Discussion:
[Dnsmasq-discuss] No cache for CNAME records that point to the host's address
J***@bmw.de
2014-11-10 12:55:42 UTC
Permalink
Hi @all!

We are testing dnsmasq as a local DNS cache for our linux hosts, since some of our use-cases rely on asking DNS over the same records dozens of times in a second.

The setup is pretty simple: bound to localhost only, use only the cache, and forward it to our "upstream" DNS servers.

|| # cat dnsmasq.conf
|| resolv-file= /opt/dnsmasq/conf/resolv.conf
|| pid-file= /opt/dnsmasq/run/dnsmasq.pid
||
|| interface=lo
|| listen-address=127.0.0.1
|| port=53
||
|| cache-size=3000
|| max-cache-ttl=300
|| neg-ttl=60
||
|| log-facility= /opt/dnsmasq/log/dnsmasq.log
|| log-queries # enabled for debugging only

We have a host in the lab, that has one IP Address, and a CNAME :

|| itavm0002test.muc. 3600 IN CNAME itavm0002.muc.
|| itavm0002.muc. 3600 IN A 10.XXX.XXX.102

However, this IP is also included in the /etc/hosts file, that is being read:

|| # grep itavm0002 /etc/hosts
|| 10.XXX.XXX.102 itavm0002.muc itavm0002.muc itavm0002

When I ask dnsmasq for a CNAME record (itavm0002test=>itavm0002), it is getting forwarded to the upstream DNS Server, and is returned as a CNAME and the appropriate IP (that also exists in the hosts file).

However, unless I have no-hosts in the config file, this record is never cached:

|| Nov 10 13:25:12 dnsmasq[25200]: started, version 2.72 cachesize 3000
|| Nov 10 13:25:12 dnsmasq[25200]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ip
|| set auth no-DNSSEC loop-detect
|| Nov 10 13:25:12 dnsmasq[25200]: reading /opt/dnsmasq/conf/resolv.conf
|| Nov 10 13:25:12 dnsmasq[25200]: using nameserver 160.XXX.XXX.2#53
|| Nov 10 13:25:12 dnsmasq[25200]: read /etc/hosts - 8 addresses

Querying local hostname with "dig itavm0002.muc" several times: /etc/hosts is consulted and the result is returned:

|| Nov 10 13:25:20 dnsmasq[25200]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:25:20 dnsmasq[25200]: /etc/hosts itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:25:24 dnsmasq[25200]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:25:24 dnsmasq[25200]: /etc/hosts itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:25:26 dnsmasq[25200]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:25:26 dnsmasq[25200]: /etc/hosts itavm0002.muc is 10.XXX.XXX.102

Now I start to query the CNAME record by "dig itavm0002test", that points to the same 10.XXX.XXX.102 IP via the DNS System:

|| Nov 10 13:25:30 dnsmasq[25200]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:25:30 dnsmasq[25200]: forwarded itavm0002test.muc to 160.XXX.XXX.2
|| Nov 10 13:25:30 dnsmasq[25200]: reply itavm0002test.muc is <CNAME>
|| Nov 10 13:25:30 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:25:32 dnsmasq[25200]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:25:32 dnsmasq[25200]: forwarded itavm0002test.muc to 160.XXX.XXX.2
|| Nov 10 13:25:32 dnsmasq[25200]: reply itavm0002test.muc is <CNAME>
|| Nov 10 13:25:32 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:25:36 dnsmasq[25200]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:25:36 dnsmasq[25200]: forwarded itavm0002test.muc to 160.XXX.XXX.2
|| Nov 10 13:25:36 dnsmasq[25200]: reply itavm0002test.muc is <CNAME>
|| Nov 10 13:25:36 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:25:38 dnsmasq[25200]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:25:38 dnsmasq[25200]: forwarded itavm0002test.muc to 160.XXX.XXX.2
|| Nov 10 13:25:38 dnsmasq[25200]: reply itavm0002test.muc is <CNAME>
|| Nov 10 13:25:38 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102

-> No caching is performed.

