Activity log for bug #1995260

Date Who What changed Old value New value Message
2022-10-31 10:55:19 Maximilian Stinsky bug added bug
2022-11-01 13:10:58 Lucas Kanashiro nominated for series Ubuntu Focal
2022-11-01 13:10:58 Lucas Kanashiro bug task added dnsmasq (Ubuntu Focal)
2022-11-01 13:11:06 Lucas Kanashiro dnsmasq (Ubuntu): status New Invalid
2022-11-01 13:11:32 Lucas Kanashiro dnsmasq (Ubuntu): status Invalid Fix Released
2022-11-01 13:13:55 Lucas Kanashiro dnsmasq (Ubuntu Focal): status New Incomplete
2022-11-01 13:56:11 Maximilian Stinsky dnsmasq (Ubuntu Focal): status Incomplete New
2022-11-02 10:46:21 Athos Ribeiro bug added subscriber Ubuntu Server
2022-11-02 10:49:33 Athos Ribeiro dnsmasq (Ubuntu Focal): status New Triaged
2022-11-02 10:50:31 Athos Ribeiro tags bitesize server-todo
2022-11-09 16:26:04 Miriam España Acebal dnsmasq (Ubuntu): assignee Miriam España Acebal (mirespace)
2022-11-09 16:26:06 Miriam España Acebal dnsmasq (Ubuntu Focal): assignee Miriam España Acebal (mirespace)
2022-11-15 15:03:03 Miriam España Acebal description We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN. This is already fixed upstream with the following commit [1]. The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix. [1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10 [SRU] [ Impact ] Sometimes dnsmasq is incorrectly converting NXDOMAIN responses from authoritative dns servers into NODATA. This prevents the name resolution for normally working records fails in third party plugins/applications, as autopath (coredns). [ Test Plan ] In a focal VM, before disabling systemd-resolved (https://askubuntu.com/questions/907246/how-to-disable-systemd-resolved-in-ubuntu), install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet. #0 Enabling and checking name resolution through dnsmasq root@F-dnsmasq:~# sudo lsof -i -P -n | grep LISTEN sudo: unable to resolve host F-dnsmasq: Temporary failure in name resolution sshd 221 root 3u IPv4 120681 0t0 TCP *:22 (LISTEN) sshd 221 root 4u IPv6 120692 0t0 TCP *:22 (LISTEN) root@F-dnsmasq:~# dnsmasq --server 8.8.8.8 root@F-dnsmasq:~# sudo lsof -i -P -n | grep LISTEN sudo: unable to resolve host F-dnsmasq: Name or service not known sshd 221 root 3u IPv4 120681 0t0 TCP *:22 (LISTEN) sshd 221 root 4u IPv6 120692 0t0 TCP *:22 (LISTEN) dnsmasq 1485 nobody 5u IPv4 183531 0t0 TCP *:53 (LISTEN) dnsmasq 1485 nobody 7u IPv6 183533 0t0 TCP *:53 (LISTEN) root@F-dnsmasq:~# ping www.google.com PING [www.google.com](http://www.google.com/) (142.250.200.68) 56(84) bytes of data. 64 bytes from [mad07s24-in-f4.1e100.net](http://mad07s24-in-f4.1e100.net/) (142.250.200.68): icmp_seq=1 ttl=114 time=16.5 ms 64 bytes from [mad07s24-in-f4.1e100.net](http://mad07s24-in-f4.1e100.net/) (142.250.200.68): icmp_seq=2 ttl=114 time=19.4 ms ^C --- [www.google.com](http://www.google.com/) ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 16.468/17.927/19.387/1.459 ms #1 Bad case root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record test.foo has no TXT record test.foo has no SRV record #2 Good case #2.1 Installing new package root@F-dnsmasq:~# l *.deb dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb dnsmasq_2.80-1.1ubuntu1.6_all.deb root@F-dnsmasq:~# dpkg -i *.deb (Reading database ... 32079 files and directories currently installed.) Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Selecting previously unselected package dnsmasq-utils. Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ... Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ... Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ... Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ... Setting up dnsmasq (2.80-1.1ubuntu1.6) ... Job for dnsmasq.service failed because the control process exited with error code. See "systemctl status dnsmasq.service" and "journalctl -xe" for details. invoke-rc.d: initscript dnsmasq, action "start" failed. ● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2022-11-15 11:42:49 UTC; 8ms ago Process: 1641 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS) Process: 1642 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=2) Nov 15 11:42:49 F-dnsmasq systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server... Nov 15 11:42:49 F-dnsmasq dnsmasq[1641]: dnsmasq: syntax check OK. Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: dnsmasq: failed to create listening socket for port 53: Address already in use Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: failed to create listening socket for port 53: Address already in use Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: FAILED to start up Nov 15 11:42:49 F-dnsmasq systemd[1]: dnsmasq.service: Control process exited, code=exited, status=2/INVALIDARGUMENT Nov 15 11:42:49 F-dnsmasq systemd[1]: dnsmasq.service: Failed with result 'exit-code'. Nov 15 11:42:49 F-dnsmasq systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server. Processing triggers for dbus (1.12.16-2ubuntu2.3) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for systemd (245.4-4ubuntu3.18) ... Errors were encountered while processing: dnsmasq-base-lua_2.80-1.1ubuntu1.6_amd64.deb root@F-dnsmasq:~# dpkg -l | grep dnsmasq ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases #2.2 Testing OK (after killing previous dnsmasq) root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done test.foo has no SRV record test.foo has no TXT record Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record test.foo has no TXT record test.foo has no SRV record root@F-dnsmasq:~# ps -ef | grep dnsmasq nobody 1485 1 0 11:33 ? 00:00:00 dnsmasq --server 8.8.8.8 root 1863 390 0 11:44 pts/1 00:00:00 grep --color=auto dnsmasq root@F-dnsmasq:~# pkill dnsmasq root@F-dnsmasq:~# dnsmasq --server 8.8.8.8 root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) [ Where problems could occur ] It correctly changes the program's behaviour in this kind of situation, so users that didn't recognize this as an error can see an increment in their dns cached records, so, in the end, it's not a problem. [ Other Info ] The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067 [Original Report] --------------------------------------------------- We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN. This is already fixed upstream with the following commit [1]. The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix. [1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10
2022-11-16 13:14:28 Miriam España Acebal dnsmasq (Ubuntu Focal): status Triaged In Progress
2022-11-17 19:12:42 Sergio Durigan Junior merge proposal linked https://code.launchpad.net/~mirespace/ubuntu/+source/dnsmasq/+git/dnsmasq/+merge/433106
2022-11-18 12:48:53 Miriam España Acebal description [SRU] [ Impact ] Sometimes dnsmasq is incorrectly converting NXDOMAIN responses from authoritative dns servers into NODATA. This prevents the name resolution for normally working records fails in third party plugins/applications, as autopath (coredns). [ Test Plan ] In a focal VM, before disabling systemd-resolved (https://askubuntu.com/questions/907246/how-to-disable-systemd-resolved-in-ubuntu), install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet. #0 Enabling and checking name resolution through dnsmasq root@F-dnsmasq:~# sudo lsof -i -P -n | grep LISTEN sudo: unable to resolve host F-dnsmasq: Temporary failure in name resolution sshd 221 root 3u IPv4 120681 0t0 TCP *:22 (LISTEN) sshd 221 root 4u IPv6 120692 0t0 TCP *:22 (LISTEN) root@F-dnsmasq:~# dnsmasq --server 8.8.8.8 root@F-dnsmasq:~# sudo lsof -i -P -n | grep LISTEN sudo: unable to resolve host F-dnsmasq: Name or service not known sshd 221 root 3u IPv4 120681 0t0 TCP *:22 (LISTEN) sshd 221 root 4u IPv6 120692 0t0 TCP *:22 (LISTEN) dnsmasq 1485 nobody 5u IPv4 183531 0t0 TCP *:53 (LISTEN) dnsmasq 1485 nobody 7u IPv6 183533 0t0 TCP *:53 (LISTEN) root@F-dnsmasq:~# ping www.google.com PING [www.google.com](http://www.google.com/) (142.250.200.68) 56(84) bytes of data. 64 bytes from [mad07s24-in-f4.1e100.net](http://mad07s24-in-f4.1e100.net/) (142.250.200.68): icmp_seq=1 ttl=114 time=16.5 ms 64 bytes from [mad07s24-in-f4.1e100.net](http://mad07s24-in-f4.1e100.net/) (142.250.200.68): icmp_seq=2 ttl=114 time=19.4 ms ^C --- [www.google.com](http://www.google.com/) ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 16.468/17.927/19.387/1.459 ms #1 Bad case root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record test.foo has no TXT record test.foo has no SRV record #2 Good case #2.1 Installing new package root@F-dnsmasq:~# l *.deb dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb dnsmasq_2.80-1.1ubuntu1.6_all.deb root@F-dnsmasq:~# dpkg -i *.deb (Reading database ... 32079 files and directories currently installed.) Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Selecting previously unselected package dnsmasq-utils. Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ... Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ... Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ... Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ... Setting up dnsmasq (2.80-1.1ubuntu1.6) ... Job for dnsmasq.service failed because the control process exited with error code. See "systemctl status dnsmasq.service" and "journalctl -xe" for details. invoke-rc.d: initscript dnsmasq, action "start" failed. ● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2022-11-15 11:42:49 UTC; 8ms ago Process: 1641 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS) Process: 1642 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=2) Nov 15 11:42:49 F-dnsmasq systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server... Nov 15 11:42:49 F-dnsmasq dnsmasq[1641]: dnsmasq: syntax check OK. Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: dnsmasq: failed to create listening socket for port 53: Address already in use Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: failed to create listening socket for port 53: Address already in use Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: FAILED to start up Nov 15 11:42:49 F-dnsmasq systemd[1]: dnsmasq.service: Control process exited, code=exited, status=2/INVALIDARGUMENT Nov 15 11:42:49 F-dnsmasq systemd[1]: dnsmasq.service: Failed with result 'exit-code'. Nov 15 11:42:49 F-dnsmasq systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server. Processing triggers for dbus (1.12.16-2ubuntu2.3) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for systemd (245.4-4ubuntu3.18) ... Errors were encountered while processing: dnsmasq-base-lua_2.80-1.1ubuntu1.6_amd64.deb root@F-dnsmasq:~# dpkg -l | grep dnsmasq ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases #2.2 Testing OK (after killing previous dnsmasq) root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done test.foo has no SRV record test.foo has no TXT record Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record test.foo has no TXT record test.foo has no SRV record root@F-dnsmasq:~# ps -ef | grep dnsmasq nobody 1485 1 0 11:33 ? 00:00:00 dnsmasq --server 8.8.8.8 root 1863 390 0 11:44 pts/1 00:00:00 grep --color=auto dnsmasq root@F-dnsmasq:~# pkill dnsmasq root@F-dnsmasq:~# dnsmasq --server 8.8.8.8 root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) [ Where problems could occur ] It correctly changes the program's behaviour in this kind of situation, so users that didn't recognize this as an error can see an increment in their dns cached records, so, in the end, it's not a problem. [ Other Info ] The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067 [Original Report] --------------------------------------------------- We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN. This is already fixed upstream with the following commit [1]. The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix. [1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10 [SRU] [ Impact ] Sometimes dnsmasq is incorrectly is returning NODATA instead of NXDOMAIN. This can lead to erroneous actions by clients who need to determine whether a domain name exists or not. [ Test Plan ] In a focal VM, install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet. #0 Disabling systemd-resolved service and enabling resolution through dnsmasq. # systemctl disable --now systemd-resolved.service # rm -f /etc/resolv.conf # cat > /etc/resolv.conf << __EOF__ nameserver 8.8.8.8 __EOF__ # systemctl start dnsmasq.service #1 Bad case # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record test.foo has no TXT record test.foo has no SRV record #2 Good case #2.1 Installing new package # ls -1 *.deb dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb dnsmasq_2.80-1.1ubuntu1.6_all.deb # dpkg -i *.deb (Reading database ... 32073 files and directories currently installed.) Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Selecting previously unselected package dnsmasq-utils. Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ... Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ... Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ... Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ... Setting up dnsmasq (2.80-1.1ubuntu1.6) ... Processing triggers for dbus (1.12.16-2ubuntu2.3) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for systemd (245.4-4ubuntu3.18) ... # dpkg -l | grep dnsmasq ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases #2.2 Testing OK # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) [ Where problems could occur ] It correctly changes the program's behaviour in this kind of situation, so users that didn't recognize this as an error can see an increment in their dns cached records, so, in the end, it's not a problem. [ Other Info ] The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067 [Original Report] --------------------------------------------------- We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN. This is already fixed upstream with the following commit [1]. The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix. [1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10
