Re: [Dnsmasq-discuss] use-stale-cache may failed to refresh record from certain upstream

[Justin]

Hello Simon

*Reply your message *













*Thanks for the report. I've just pushed a code change which improves
the checking of received packets to conform better with section
15.https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=7500157cff8ea28ab03e6e62e0d1575e4d01746b
Out
of interest, did this cause problems in a real installation, or were you
running a test suite?Cheers,Simon.*


*I've cloned the latest git repo and build it and tested, the issue is
fixed. thank you.*



*On Tue, May 2, 2023 at 13:23 Justin > wrote:*

> *it turns out, after sending stale cache to client (macOS),  dnsmasq tries
> to query upstream,  but this time, it is sending malformed packet: *
>
> *Queries*
>
> *api.github.com : type A, class IN*
>
> *Name: api.github.com *
>
> *[Name Length: 14]*
>
> *[Label Count: 3]*
>
> *Type: A (Host Address) (1)*
>
> *Class: IN (0x0001)*
>
> *Additional records*
>
> *[Malformed Packet: DNS]*
>
> *[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]*
>
> *[Malformed Packet (Exception occurred)]*
>
> *[Severity level: Error]*
>
> *and all the rest of query are sent to upstream like that.*
>
> *notice: only reproducable if the client is macOS, and upstream is a
> DoH/DoT proxy like adguard/dnsproxy *
>
>
>
> *On Mon, May 1, 2023 at 03:42 Justin  > wrote:*
>
>>
>> *Hello devs*
>>
>> *in order to use DOH/DOT, a proxy upstream is configured, when dnsmasq
>> enables use-stale-cache, some upstream may return error when dnsmasq tries
>> to refresh the record from upstream after stale cache is sent to client. *
>>
>> *i reported the issue here in dnsproxy project, as this is the DOH proxy
>> i am currently using. however i've tried many other Go/Rust DOH proxy (
>> namely doh-client, dns-over-https, dnss, cloudflared) , they all return
>> error when dnsmasq tries to refresh the record.*
>>
>> *https://github.com/AdguardTeam/dnsproxy/issues/328*
>> 
>>
>> *only reproducible :  if the requesting client is macOS and the upstream
>> is a DOH proxy, Linux does not have this issue. using a udp upstream like
>> 1.1.1.1 does not have this issue either.*
>>
>> *hope you could take a look at the issue posted.*
>>
>
> *-- *
>
>
> *RegardsJustin He*
>
-- 

Regards
Justin He
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] use-stale-cache may failed to refresh record from certain upstream

[Justin]

sorry, the quote was wrong.

the stale cache issue is confirmed fixed with the patch.

 i meant to quote this:















*I think I've found and fixed the problem, but I don't have a macOS machine
to test with, nor have a I configured a DOH proxy, so I'd appreciate it if
you could re-run your tests and see if it works with the patch in
place.https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=d774add784d01c8346b271e8fb5cbedc44d7ed08
Thanks
for the very useful bug report.Cheers,Simon.*

On Tue, May 2, 2023 at 15:01 Justin  wrote:

> Hello Simon
>
> *Reply your message *
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Thanks for the report. I've just pushed a code change which improves
> the checking of received packets to conform better with section
> 15.https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=7500157cff8ea28ab03e6e62e0d1575e4d01746b
> Out
> of interest, did this cause problems in a real installation, or were you
> running a test suite?Cheers,Simon.*
>
>
> *I've cloned the latest git repo and build it and tested, the issue is
> fixed. thank you.*
>
>
>
> *On Tue, May 2, 2023 at 13:23 Justin  > wrote:*
>
>> *it turns out, after sending stale cache to client (macOS),  dnsmasq
>> tries to query upstream,  but this time, it is sending malformed packet: *
>>
>> *Queries*
>>
>> *api.github.com : type A, class IN*
>>
>> *Name: api.github.com *
>>
>> *[Name Length: 14]*
>>
>> *[Label Count: 3]*
>>
>> *Type: A (Host Address) (1)*
>>
>> *Class: IN (0x0001)*
>>
>> *Additional records*
>>
>> *[Malformed Packet: DNS]*
>>
>> *[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]*
>>
>> *[Malformed Packet (Exception occurred)]*
>>
>> *[Severity level: Error]*
>>
>> *and all the rest of query are sent to upstream like that.*
>>
>> *notice: only reproducable if the client is macOS, and upstream is a
>> DoH/DoT proxy like adguard/dnsproxy *
>>
>>
>>
>> *On Mon, May 1, 2023 at 03:42 Justin > > wrote:*
>>
>>>
>>> *Hello devs*
>>>
>>> *in order to use DOH/DOT, a proxy upstream is configured, when dnsmasq
>>> enables use-stale-cache, some upstream may return error when dnsmasq tries
>>> to refresh the record from upstream after stale cache is sent to client. *
>>>
>>> *i reported the issue here in dnsproxy project, as this is the DOH proxy
>>> i am currently using. however i've tried many other Go/Rust DOH proxy (
>>> namely doh-client, dns-over-https, dnss, cloudflared) , they all return
>>> error when dnsmasq tries to refresh the record.*
>>>
>>> *https://github.com/AdguardTeam/dnsproxy/issues/328*
>>> 
>>>
>>> *only reproducible :  if the requesting client is macOS and the upstream
>>> is a DOH proxy, Linux does not have this issue. using a udp upstream like
>>> 1.1.1.1 does not have this issue either.*
>>>
>>> *hope you could take a look at the issue posted.*
>>>
>>
>> *-- *
>>
>>
>> *RegardsJustin He*
>>
> --
>
> Regards
> Justin He
>
-- 