I can however confirm, that with the option "no-hosts" this is not observed:

|| Nov 10 13:36:20 dnsmasq[26071]: started, version 2.72 cachesize 3000
|| Nov 10 13:36:20 dnsmasq[26071]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ip
|| set auth no-DNSSEC loop-detect
|| Nov 10 13:36:20 dnsmasq[26071]: reading /opt/dnsmasq/conf/resolv.conf
|| Nov 10 13:36:20 dnsmasq[26071]: using nameserver 160.XXX.XXX.2#53
|| Nov 10 13:36:20 dnsmasq[26071]: cleared cache

Now we ask even our own hostname (and FQDN) from the upstream DNS Server, and since we don't use hosts, the first query gets forwarded, the upcoming ones are served from the cache:

|| Nov 10 13:36:26 dnsmasq[26071]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:36:26 dnsmasq[26071]: forwarded itavm0002.muc to 160.XXX.XXX.2
|| Nov 10 13:36:29 dnsmasq[26071]: reply itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:36:29 dnsmasq[26071]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:36:29 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:36:35 dnsmasq[26071]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:36:35 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102

Now we ask the CNAME present in the DNS, and the first is returned from upstream, and the later queries are again served from cache:

|| Nov 10 13:36:39 dnsmasq[26071]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:36:39 dnsmasq[26071]: forwarded itavm0002test.muc to 160.XXX.XXX.2
|| Nov 10 13:36:39 dnsmasq[26071]: reply itavm0002test.muc is <CNAME>
|| Nov 10 13:36:39 dnsmasq[26071]: reply itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:36:41 dnsmasq[26071]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:36:41 dnsmasq[26071]: cached itavm0002test.muc is <CNAME>
|| Nov 10 13:36:41 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102
|| Nov 10 13:36:42 dnsmasq[26071]: query[A] itavm0002test.muc from 127.0.0.1
|| Nov 10 13:36:42 dnsmasq[26071]: cached itavm0002test.muc is <CNAME>
|| Nov 10 13:36:42 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102

This however has the problem, that the addresses "localhost" & co. are not resolved properly, since the resolv.conf is only using 127.0.0.1 as the namesever, and this address is not resolvable by the DNS System.

|| Nov 10 13:40:32 dnsmasq[26071]: query[A] localhost from 127.0.0.1
|| Nov 10 13:40:32 dnsmasq[26071]: forwarded localhost to 160.XXX.XXX.2
|| Nov 10 13:40:32 dnsmasq[26071]: reply localhost is NXDOMAIN

If I leave the no-hosts option, this is served from the /etc/hosts file:

|| Nov 10 13:52:19 dnsmasq[26907]: query[A] localhost from 127.0.0.1
|| Nov 10 13:52:19 dnsmasq[26907]: /etc/hosts localhost is 127.0.0.1
|| Nov 10 13:52:19 dnsmasq[26907]: query[AAAA] localhost from 127.0.0.1
|| Nov 10 13:52:19 dnsmasq[26907]: /etc/hosts localhost is ::1

An ugly workaroung would be of course to create a customized hosts file, where one would get rid of the entries of the host, and only keep localhost&co, and provide that with addn-hosts, but I'd not consider that...

I have tested with the latest 2.72.

Could you / someone please confirm and explain this behavior? It this designed to behave like this or is this a bug?

Thanks in advance,

Regards,
Janos Mattyasovszky
--
BMW Group
Janos Mattyasovszky
Linux Solutions
FG-941 Unix/Linux Server Infrastructure

Postanschrift:
Bremer Strasse 6
80788 München

Tel: +49-89-382-13280
Mail: ***@bmw.de
Web: http://www.bmwgroup.com/
--------------------------------------------------------------------
Bayerische Motoren Werke Aktiengesellschaft
Vorstand: Norbert Reithofer, Vorsitzender,
Milagros Caiña Carreiro-Andree,
Herbert Diess, Klaus Draeger, Friedrich Eichiner,
Harald Krüger, Ian Robertson, Peter Schwarzenbauer.
Vorsitzender des Aufsichtsrats: Joachim Milberg
Sitz und Registergericht: München HRB 42243
--------------------------------------------------------------------
Simon Kelley
2014-12-17 21:57:39 UTC
Permalink
The deep reason for this is that the architecture of dnsmasq doesn't
allow it to return DNS answers with information that comes from
upstream _and_ local information.

