Re: [Dnsmasq-discuss] bogus-nxdomain + opendns + ipv6

[Simon Kelley]

On 15/11/12 20:08, Andrew Elwell wrote:
 Hi Folks
 
 (warning, this is behaviour noticed with the version of dnsmasq on my router -
 version.bind. 0   CH  TXT dnsmasq-2.61
 apologies if fixed in a newer version)
 
 
 I've been using OpenDNS with nxdomain to filter out their annoying
 brain-dead NXDOMAIN mangling. however If I do this, it breaks on IPv6
 addresses
 
 ie - an expected result
 
 $ host indicodev2.ipv6.cern.ch 8.8.8.8
 Using domain server:
 Name: 8.8.8.8
 Address: 8.8.8.8#53
 Aliases:
 
 indicodev2.ipv6.cern.ch has IPv6 address 2001:1458:201:b5b9::100:10
 
 
 -- there's an IPv6  record, but no A record for this machine
 
 howver if I use opendns I get
 
 $ host indicodev2.ipv6.cern.ch 208.67.222.222
 Using domain server:
 Name: 208.67.222.222
 Address: 208.67.222.222#53
 Aliases:
 
 indicodev2.ipv6.cern.ch has address 67.215.65.132   BOGUS
 indicodev2.ipv6.cern.ch has IPv6 address 2001:1458:201:b5b9::100:10
 
 and with bogus-nxdomain  67.215.65.132 it bails after the A record and
 doesn't try  unless specifically asked
 
 
 $ host indicodev2.ipv6.cern.ch
 Host indicodev2.ipv6.cern.ch not found: 3(NXDOMAIN)
 
 $ host -t  indicodev2.ipv6.cern.ch
 indicodev2.ipv6.cern.ch has IPv6 address 2001:1458:201:b5b9::100:10
 
 
 Any ideas if I can work around this via configuration or do I have to
 give up with opendns
 
 
 Many thanks
 
 Andrew
 


And the nasty hacks will come back and bite you. It might take 10 years,
but they will bite you.

What's happening is that dnsmasq is re-writing the reply

indicodev2.ipv6.cern.ch has address 67.215.65.132   BOGUS

as indicodev2.ipv6.cern.ch is no-such-domain. Note that it's _not_
asserting indicodev2.ipv6.cern.ch has no IPv4 address, it's asserting
indicodev2.ipv6.cern.ch does not exist. So the host command is quite
right not to even try and find the IPv6 address for that domain, since
it's already been told that it doesn't exist.


This might not bite you in real life, if whatever is looking up that
domain does the A and  lookups separately, and isn't bright enough
to make the inference that host does.


This could be fixed in dnsmasq by re-writing to a NODATA reply instead
of NXDOMAIN. but I'm worried about doing that in case it finds a
different set of problems: now you're starting to assert that lots of
domains which DON'T exist do.


Cheers,

Simon.


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] bogus-nxdomain + opendns + ipv6

[Andrew Elwell]

Hi Folks

(warning, this is behaviour noticed with the version of dnsmasq on my router -
version.bind.   0   CH  TXT dnsmasq-2.61
apologies if fixed in a newer version)


I've been using OpenDNS with nxdomain to filter out their annoying
brain-dead NXDOMAIN mangling. however If I do this, it breaks on IPv6
addresses

ie - an expected result

$ host indicodev2.ipv6.cern.ch 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

indicodev2.ipv6.cern.ch has IPv6 address 2001:1458:201:b5b9::100:10


-- there's an IPv6  record, but no A record for this machine

howver if I use opendns I get

$ host indicodev2.ipv6.cern.ch 208.67.222.222
Using domain server:
Name: 208.67.222.222
Address: 208.67.222.222#53
Aliases:

indicodev2.ipv6.cern.ch has address 67.215.65.132   BOGUS
indicodev2.ipv6.cern.ch has IPv6 address 2001:1458:201:b5b9::100:10

and with bogus-nxdomain  67.215.65.132 it bails after the A record and
doesn't try  unless specifically asked


$ host indicodev2.ipv6.cern.ch
Host indicodev2.ipv6.cern.ch not found: 3(NXDOMAIN)

$ host -t  indicodev2.ipv6.cern.ch
indicodev2.ipv6.cern.ch has IPv6 address 2001:1458:201:b5b9::100:10


Any ideas if I can work around this via configuration or do I have to
give up with opendns


Many thanks

Andrew

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss