Bz1826691 no qname forward #6
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SIOCGSTAMP is defined in linux/sockios.h, not asm/sockios.h now.
Thanks to Xu Mingjie <xumingjie1995@outlook.com> for spotting this.
Commit caf4d57 forgot adding ubus_libs to build_libs for all-i18n target Fixes: - http://autobuild.buildroot.org/results/c0b27754b7ede024c095bdf0b3616e6f6be48c6d Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
If the cache size is very large, the malloc() call will overflow on 32 bit platforms and dnsmasq will crash. Limit to an order of magnitude less. Thanks to Lili Xu for spotting this.
Thanks to Pal Lockheart <ex@palx.org> for the original patch.
…are OK. In a reply proving that a DS doesn't exist, it doesn't matter if RRs in the auth section _other_ than NSEC/NSEC3 are not signed. We can't set the AD flag when returning the query, but it still proves that the DS doesn't exist for internal use. As one of the RRs which may not be signed is the SOA record, use the TTL of the NSEC record to cache the negative result, not one derived from the SOA. Thanks to Tore Anderson for spotting and diagnosing the bug.
Currently, dhcp_release will only send a 'fake' release when the address given is in the same subnet as an IP on the interface that was given. This doesn't work in an environment where dnsmasq is managing leases for remote subnets via a DHCP relay, as running dhcp_release locally will just cause it to silently exit without doing anything, leaving the lease in the database. Change it to use the default IP on the interface, as the dnsmasq source code at src/dhcp.c does, if no matching subnet IP is found, as a fall-back. This fixes an issue we are seeing in certain Openstack deployments where we are using dnsmasq to provision baremetal systems in a datacenter. While using Dbus might have seemed like an obvious solution, because of our extensive use of network namespaces (which Dbus doesn't support), this seemed like a better solution than creating system.d policy files for each dnsmasq we might spawn and using --enable-dbus=$id in order to isolate messages to specific dnsmasq instances. Signed-off-by: Brian Haley <haleyb.dev@gmail.com>
Even if they are in a signed zone.
Loop variable must count up from zero, now we're using it as an array index.
…e entry. Patch extended to receive side of pipe by SRK.
If no IPv4 address is present on given interface, the tool would not send any request. It would not report any error at the same time. Report error if request send failed. Signed-off-by: Petr Mensik <pemensik@redhat.com>
Some REFUSED answers to DNSSEC-originated queries would bypass the DNSSEC code entirely, and be returned as answers to the original query. In the process, they'd mess up datastructures so that a retry of the original query would crash dnsmasq.
The idea of this option was already discussed years ago on the mailing list: https://dnsmasq-discuss.thekelleys.org.narkive.com/ZoFQNaGo/always-ignore-client-identifier#post4 In our production environnement, we discovered that some devices are using 'client identifier' not unique at all, resulting on IP addresses conflicts between several devices (we saw up to four devices using same IP address). The root cause is probably a buggy operating system/configuration of decices, but this patch add a configuration workaround on server side when fixing clients is impossible. Signed-off-by: Charles Daymand <charles.daymand@wifirst.fr> Signed-off-by: Florent Fourcot <florent.fourcot@wifirst.fr>
This causes tftp to fail on some BSD versions, for sure. It works by chance on others. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241068
Cope with cached and configured CNAMES for all record types we support, including local-config but not cached types such as TXT. Also, if we have a locally configured CNAME but no target for the requested type, don't forward the query.
If dnsmasq is not acting as an authoritative nameserver (no second argument to --auth-server) then it should not appear in the NS RRset. This leaves simply the list of servers specified in --auth-sec-servers.
Same as for the dbus, allow specifying ubus service name (namespace) on the command line as an optional argument to --enable-ubus option. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
A call to get_new_frec() for a DNSSEC query could manage to free the original frec that we're doing the DNSSEC query to validate. Bad things then happen. This requires that the original frec is old, so it doesn't happen in practice. I found it when running under gdb, and there have been reports of SEGV associated with large system-clock warps which are probably the same thing.
Hi Simon, > Add --shared-network config. This enables allocation of addresses > the DHCP server in subnets where the server (or relay) doesn't > have an interface on the network in that subnet. Many thanks to > kamp.de for sponsoring this feature. Does this paragraph lack a preposition "by" early on the 2nd line, or am I mis-guessing the purpose? ...enables allocation of addresses *by* the DHCP server... The manual page also seems to offer room for linguistic improvement (apparently written by a German, so I see the typical patterns, and also the misuse of which vs. that. I am attaching a patch series vs. git to fix several issues in the manpage and CHANGELOG. From 35b88d98429e2fe016d9989d220f6faf2b933764 Mon Sep 17 00:00:00 2001 From: Matthias Andree <matthias.andree@gmx.de> Date: Sun, 5 Apr 2020 11:18:05 +0200 Subject: [PATCH 1/5] man/dnsmasq.8: Properly capitalize DHCP acronym.
Add runit /etc files to conffiles. Fix broken copyright file in dnsmasq binary package.
…..) into warning. We call this, which avoids POLLERR returns from netlink on a loaded system, if the kernel is new enough to support it. Sadly, qemu-user doesn't support the socket option, so if it fails despite the kernel being new enough to support it, we just emit a warning, rather than failing hard.
Log in debug mode listening on interfaces. They can be dynamically found, include interface number, since it is checked on TCP connections. Print also addresses found on them.
On many places return value is ignored. Usually it means port is always the same and not needed to be displayed. Unify warnings.
If interface is recreated with the same address but different index, it would not change any other parameter. Test also address family on incoming TCP queries.
Clean addresses and interfaces not found after enumerate. Free unused records to speed up checking active interfaces and reduce used memory.
Save listening address into listener. Use it to find existing listeners before creating new one. If it exist, increase just used counter. Release only listeners not already used. Duplicates family in listener.
Since address already contain family, remove separate family from listener. Use now family from address itself.
The initial call to enumerate_interfaces() happens before the logging subsystem in initialised and the startup banner logged. It's not intended that syslog be written at this point.
This patch fixes a buffer overflow in TCP requests. Since the read is not actually being retried, the byte written by the child can be left in the pipe. When that happens, cache_recv_insert() reads the length of the name, which is now multiplied by 256 due to the extra 0 byte (8 bit shift) and results in daemon->namebuff being overflowed. Namebuff is immediately before the daemon struct in memory so it ends up corrupting the beginning of the daemon struct.
Short TTLs and specifically zero TTLs can mess up DNSSEC validation.
Also remove floor on valid and preffered times in RA when no time is specified.
Fixes unsuccessful forwarding, when reply from upstream server does not contain qname in response body. Uses at least response id to find original query and forwards such response to waiting client. Fixes timeouts at waiting client, when upstream has answers in unexpected format.
pemensik
force-pushed
the
bz1826691-no-qname-forward
branch
from
d2fdaf0 to
621b779
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
bz