You have defined the address of itavm0002.muc. locally, but the CNAME
comes from upstream. That make it difficult to always return correct
answers in all cases. Assume the general case that you define
(override) the value of the A record for itavm0002.muc. to be
something different than the upstream value. A query for
itavm0002.muc. will return your local value. A query for the CNAME
itavm0002test.muc. will return the CNAME, and the upstream value for
itavm0002.muc, different from the local value. In order to at least
have consistent answers, dnsmasq won't cache data from an answer which
has an upstream A or AAAA record which overlays a locally defined
record (from /etc/hosts) for instance. Hence you caching problem.

A fix would be to notice that the value of the local and upstream A
records are the same. That would fix this case, but need new code in
dnsmasq.

The simplest solution for you would be to add the CNAMEs to dnsmasq's
local configuration by adding this line to /etc/dnsmasq.conf


cname=itavm0002test.muc,itavm0002.muc

Cheers,

Simon.
Post by J***@bmw.de
We are testing dnsmasq as a local DNS cache for our linux hosts,
since some of our use-cases rely on asking DNS over the same
records dozens of times in a second.
The setup is pretty simple: bound to localhost only, use only the
cache, and forward it to our "upstream" DNS servers.
|| # cat dnsmasq.conf || resolv-file= /opt/dnsmasq/conf/resolv.conf
|| pid-file= /opt/dnsmasq/run/dnsmasq.pid || || interface=lo ||
listen-address=127.0.0.1 || port=53 || || cache-size=3000 ||
max-cache-ttl=300 || neg-ttl=60 || || log-facility=
/opt/dnsmasq/log/dnsmasq.log || log-queries # enabled for
debugging only
|| itavm0002test.muc. 3600 IN CNAME itavm0002.muc.
|| itavm0002.muc. 3600 IN A 10.XXX.XXX.102
|| # grep itavm0002 /etc/hosts || 10.XXX.XXX.102 itavm0002.muc
itavm0002.muc itavm0002
When I ask dnsmasq for a CNAME record (itavm0002test=>itavm0002),
it is getting forwarded to the upstream DNS Server, and is returned
as a CNAME and the appropriate IP (that also exists in the hosts
file).
|| Nov 10 13:25:12 dnsmasq[25200]: started, version 2.72 cachesize
3000 || Nov 10 13:25:12 dnsmasq[25200]: compile time options: IPv6
GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP
no-conntrack ip || set auth no-DNSSEC loop-detect || Nov 10
13:25:12 dnsmasq[25200]: reading /opt/dnsmasq/conf/resolv.conf ||
Nov 10 13:25:12 dnsmasq[25200]: using nameserver 160.XXX.XXX.2#53
|| Nov 10 13:25:12 dnsmasq[25200]: read /etc/hosts - 8 addresses
|| Nov 10 13:25:20 dnsmasq[25200]: query[A] itavm0002.muc from
127.0.0.1 || Nov 10 13:25:20 dnsmasq[25200]: /etc/hosts
query[A] itavm0002.muc from 127.0.0.1 || Nov 10 13:25:24
dnsmasq[25200]: /etc/hosts itavm0002.muc is 10.XXX.XXX.102 || Nov
10 13:25:26 dnsmasq[25200]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:25:26 dnsmasq[25200]: /etc/hosts itavm0002.muc is
10.XXX.XXX.102
Now I start to query the CNAME record by "dig itavm0002test", that
|| Nov 10 13:25:30 dnsmasq[25200]: query[A] itavm0002test.muc from
127.0.0.1 || Nov 10 13:25:30 dnsmasq[25200]: forwarded
itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:25:30
dnsmasq[25200]: reply itavm0002test.muc is <CNAME> || Nov 10
13:25:30 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102 ||
Nov 10 13:25:32 dnsmasq[25200]: query[A] itavm0002test.muc from
127.0.0.1 || Nov 10 13:25:32 dnsmasq[25200]: forwarded
itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:25:32
dnsmasq[25200]: reply itavm0002test.muc is <CNAME> || Nov 10
13:25:32 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102 ||
Nov 10 13:25:36 dnsmasq[25200]: query[A] itavm0002test.muc from
