Forwarding the dnsmasq problem analisys of Simon Kelley.
He very smartly spotted the bug I was talking about.
Happy XMas to Simon and all of you !
Bob
--- Begin Message --->From [EMAIL PROTECTED] Thu Dec 23 23:19:37 2004 Return-Path: <[EMAIL PROTECTED]> X-ifm-sid: <lyb6AYqk> X-ifm: VirusFree Received: from cpc4-cmbg4-4-0-cust135.cmbg.cable.ntl.com [::ffff:81.108.205.135] by hal-4.inet.it via I-SMTP-5.2.1-520 id ::ffff:81.108.205.135+t8Gf6faALB; Thu, 23 Dec 2004 23:19:37 +0100 Received: from desk.thekelleys.org.uk ([192.168.0.3] helo=sanger.ac.uk) by thekelleys.org.uk with esmtp (Exim 3.35 #1 (Debian)) id 1ChbIg-00042X-00 for <[EMAIL PROTECTED]>; Thu, 23 Dec 2004 22:19:14 +0000 Message-ID: <[EMAIL PROTECTED]> Date: Thu, 23 Dec 2004 22:22:52 +0000 From: Simon Kelley <[EMAIL PROTECTED]> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.6) Gecko/20040413 Debian/1.6-5 X-Accept-Language: en MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: Re: dnsmasq help needed Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit>tcpdump -n -i eth0 port 53 >shows activity for "dig www.apple.com" every time, while for all other >names I can try, the activity on port 53 eth0 occurs only on the first >try (I am talking about repeated tries at short intervals weel under >the 50 seconds) while the rest is obviously cached. That looked a little odd, so I tried it myself and got the same result. Poking around I found a bug which has been there pretty much since the first versions of dnsmasq. Since its effect is to inhibit caching off a very few names, I guess nobody has ever noticed it before. To hit the problem, a name has to be a CNAME, and the actual A record which it points to has to have the original name as a leading substring of its name. www.apple.com hits this: ; <<>> DiG 9.2.4rc5 <<>> @127.0.0.1 -p 10000 www.apple.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24807 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.apple.com. IN A ;; ANSWER SECTION: www.apple.com. 1735 IN CNAME www.apple.com.akadns.net. www.apple.com.akadns.net. 55 IN A 17.254.0.91 ;; Query time: 22 msec ;; SERVER: 127.0.0.1#10000(127.0.0.1) ;; WHEN: Thu Dec 23 21:58:26 2004 ;; MSG SIZE rcvd: 85 www.apple.com is CNAME, pointing to www.apple.com.akadns.net, which has www.apple.com at its begining. I think this gets some kind of record for bug subtlety, it will be nailed in the next release. Cheers, Simon. [ Please could you forward the above to the debian-user list. I found the thread via Google and have no easy way to post to the list and keep the threading intact.]
--- End Message ---