2022-11-23 17:31:41 Miriam España Acebal description [SRU] [ Impact ] Sometimes dnsmasq is incorrectly is returning NODATA instead of NXDOMAIN. This can lead to erroneous actions by clients who need to determine whether a domain name exists or not. [ Test Plan ] In a focal VM, install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet. #0 Disabling systemd-resolved service and enabling resolution through dnsmasq. # systemctl disable --now systemd-resolved.service # rm -f /etc/resolv.conf # cat > /etc/resolv.conf << __EOF__ nameserver 8.8.8.8 __EOF__ # systemctl start dnsmasq.service #1 Bad case # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record test.foo has no TXT record test.foo has no SRV record #2 Good case #2.1 Installing new package # ls -1 *.deb dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb dnsmasq_2.80-1.1ubuntu1.6_all.deb # dpkg -i *.deb (Reading database ... 32073 files and directories currently installed.) Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Selecting previously unselected package dnsmasq-utils. Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ... Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ... Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ... Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ... Setting up dnsmasq (2.80-1.1ubuntu1.6) ... Processing triggers for dbus (1.12.16-2ubuntu2.3) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for systemd (245.4-4ubuntu3.18) ... # dpkg -l | grep dnsmasq ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases #2.2 Testing OK # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) [ Where problems could occur ] It correctly changes the program's behaviour in this kind of situation, so users that didn't recognize this as an error can see an increment in their dns cached records, so, in the end, it's not a problem. [ Other Info ] The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067 [Original Report] --------------------------------------------------- We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN. This is already fixed upstream with the following commit [1]. The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix. [1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10 [SRU] [ Impact ] Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN. This can lead to erroneous actions by clients who need to determine whether a domain name exists or not. [ Test Plan ] In a focal VM, install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet. #0 Disabling systemd-resolved service and enabling resolution through dnsmasq. # systemctl disable --now systemd-resolved.service # rm -f /etc/resolv.conf # cat > /etc/resolv.conf << __EOF__ nameserver 8.8.8.8 __EOF__ # systemctl start dnsmasq.service #1 Bad case # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record test.foo has no TXT record test.foo has no SRV record #2 Good case #2.1 Installing new package # ls -1 *.deb dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb dnsmasq_2.80-1.1ubuntu1.6_all.deb # dpkg -i *.deb (Reading database ... 32073 files and directories currently installed.) Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Selecting previously unselected package dnsmasq-utils. Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ... Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ... Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ... Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ... Setting up dnsmasq (2.80-1.1ubuntu1.6) ... Processing triggers for dbus (1.12.16-2ubuntu2.3) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for systemd (245.4-4ubuntu3.18) ... # dpkg -l | grep dnsmasq ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases #2.2 Testing OK # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) [ Where problems could occur ] It changes the program's behaviour by classifying as NXDOMAIN what used to be NODATA in some situations, so if a user had a workaround for this (in the form of a script or other kind of automatization) it will probably start to malfunction. The last rebuilding of the package for Focal was in May, so if any new dependencies or libs have been upgraded on this Ubuntu series this can impact the new rebuild. [ Other Info ] The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067 [Original Report] --------------------------------------------------- We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN. This is already fixed upstream with the following commit [1]. The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix. [1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10
2022-11-24 20:05:42 Andreas Hasenack description [SRU] [ Impact ] Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN. This can lead to erroneous actions by clients who need to determine whether a domain name exists or not. [ Test Plan ] In a focal VM, install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet. #0 Disabling systemd-resolved service and enabling resolution through dnsmasq. # systemctl disable --now systemd-resolved.service # rm -f /etc/resolv.conf # cat > /etc/resolv.conf << __EOF__ nameserver 8.8.8.8 __EOF__ # systemctl start dnsmasq.service #1 Bad case # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record test.foo has no TXT record test.foo has no SRV record #2 Good case #2.1 Installing new package # ls -1 *.deb dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb dnsmasq_2.80-1.1ubuntu1.6_all.deb # dpkg -i *.deb (Reading database ... 