127.0.0.1 || Nov 10 13:25:36 dnsmasq[25200]: forwarded
itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:25:36
dnsmasq[25200]: reply itavm0002test.muc is <CNAME> || Nov 10
13:25:36 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102 ||
Nov 10 13:25:38 dnsmasq[25200]: query[A] itavm0002test.muc from
127.0.0.1 || Nov 10 13:25:38 dnsmasq[25200]: forwarded
itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:25:38
dnsmasq[25200]: reply itavm0002test.muc is <CNAME> || Nov 10
13:25:38 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102
-> No caching is performed.
|| Nov 10 13:36:20 dnsmasq[26071]: started, version 2.72 cachesize
3000 || Nov 10 13:36:20 dnsmasq[26071]: compile time options: IPv6
GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP
no-conntrack ip || set auth no-DNSSEC loop-detect || Nov 10
13:36:20 dnsmasq[26071]: reading /opt/dnsmasq/conf/resolv.conf ||
Nov 10 13:36:20 dnsmasq[26071]: using nameserver 160.XXX.XXX.2#53
|| Nov 10 13:36:20 dnsmasq[26071]: cleared cache
Now we ask even our own hostname (and FQDN) from the upstream DNS
Server, and since we don't use hosts, the first query gets
|| Nov 10 13:36:26 dnsmasq[26071]: query[A] itavm0002.muc from
127.0.0.1 || Nov 10 13:36:26 dnsmasq[26071]: forwarded
reply itavm0002.muc is 10.XXX.XXX.102 || Nov 10 13:36:29
dnsmasq[26071]: query[A] itavm0002.muc from 127.0.0.1 || Nov 10
13:36:29 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102 ||
Nov 10 13:36:35 dnsmasq[26071]: query[A] itavm0002.muc from
127.0.0.1 || Nov 10 13:36:35 dnsmasq[26071]: cached itavm0002.muc
is 10.XXX.XXX.102
Now we ask the CNAME present in the DNS, and the first is returned
|| Nov 10 13:36:39 dnsmasq[26071]: query[A] itavm0002test.muc from
127.0.0.1 || Nov 10 13:36:39 dnsmasq[26071]: forwarded
itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:36:39
dnsmasq[26071]: reply itavm0002test.muc is <CNAME> || Nov 10
13:36:39 dnsmasq[26071]: reply itavm0002.muc is 10.XXX.XXX.102 ||
Nov 10 13:36:41 dnsmasq[26071]: query[A] itavm0002test.muc from
127.0.0.1 || Nov 10 13:36:41 dnsmasq[26071]: cached
cached itavm0002.muc is 10.XXX.XXX.102 || Nov 10 13:36:42
dnsmasq[26071]: query[A] itavm0002test.muc from 127.0.0.1 || Nov 10
13:36:42 dnsmasq[26071]: cached itavm0002test.muc is <CNAME> || Nov
10 13:36:42 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102
This however has the problem, that the addresses "localhost" & co.
are not resolved properly, since the resolv.conf is only using
127.0.0.1 as the namesever, and this address is not resolvable by
the DNS System.
|| Nov 10 13:40:32 dnsmasq[26071]: query[A] localhost from
127.0.0.1 || Nov 10 13:40:32 dnsmasq[26071]: forwarded localhost
to 160.XXX.XXX.2 || Nov 10 13:40:32 dnsmasq[26071]: reply localhost
is NXDOMAIN
|| Nov 10 13:52:19 dnsmasq[26907]: query[A] localhost from
127.0.0.1 || Nov 10 13:52:19 dnsmasq[26907]: /etc/hosts localhost
is 127.0.0.1 || Nov 10 13:52:19 dnsmasq[26907]: query[AAAA]
/etc/hosts localhost is ::1
An ugly workaroung would be of course to create a customized hosts
file, where one would get rid of the entries of the host, and only
keep localhost&co, and provide that with addn-hosts, but I'd not
consider that...
I have tested with the latest 2.72.
Could you / someone please confirm and explain this behavior? It
this designed to behave like this or is this a bug?
Thanks in advance,
Regards, Janos Mattyasovszky
J***@bmw.de
2014-12-18 12:15:03 UTC
Permalink
Hi,
Post by Simon Kelley
A fix would be to notice that the value of the local and upstream A
records are the same. That would fix this case, but need new code in
dnsmasq.
Will this "feature" be implemented in upcoming versions?

