Ubuntu
dnsmasq package

Malformed query causing timeouts due to ignored upstream queries

Bug #1543185 reported by Paul Gotch
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dnsmasq (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

In some situations dnsmasq makes malformed upstream queries resulting in servfail being returned after the 5s timeout built in to dnsmask.

For example asking for

foo

with athing.bar.com and bar.com in the search path and two servers dns1.bar.com and dns1.bar.com results in

System asks both dns1 and dns2 about:
               foo.athing.bar.com => immediate NXDomain from both;
asks dns1 about:
              foo. => Servfail;
asks both about:
             foo. with what tcpdump transcribes as '[b2&3=0x182] A? => no response from either [5 sec timeout];
retries:
             simple "A? foo." query to both, immediate Servfail from both

The query giving the time out appear to be malformed and the upstream servers are completely ignoring it leading to the time out.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: dnsmasq-base 2.68-1ubuntu0.1
ProcVersionSignature: Ubuntu 3.13.0-77.121-generic 3.13.11-ckt32
Uname: Linux 3.13.0-77-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
CurrentDesktop: XFCE
Date: Mon Feb 8 15:38:26 2016
InstallationDate: Installed on 2014-05-07 (642 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
SourcePackage: dnsmasq
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Paul Gotch (paulg-chiark) wrote :
Revision history for this message
Peter Maydell (pmaydell) wrote :

This post to the dnsmasq-discuss list: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009575.html suggests that the bug has been fixed in a later version of dnsmasq and should be fairly easy to backport.

Revision history for this message
Paul Gotch (paulg-chiark) wrote :

This patch http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009575.html appears to solve the problem, cjwatson built a test package in his ppa which I used to test this.

Revision history for this message
Paul Gotch (paulg-chiark) wrote :

Actually sorry the PPA is a backport of dnsmasq 2.68 not just the above patch.

Revision history for this message
Peter Maydell (pmaydell) wrote :

Ah, it looks like Colin did just cherry pick the fix for this bug; from the backport .deb's changelog:

+dnsmasq (2.68-1ubuntu0.1ppa1) trusty; urgency=medium
+
+ * Cherry-pick from 2.73:
+ - Correctly sanitise DNS header bits in answer when recreating query for
+ retry.
+
+ -- Colin Watson <email address hidden> Mon, 08 Feb 2016 15:46:48 +0000

Joshua Powers (powersj)
Changed in dnsmasq (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for dnsmasq (Ubuntu) because there has been no activity for 60 days.]

Changed in dnsmasq (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.