Bug#942363: dnsmasq breaks "dig +trace"

Tue, 15 Oct 2019 01:48:53 -0700 

Package: dnsmasq
Version: 2.80-1
Severity: normal

With dnsmasq as (local) DNS server, "dig +trace <host>" doesn't work, because a
query for OPT <Root> is answered with "Server failure".


Here's Wireshark's dissection:

  Domain Name System (response)
    Transaction ID: 0x87bf
    Flags: 0x8082 Standard query response, Server failure
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an authority for 
domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...0 .... .... = Recursion desired: Don't do query recursively
        .... .... 1... .... = Recursion available: Server can do recursive 
queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion 
was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0010 = Reply code: Server failure (2)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 1
    Queries
        <Root>: type NS, class IN
            Name: <Root>
            [Name Length: 6]
            [Label Count: 1]
            Type: NS (authoritative Name Server) (2)
            Class: IN (0x0001)
    Additional records
        <Root>: type OPT
            Name: <Root>
            Type: OPT (41)
            UDP payload size: 4096
            Higher bits in extended RCODE: 0x00
            EDNS0 version: 0
            Z: 0x0000
            Data length: 0

Choosing a different DNS server ("dig @8.8.8.8 +trace <host>") gives an answer.



-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-debug'), (500, 'unstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.2.0-2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_AT:de (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dnsmasq depends on:
ii  dnsmasq-base [dnsmasq-base]  2.80-1
ii  init-system-helpers          1.56+nmu1
ii  lsb-base                     10.2019051400
ii  netbase                      5.6

dnsmasq recommends no packages.

Versions of packages dnsmasq suggests:
pn  resolvconf  <none>

-- Configuration Files:
/etc/dnsmasq.conf changed [not included]

-- no debconf information

--

Reply via email to