The background is, that in /etc/hosts we (I presume others as well) have to include each host's IP Address, but there are regular cases, where some services are not using additional service IP's (bad practice, I know), but have a CNAME pointing to the VM's hostname. The IP of a VM is constant during its lifetime, but the CNAME-s pointing to this hostname can and will change over time, and starting to maintain something else in the hosts file is a quantum leap backwards, if one is already having a good DNS system...

The other problem is if I'd to the workaround by adding the cnames to the config file is that I don't know at the time I start dnsmasq what CNAME-s are defined, that might point to the VM's hostname...

Regards,
Janos
--
BMW Group
Janos Mattyasovszky
Linux Solutions
FG-941 Unix/Linux Server Infrastructure

Postanschrift:
Bremer Strasse 6
80788 München

Tel: +49-89-382-13280
Mail: ***@bmw.de
Web: http://www.bmwgroup.com/
--------------------------------------------------------------------
Bayerische Motoren Werke Aktiengesellschaft
Board of Management: Norbert Reithofer, Chairman,
Milagros Caiña Carreiro-Andree, Klaus Draeger,
Friedrich Eichiner, Klaus Fröhlich, Harald Krüger,
Ian Robertson, Peter Schwarzenbauer.
Chairman of Supervisory Board: Joachim Milberg
Registered in Germany: München HRB 42243
--------------------------------------------------------------------

-----Original Message-----
From: Dnsmasq-discuss [mailto:dnsmasq-discuss-***@thekelleys.org.uk] On Behalf Of Simon Kelley
Sent: Mittwoch, 17. Dezember 2014 22:58
To: dnsmasq-***@thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] No cache for CNAME records that point to the host's address

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


The deep reason for this is that the architecture of dnsmasq doesn't
allow it to return DNS answers with information that comes from
upstream _and_ local information.

You have defined the address of itavm0002.muc. locally, but the CNAME
comes from upstream. That make it difficult to always return correct
answers in all cases. Assume the general case that you define
(override) the value of the A record for itavm0002.muc. to be
something different than the upstream value. A query for
itavm0002.muc. will return your local value. A query for the CNAME
itavm0002test.muc. will return the CNAME, and the upstream value for
itavm0002.muc, different from the local value. In order to at least
have consistent answers, dnsmasq won't cache data from an answer which
has an upstream A or AAAA record which overlays a locally defined
record (from /etc/hosts) for instance. Hence you caching problem.

A fix would be to notice that the value of the local and upstream A
records are the same. That would fix this case, but need new code in
dnsmasq.