32073 files and directories currently installed.) Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Selecting previously unselected package dnsmasq-utils. Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ... Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ... Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ... Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ... Setting up dnsmasq (2.80-1.1ubuntu1.6) ... Processing triggers for dbus (1.12.16-2ubuntu2.3) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for systemd (245.4-4ubuntu3.18) ... # dpkg -l | grep dnsmasq ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases #2.2 Testing OK # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) [ Where problems could occur ] It changes the program's behaviour by classifying as NXDOMAIN what used to be NODATA in some situations, so if a user had a workaround for this (in the form of a script or other kind of automatization) it will probably start to malfunction. The last rebuilding of the package for Focal was in May, so if any new dependencies or libs have been upgraded on this Ubuntu series this can impact the new rebuild. [ Other Info ] The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067 [Original Report] --------------------------------------------------- We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN. This is already fixed upstream with the following commit [1]. The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix. [1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10 [SRU] [ Impact ] Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN. This can lead to erroneous actions by clients who need to determine whether a domain name exists or not. [ Test Plan ] In a focal VM, install dnsmasq (apt install dnsmasq) if it wasn't installed yet. #0 Disabling systemd-resolved service and enabling resolution through dnsmasq. # systemctl disable --now systemd-resolved.service # rm -f /etc/resolv.conf # cat > /etc/resolv.conf << __EOF__ nameserver 8.8.8.8 __EOF__ # systemctl start dnsmasq.service #1 Bad case # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record Host test.foo. not found: 3(NXDOMAIN) test.foo has no A record test.foo has no TXT record test.foo has no SRV record #2 Good case #2.1 Installing new package # ls -1 *.deb dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb dnsmasq_2.80-1.1ubuntu1.6_all.deb # dpkg -i *.deb (Reading database ... 32073 files and directories currently installed.) Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Selecting previously unselected package dnsmasq-utils. Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ... Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ... Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ... Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ... Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ... Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ... Setting up dnsmasq (2.80-1.1ubuntu1.6) ... Processing triggers for dbus (1.12.16-2ubuntu2.3) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for systemd (245.4-4ubuntu3.18) ... # dpkg -l | grep dnsmasq ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases #2.2 Testing OK # for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) Host test.foo. not found: 3(NXDOMAIN) [ Where problems could occur ] It changes the program's behaviour by classifying as NXDOMAIN what used to be NODATA in some situations, so if a user had a workaround for this (in the form of a script or other kind of automatization) it will probably start to malfunction. The last rebuilding of the package for Focal was in May, so if any new dependencies or libs have been upgraded on this Ubuntu series this can impact the new rebuild. [ Other Info ] The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067 [Original Report] --------------------------------------------------- We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN. This is already fixed upstream with the following commit [1]. The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix. [1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10
2022-11-25 12:52:17 Andreas Hasenack dnsmasq (Ubuntu Focal): status In Progress Fix Committed
2022-11-25 12:52:19 Andreas Hasenack bug added subscriber Ubuntu Stable Release Updates Team
2022-11-25 12:52:21 Andreas Hasenack bug added subscriber SRU Verification
2022-11-25 12:52:25 Andreas Hasenack tags bitesize server-todo bitesize server-todo verification-needed verification-needed-focal
2022-11-25 17:49:06 Maximilian Stinsky tags bitesize server-todo verification-needed verification-needed-focal bitesize server-todo verification-done-focal verification-needed
2022-12-05 10:32:55 Launchpad Janitor dnsmasq (Ubuntu Focal): status Fix Committed Fix Released
2022-12-05 10:32:58 Łukasz Zemczak removed subscriber Ubuntu Stable Release Updates Team