Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix --synth-domain NXDOMAIN responses.

Browse Source 
By design, dnsmasq forwards queries for RR-types it has no data
on, even if it has data for the same domain and other RR-types.

This can lead to an inconsitent view of the DNS when an upstream
server returns NXDOMAIN for an RR-type and domain but the same domain
but a different RR-type gets an answer from dnsmasq. To avoid this,
dnsmasq converts NXDOMAIN answer from upstream to NODATA answers if
it would answer a query for the domain and a different RR-type.

An oversight missed out --synth-domain from the code to do this, so
--synth-domain=thekelleys.org.uk,192.168.0.0/24
would result in the correct answer to an A query for
192-168.0.1.thekelleys.org.uk and an AAAA query for the same domain
would be forwarded upstream and the resulting NXDOMAIN reply
returned.

After the fix, the reply gets converted to NODATA.

Thanks to Matt Wong for spotting the bug.
This commit is contained in:
Simon Kelley
2023-12-03 17:48:56 +00:00
parent f1beb79429
commit 63ba726e1f
2 changed files with 18 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/rfc1035.c
View File

@@ -1213,6 +1213,10 @@ int check_for_local_domain(char *name, time_t now)
if (cache_find_non_terminal(name, now))
return 1;
if (is_name_synthetic(F_IPV4, name, NULL) ||
is_name_synthetic(F_IPV6, name, NULL))
return 1;
return 0;
}