Regards
Justin He
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] --server=/#/1.2.3.4 behavior

[Matus UHLAR - fantomas]

On 26.04.23 14:26, Aleksey Vasenev wrote:

I found some information in the changelog:

"Of course --server=/#/1.2.3.4 is exactly equivalent to 
--server=1.2.3.4. Special request from Josh Howlett."


But this is not true. --server=/#/1.2.3.4 takes precedence over 
--server=1.2.3.4. Moreover, other servers are ignored.


Is this a bug or undocumented behavior?


I believe this was discussed in threads:

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q4/015924.html

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q3/016492.html

and that it's intentional.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Implement --no-dns-interface?

[Petr Menšík]

I think you can use --bind-interfaces and --listen-address 127.0.0.2 to 
listen only on alternate address.


On 21. 04. 23 3:18, Tony Zhou wrote:

Hi,

I am running dnsmasq 2.86 on openwrt, and have multiple vlans in my 
network. dnsmasq works great for dhcp purposes (for both dynamic and 
static leases) that I need for all interfaces/vlans. However, some of 
the vlans I do not need/want to have dnsmasq providing dns, but 
another dns server for content filtering purposes.


I'd prefer to keep both dns servers on the same host/router, but the 
way dnsmasq works, either binding to interfaces, or wildcard, binds to 
all port 53, so that the 2nd dns server can't bind.


It appears that when dnsmasq is set to bind to interfaces, it has to 
either offer both dns and dhcp, or skip dhcp by "--no-dhcp-interface" 
argument, but there is no counterpart "--no-dns-interface".


Setting port=0 disables dns service on all interfaces, which is not 
what I wanted as well.


I did found there were two discussions regarding this:

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2011q4/005335.html 



https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015429.html 



Running two instances of dnsmasq doesn't resolve this issue, since I 
still rely on dnsmasq's dhcp.



Thanks.



___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss


--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] typo in dnsmasq.8 man page

[Justin]

by the way, CHANGELOG does not mention --cache-rr

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] typo in dnsmasq.8 man page

[Justin]

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=man/dnsmasq.8;h=30429dfa84457af04651269b785aa8a8141265de;hb=HEAD#l393

diff
a comma-separated list or RR-types
a comma-separated list of RR-types

Regards
Justin He

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq sending advertise packets for the packet containing server id

[shashikumar Shashi]

Hi Simon,

While validating the RFC 3315 standards through the test suite caught this
issue.

Thanks,
Shashi

On Tue, May 2, 2023 at 4:05 AM Simon Kelley  wrote:

> On 24/04/2023 05:41, shashikumar Shashi wrote:
> > Hi,
> >
> > I am using dnsmasq-2.80, IN this I am observing dnsmasq sending the
> > advertising packets for the packet containing the Server id.
> > This is a violation of the RFC -
> > https://www.rfc-editor.org/rfc/rfc3315#section-15.2
> > 
> >
> > Below is my packet:
> > 0x:  0001 0002 0050 5696 5000 86dd 6000
> > 0x0010:  003a 11ff fe80    0250
> > 0x0020: 56ff fe96 5000 ff02    
> > 0x0030:  0001 0002 0222 0223 003a ac9b 01ac
> > 0x0040: 1a04 0002 0012 554e 5553 4544 2d53 4552
> > 0x0050: 5645 522d 4455 4944 0001 0004 3e74 dd1b
> > 0x0060: 0003 000c 6848 70e4    
> >
> >
> > Is there any known issue??
> >
>
>
> Thanks for the report. I've just pushed a code change which improves the
> checking of received packets to conform better with section 15.
>
>
> https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=7500157cff8ea28ab03e6e62e0d1575e4d01746b
>
> Out of interest, did this cause problems in a real installation, or were
> you running a test suite?
>
>
> Cheers,
>
> Simon.
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] typo in dnsmasq.8 man page

[Geert Stappers]

On Wed, May 03, 2023 at 05:04:52AM +0800, Justin wrote:
> https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=man/dnsmasq.8;h=30429dfa84457af04651269b785aa8a8141265de;hb=HEAD#l393
> 
> diff
> a comma-separated list or RR-types
> a comma-separated list of RR-types

At https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q2/017012.html
an example how a patch should like. Generate it
with git subcommands  `commit`, `format-patch` and `send-email`.

It is OK to ask additional information about that process.

 
> Regards
> Justin He


Groeten
Geert Stappers
-- 
Silence is hard to parse

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss