conf
| dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
| dnsmasq: using nameserver 9.9.9.9#53 for default
| dnsmasq: ignoring nameserver 127.0.0.1 - local interface
| dnsmasq: read /etc/hosts - 6 addresses




Le ven. 15 sept. 2023 à 22:28, Geert Stappers <stapp...@stappers.nl> a 
écrit :


    On Tue, Sep 12, 2023 at 09:15:04PM +0200, Yann ILAS wrote:
    > Le mar. 12 sept. 2023 à 18:56, Geert Stappers a écrit :
    > > On Mon, Sep 11, 2023 at 01:58:07PM +0200, Yann ILAS wrote:
    > > > Hi !
    > >
    > > Hello,
    > >
    > >
    > > > I get an issue with version 2.89 of dnsmasq, on Debian 12.
    There seems to
    > > > be a regression. I did see the changelog
    > > > <https://thekelleys.org.uk/dnsmasq/CHANGELOG> for version
    2.87, which
    > > > states that the /#/ bug has been fixed... but I don't see it
    with version
    > > > 2.89 (the last version installed on Debian). The /#/ in the
    config file
    > > > seems still to be an issue.
    > > >
    > > > listen-address=127.0.0.1
    > > > bind-interfaces
    > > > server=/#/8.8.8.8 <http://8.8.8.8>
    > > > server=/svc.cluster.local/10.96.0.10 <http://10.96.0.10>
    > > > cache-size=500
    > > >
    > >
    > > And with
    > >
    > >  listen-address=127.0.0.1
    > >  bind-interfaces
    > >  server=9.9.9.9
    > >  server=/svc.cluster.local/10.96.0.10 <http://10.96.0.10>
    > >  cache-size=500
    > >
    > > ?   (Yes, that are two changes!)
    > >
    > Hi,
    >
    > From the client :
    > root@bookworm:~# dig @127.0.0.1 <http://127.0.0.1> perdu.com
    <http://perdu.com> A +short
    > 172.67.133.176
    > 104.21.5.178
    >
    > Log from the daemon :
    > root@bookworm:~# dnsmasq --no-daemon --log-queries --log-debug
    > dnsmasq: started, version 2.89 cachesize 500
    > dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n
    IDN2 DHCP
    > DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC
    > loop-detect inotify dumpfile
    > dnsmasq: using nameserver 9.9.9.9#53
    > dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
    > dnsmasq: reading /etc/resolv.conf
    > dnsmasq: using nameserver 9.9.9.9#53
    > dnsmasq: using nameserver 10.96.0.10#53 for domain svc.cluster.local
    > dnsmasq: ignoring nameserver 127.0.0.1 - local interface
    > dnsmasq: read /etc/hosts - 7 names
    > dnsmasq: query[A] perdu.com <http://perdu.com> from 127.0.0.1
    > dnsmasq: forwarded perdu.com <http://perdu.com> to 9.9.9.9
    > dnsmasq: reply perdu.com <http://perdu.com> is 172.67.133.176
    > dnsmasq: reply perdu.com <http://perdu.com> is 104.21.5.178

    Okay, that looks fine.  Now test the two changes separately.
    I refer to the above "Yes, that are two changes!"


    Groeten
    Geert Stappers

    -- 
    Silence is hard to parse



--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB




Attachment:
OpenPGP_0x4931CA5B6C9FC5CB.asc

Description: OpenPGP public key



Attachment:
OpenPGP_signature.asc

Description: OpenPGP digital signature


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss






















					Reply via email to