The simplest solution for you would be to add the CNAMEs to dnsmasq's
local configuration by adding this line to /etc/dnsmasq.conf


cname=itavm0002test.muc,itavm0002.muc

Cheers,

Simon.
Post by Simon Kelley
We are testing dnsmasq as a local DNS cache for our linux hosts,
since some of our use-cases rely on asking DNS over the same
records dozens of times in a second.
The setup is pretty simple: bound to localhost only, use only the
cache, and forward it to our "upstream" DNS servers.
|| # cat dnsmasq.conf || resolv-file= /opt/dnsmasq/conf/resolv.conf
|| pid-file= /opt/dnsmasq/run/dnsmasq.pid || || interface=lo ||
listen-address=127.0.0.1 || port=53 || || cache-size=3000 ||
max-cache-ttl=300 || neg-ttl=60 || || log-facility=
/opt/dnsmasq/log/dnsmasq.log || log-queries # enabled for
debugging only
|| itavm0002test.muc. 3600 IN CNAME itavm0002.muc.
|| itavm0002.muc. 3600 IN A 10.XXX.XXX.102
|| # grep itavm0002 /etc/hosts || 10.XXX.XXX.102 itavm0002.muc
itavm0002.muc itavm0002
When I ask dnsmasq for a CNAME record (itavm0002test=>itavm0002),
it is getting forwarded to the upstream DNS Server, and is returned
as a CNAME and the appropriate IP (that also exists in the hosts
file).
|| Nov 10 13:25:12 dnsmasq[25200]: started, version 2.72 cachesize
3000 || Nov 10 13:25:12 dnsmasq[25200]: compile time options: IPv6
GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP
no-conntrack ip || set auth no-DNSSEC loop-detect || Nov 10
13:25:12 dnsmasq[25200]: reading /opt/dnsmasq/conf/resolv.conf ||
Nov 10 13:25:12 dnsmasq[25200]: using nameserver 160.XXX.XXX.2#53
|| Nov 10 13:25:12 dnsmasq[25200]: read /etc/hosts - 8 addresses
|| Nov 10 13:25:20 dnsmasq[25200]: query[A] itavm0002.muc from
127.0.0.1 || Nov 10 13:25:20 dnsmasq[25200]: /etc/hosts
query[A] itavm0002.muc from 127.0.0.1 || Nov 10 13:25:24
dnsmasq[25200]: /etc/hosts itavm0002.muc is 10.XXX.XXX.102 || Nov
10 13:25:26 dnsmasq[25200]: query[A] itavm0002.muc from 127.0.0.1
|| Nov 10 13:25:26 dnsmasq[25200]: /etc/hosts itavm0002.muc is
10.XXX.XXX.102
Now I start to query the CNAME record by "dig itavm0002test", that
|| Nov 10 13:25:30 dnsmasq[25200]: query[A] itavm0002test.muc from
127.0.0.1 || Nov 10 13:25:30 dnsmasq[25200]: forwarded
itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:25:30
dnsmasq[25200]: reply itavm0002test.muc is <CNAME> || Nov 10
13:25:30 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102 ||
Nov 10 13:25:32 dnsmasq[25200]: query[A] itavm0002test.muc from
127.0.0.1 || Nov 10 13:25:32 dnsmasq[25200]: forwarded
itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:25:32
dnsmasq[25200]: reply itavm0002test.muc is <CNAME> || Nov 10
13:25:32 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102 ||
Nov 10 13:25:36 dnsmasq[25200]: query[A] itavm0002test.muc from
127.0.0.1 || Nov 10 13:25:36 dnsmasq[25200]: forwarded
itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:25:36
dnsmasq[25200]: reply itavm0002test.muc is <CNAME> || Nov 10
13:25:36 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102 ||
Nov 10 13:25:38 dnsmasq[25200]: query[A] itavm0002test.muc from
127.0.0.1 || Nov 10 13:25:38 dnsmasq[25200]: forwarded
itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:25:38
dnsmasq[25200]: reply itavm0002test.muc is <CNAME> || Nov 10
13:25:38 dnsmasq[25200]: reply itavm0002.muc is 10.XXX.XXX.102
-> No caching is performed.
|| Nov 10 13:36:20 dnsmasq[26071]: started, version 2.72 cachesize
3000 || Nov 10 13:36:20 dnsmasq[26071]: compile time options: IPv6
GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP
no-conntrack ip || set auth no-DNSSEC loop-detect || Nov 10
13:36:20 dnsmasq[26071]: reading /opt/dnsmasq/conf/resolv.conf ||
Nov 10 13:36:20 dnsmasq[26071]: using nameserver 160.XXX.XXX.2#53
|| Nov 10 13:36:20 dnsmasq[26071]: cleared cache
Now we ask even our own hostname (and FQDN) from the upstream DNS
Server, and since we don't use hosts, the first query gets
|| Nov 10 13:36:26 dnsmasq[26071]: query[A] itavm0002.muc from
127.0.0.1 || Nov 10 13:36:26 dnsmasq[26071]: forwarded
reply itavm0002.muc is 10.XXX.XXX.102 || Nov 10 13:36:29
dnsmasq[26071]: query[A] itavm0002.muc from 127.0.0.1 || Nov 10
13:36:29 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102 ||
Nov 10 13:36:35 dnsmasq[26071]: query[A] itavm0002.muc from
127.0.0.1 || Nov 10 13:36:35 dnsmasq[26071]: cached itavm0002.muc
is 10.XXX.XXX.102
Now we ask the CNAME present in the DNS, and the first is returned
|| Nov 10 13:36:39 dnsmasq[26071]: query[A] itavm0002test.muc from
127.0.0.1 || Nov 10 13:36:39 dnsmasq[26071]: forwarded
itavm0002test.muc to 160.XXX.XXX.2 || Nov 10 13:36:39
dnsmasq[26071]: reply itavm0002test.muc is <CNAME> || Nov 10
13:36:39 dnsmasq[26071]: reply itavm0002.muc is 10.XXX.XXX.102 ||
Nov 10 13:36:41 dnsmasq[26071]: query[A] itavm0002test.muc from
127.0.0.1 || Nov 10 13:36:41 dnsmasq[26071]: cached
cached itavm0002.muc is 10.XXX.XXX.102 || Nov 10 13:36:42
dnsmasq[26071]: query[A] itavm0002test.muc from 127.0.0.1 || Nov 10
13:36:42 dnsmasq[26071]: cached itavm0002test.muc is <CNAME> || Nov
10 13:36:42 dnsmasq[26071]: cached itavm0002.muc is 10.XXX.XXX.102
This however has the problem, that the addresses "localhost" & co.
are not resolved properly, since the resolv.conf is only using
127.0.0.1 as the namesever, and this address is not resolvable by
the DNS System.
|| Nov 10 13:40:32 dnsmasq[26071]: query[A] localhost from
127.0.0.1 || Nov 10 13:40:32 dnsmasq[26071]: forwarded localhost
to 160.XXX.XXX.2 || Nov 10 13:40:32 dnsmasq[26071]: reply localhost
is NXDOMAIN
|| Nov 10 13:52:19 dnsmasq[26907]: query[A] localhost from
127.0.0.1 || Nov 10 13:52:19 dnsmasq[26907]: /etc/hosts localhost
is 127.0.0.1 || Nov 10 13:52:19 dnsmasq[26907]: query[AAAA]
/etc/hosts localhost is ::1
An ugly workaroung would be of course to create a customized hosts
file, where one would get rid of the entries of the host, and only
keep localhost&co, and provide that with addn-hosts, but I'd not
consider that...
I have tested with the latest 2.72.
Could you / someone please confirm and explain this behavior? It
this designed to behave like this or is this a bug?
Thanks in advance,
Regards, Janos Mattyasovszky
Simon Kelley
2014-12-21 21:30:48 UTC
Permalink
Try the dnsmasq git repo, and specifically this commit, which should
fix things.


