[Re: dnsmasq help needed]

To: debian-user@lists.debian.org
Cc: skr@sanger.ac.uk
Subject: [Re: dnsmasq help needed]
From: Bob Alexander <bob@ngi.it>
Date: Fri, 24 Dec 2004 09:12:25 +0100
Message-id: <[🔎] 41CBCF69.6020708@ngi.it>

Forwarding the dnsmasq problem analisys of Simon Kelley.

He very smartly spotted the bug I was talking about.

Happy XMas to Simon and all of you !

Bob

--- Begin Message ---

>From srk@sanger.ac.uk Thu Dec 23 23:19:37 2004
Return-Path: <srk@sanger.ac.uk>
X-ifm-sid: <lyb6AYqk>
X-ifm: VirusFree
Received: from cpc4-cmbg4-4-0-cust135.cmbg.cable.ntl.com [::ffff:81.108.205.135] by hal-4.inet.it via I-SMTP-5.2.1-520
	id ::ffff:81.108.205.135+t8Gf6faALB; Thu, 23 Dec 2004 23:19:37 +0100
Received: from desk.thekelleys.org.uk ([192.168.0.3] helo=sanger.ac.uk)
	by thekelleys.org.uk with esmtp (Exim 3.35 #1 (Debian))
	id 1ChbIg-00042X-00
	for <bob@ngi.it>; Thu, 23 Dec 2004 22:19:14 +0000
Message-ID: <41CB453C.2030206@sanger.ac.uk>
Date: Thu, 23 Dec 2004 22:22:52 +0000
From: Simon Kelley <srk@sanger.ac.uk>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.6) Gecko/20040413 Debian/1.6-5
X-Accept-Language: en
MIME-Version: 1.0
To:  bob@ngi.it
Subject: Re: dnsmasq help needed
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

 >tcpdump -n -i eth0 port 53

 >shows activity for "dig www.apple.com" every time, while for all other 
 >names I can try, the activity on port 53 eth0 occurs only on the first 
 >try (I am talking about repeated tries at short intervals weel under 
 >the 50 seconds) while the rest is obviously cached.


That looked a little odd, so I tried it myself and got the same result. 
Poking around I found a bug which has been there pretty much since the 
first versions of dnsmasq. Since its effect is to inhibit caching off a 
very few names, I guess nobody has ever noticed it before.

To hit the problem, a name has to be a CNAME, and the actual A record 
which it points to has to have the original name as a leading substring 
of its name.

www.apple.com hits this:


; <<>> DiG 9.2.4rc5 <<>> @127.0.0.1 -p 10000 www.apple.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24807
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.apple.com.                 IN      A

;; ANSWER SECTION:
www.apple.com.          1735    IN      CNAME   www.apple.com.akadns.net.
www.apple.com.akadns.net. 55    IN      A       17.254.0.91

;; Query time: 22 msec
;; SERVER: 127.0.0.1#10000(127.0.0.1)
;; WHEN: Thu Dec 23 21:58:26 2004
;; MSG SIZE  rcvd: 85



www.apple.com is CNAME, pointing to www.apple.com.akadns.net, which has 
www.apple.com at its begining.

I think this gets some kind of record for bug subtlety, it will be 
nailed in the next release.


Cheers,

Simon.



[ Please could you forward the above to the debian-user list. I found 
the thread via Google and have no easy way to post to the list and keep 
the threading intact.]

--- End Message ---

Reply to:

Prev by Date: Re: Why isn't MPlayer in Debian?
Next by Date: Error from X
Previous by thread: Re: Why isn't MPlayer in Debian?
Next by thread: Error from X
Index(es):
- Date
- Thread