Cheers,

Simon.


http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cbc652423403e3cef00e00240f6beef713142246
Post by J***@bmw.de
Post by Simon Kelley
A fix would be to notice that the value of the local and upstream
A records are the same. That would fix this case, but need new
code in dnsmasq.
Will this "feature" be implemented in upcoming versions?
The background is, that in /etc/hosts we (I presume others as
well)
have to include each host's IP Address, but there are regular cases,
where some services are not using additional service IP's (bad
practice, I know), but have a CNAME pointing to the VM's hostname. The
IP of a VM is constant during its lifetime, but the CNAME-s pointing
to this hostname can and will change over time, and starting to
maintain something else in the hosts file is a quantum leap backwards,
if one is already having a good DNS system...
Post by J***@bmw.de
The other problem is if I'd to the workaround by adding the cnames
to the config file is that I don't know at the time I start dnsmasq
what CNAME-s are defined, that might point to the VM's hostname...
Post by J***@bmw.de
Regards, Janos
Hi,
Post by Simon Kelley
A fix would be to notice that the value of the local and
upstream A records are the same. That would fix this case, but
need new code in dnsmasq.
Will this "feature" be implemented in upcoming versions?
The background is, that in /etc/hosts we (I presume others as
well) have to include each host's IP Address, but there are regular
cases, where some services are not using additional service IP's
(bad practice, I know), but have a CNAME pointing to the VM's
hostname. The IP of a VM is constant during its lifetime, but the
CNAME-s pointing to this hostname can and will change over time,
and starting to maintain something else in the hosts file is a
quantum leap backwards, if one is already having a good DNS
system...
The other problem is if I'd to the workaround by adding the cnames
to the config file is that I don't know at the time I start dnsmasq
what CNAME-s are defined, that might point to the VM's hostname...
Regards, Janos
J***@bmw.de
2015-01-02 09:43:17 UTC
Permalink
Hi,

Happy new year at the very beginning!

I derived a patch against the git tag v2.72 for that particular commit and built my own 2.72 with the patch on top, and it works as we expected it:

First try with nothing cached:
Jan 2 10:35:32 dnsmasq[8021]: query[A] itavm0002test.muc from 127.0.0.1
Jan 2 10:35:32 dnsmasq[8021]: forwarded itavm0002test.muc to 160.XXX.XXX.2
Jan 2 10:35:32 dnsmasq[8021]: reply itavm0002test.muc is <CNAME>
Jan 2 10:35:32 dnsmasq[8021]: reply itavm0002.muc is 10.XXX.XXX.102

Second try:
Jan 2 10:35:38 dnsmasq[8021]: query[A] itavm0002test.muc from 127.0.0.1
Jan 2 10:35:38 dnsmasq[8021]: cached itavm0002test.muc is <CNAME>
Jan 2 10:35:38 dnsmasq[8021]: /etc/hosts itavm0002.muc is 10.XXX.XXX.102

This is also confirmed by tcpduming DNS traffic, and on the second try there is no query sent to the upstream DNS server.

Many thanks!

Cheers,
Janos
--
BMW Group
Janos Mattyasovszky
Linux Solutions
FG-941 Unix/Linux Server Infrastructure

Postanschrift:
Bremer Strasse 6
80788 München

Tel: +49-89-382-13280
Mail: ***@bmw.de
Web: http://www.bmwgroup.com/
--------------------------------------------------------------------
Bayerische Motoren Werke Aktiengesellschaft
Board of Management: Norbert Reithofer, Chairman,
Milagros Caiña Carreiro-Andree, Klaus Draeger,
Friedrich Eichiner, Klaus Fröhlich, Harald Krüger,
Ian Robertson, Peter Schwarzenbauer.
Chairman of Supervisory Board: Joachim Milberg
Registered in Germany: München HRB 42243
--------------------------------------------------------------------

-----Original Message-----
From: Simon Kelley [mailto:***@thekelleys.org.uk]
Sent: Sonntag, 21. Dezember 2014 22:31
To: Mattyasovszky Janos, FG-941; dnsmasq-***@thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] No cache for CNAME records that point to the host's address

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Try the dnsmasq git repo, and specifically this commit, which should
fix things.


Cheers,

Simon.


http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cbc652423403e3cef00e00240f6beef713142246
Loading...