2022-10-31 10:55:19 |
Maximilian Stinsky |
bug |
|
|
added bug |
2022-11-01 13:10:58 |
Lucas Kanashiro |
nominated for series |
|
Ubuntu Focal |
|
2022-11-01 13:10:58 |
Lucas Kanashiro |
bug task added |
|
dnsmasq (Ubuntu Focal) |
|
2022-11-01 13:11:06 |
Lucas Kanashiro |
dnsmasq (Ubuntu): status |
New |
Invalid |
|
2022-11-01 13:11:32 |
Lucas Kanashiro |
dnsmasq (Ubuntu): status |
Invalid |
Fix Released |
|
2022-11-01 13:13:55 |
Lucas Kanashiro |
dnsmasq (Ubuntu Focal): status |
New |
Incomplete |
|
2022-11-01 13:56:11 |
Maximilian Stinsky |
dnsmasq (Ubuntu Focal): status |
Incomplete |
New |
|
2022-11-02 10:46:21 |
Athos Ribeiro |
bug |
|
|
added subscriber Ubuntu Server |
2022-11-02 10:49:33 |
Athos Ribeiro |
dnsmasq (Ubuntu Focal): status |
New |
Triaged |
|
2022-11-02 10:50:31 |
Athos Ribeiro |
tags |
|
bitesize server-todo |
|
2022-11-09 16:26:04 |
Miriam España Acebal |
dnsmasq (Ubuntu): assignee |
|
Miriam España Acebal (mirespace) |
|
2022-11-09 16:26:06 |
Miriam España Acebal |
dnsmasq (Ubuntu Focal): assignee |
|
Miriam España Acebal (mirespace) |
|
2022-11-15 15:03:03 |
Miriam España Acebal |
description |
We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.
This is already fixed upstream with the following commit [1].
The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix.
[1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10 |
[SRU]
[ Impact ]
Sometimes dnsmasq is incorrectly converting NXDOMAIN responses from authoritative dns servers into NODATA. This prevents the name resolution for normally working records fails in third party plugins/applications, as autopath (coredns).
[ Test Plan ]
In a focal VM, before disabling systemd-resolved (https://askubuntu.com/questions/907246/how-to-disable-systemd-resolved-in-ubuntu), install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet.
#0 Enabling and checking name resolution through dnsmasq
root@F-dnsmasq:~# sudo lsof -i -P -n | grep LISTEN
sudo: unable to resolve host F-dnsmasq: Temporary failure in name resolution
sshd 221 root 3u IPv4 120681 0t0 TCP *:22 (LISTEN)
sshd 221 root 4u IPv6 120692 0t0 TCP *:22 (LISTEN)
root@F-dnsmasq:~# dnsmasq --server 8.8.8.8
root@F-dnsmasq:~# sudo lsof -i -P -n | grep LISTEN
sudo: unable to resolve host F-dnsmasq: Name or service not known
sshd 221 root 3u IPv4 120681 0t0 TCP *:22 (LISTEN)
sshd 221 root 4u IPv6 120692 0t0 TCP *:22 (LISTEN)
dnsmasq 1485 nobody 5u IPv4 183531 0t0 TCP *:53 (LISTEN)
dnsmasq 1485 nobody 7u IPv6 183533 0t0 TCP *:53 (LISTEN)
root@F-dnsmasq:~# ping www.google.com
PING [www.google.com](http://www.google.com/) (142.250.200.68) 56(84) bytes of data.
64 bytes from [mad07s24-in-f4.1e100.net](http://mad07s24-in-f4.1e100.net/) (142.250.200.68): icmp_seq=1 ttl=114 time=16.5 ms
64 bytes from [mad07s24-in-f4.1e100.net](http://mad07s24-in-f4.1e100.net/) (142.250.200.68): icmp_seq=2 ttl=114 time=19.4 ms
^C
--- [www.google.com](http://www.google.com/) ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 16.468/17.927/19.387/1.459 ms
#1 Bad case
root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
test.foo has no TXT record
test.foo has no SRV record
#2 Good case
#2.1 Installing new package
root@F-dnsmasq:~# l *.deb
dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb dnsmasq_2.80-1.1ubuntu1.6_all.deb
root@F-dnsmasq:~# dpkg -i *.deb
(Reading database ... 32079 files and directories currently installed.)
Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Selecting previously unselected package dnsmasq-utils.
Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
Job for dnsmasq.service failed because the control process exited with error code.
See "systemctl status dnsmasq.service" and "journalctl -xe" for details.
invoke-rc.d: initscript dnsmasq, action "start" failed.
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2022-11-15 11:42:49 UTC; 8ms ago
Process: 1641 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Process: 1642 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=2)
Nov 15 11:42:49 F-dnsmasq systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Nov 15 11:42:49 F-dnsmasq dnsmasq[1641]: dnsmasq: syntax check OK.
Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: dnsmasq: failed to create listening socket for port 53: Address already in use
Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: failed to create listening socket for port 53: Address already in use
Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: FAILED to start up
Nov 15 11:42:49 F-dnsmasq systemd[1]: dnsmasq.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Nov 15 11:42:49 F-dnsmasq systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Nov 15 11:42:49 F-dnsmasq systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.18) ...
Errors were encountered while processing:
dnsmasq-base-lua_2.80-1.1ubuntu1.6_amd64.deb
root@F-dnsmasq:~# dpkg -l | grep dnsmasq
ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases
#2.2 Testing OK (after killing previous dnsmasq)
root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
test.foo has no SRV record
test.foo has no TXT record
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
test.foo has no TXT record
test.foo has no SRV record
root@F-dnsmasq:~# ps -ef | grep dnsmasq
nobody 1485 1 0 11:33 ? 00:00:00 dnsmasq --server 8.8.8.8
root 1863 390 0 11:44 pts/1 00:00:00 grep --color=auto dnsmasq
root@F-dnsmasq:~# pkill dnsmasq
root@F-dnsmasq:~# dnsmasq --server 8.8.8.8
root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
[ Where problems could occur ]
It correctly changes the program's behaviour in this kind of situation, so users that didn't recognize this as an error can see an increment in their dns cached records, so, in the end, it's not a problem.
[ Other Info ]
The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067
[Original Report]
---------------------------------------------------
We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.
This is already fixed upstream with the following commit [1].
The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix.
[1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10 |
|
2022-11-16 13:14:28 |
Miriam España Acebal |
dnsmasq (Ubuntu Focal): status |
Triaged |
In Progress |
|
2022-11-17 19:12:42 |
Sergio Durigan Junior |
merge proposal linked |
|
https://code.launchpad.net/~mirespace/ubuntu/+source/dnsmasq/+git/dnsmasq/+merge/433106 |
|
2022-11-18 12:48:53 |
Miriam España Acebal |
description |
[SRU]
[ Impact ]
Sometimes dnsmasq is incorrectly converting NXDOMAIN responses from authoritative dns servers into NODATA. This prevents the name resolution for normally working records fails in third party plugins/applications, as autopath (coredns).
[ Test Plan ]
In a focal VM, before disabling systemd-resolved (https://askubuntu.com/questions/907246/how-to-disable-systemd-resolved-in-ubuntu), install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet.
#0 Enabling and checking name resolution through dnsmasq
root@F-dnsmasq:~# sudo lsof -i -P -n | grep LISTEN
sudo: unable to resolve host F-dnsmasq: Temporary failure in name resolution
sshd 221 root 3u IPv4 120681 0t0 TCP *:22 (LISTEN)
sshd 221 root 4u IPv6 120692 0t0 TCP *:22 (LISTEN)
root@F-dnsmasq:~# dnsmasq --server 8.8.8.8
root@F-dnsmasq:~# sudo lsof -i -P -n | grep LISTEN
sudo: unable to resolve host F-dnsmasq: Name or service not known
sshd 221 root 3u IPv4 120681 0t0 TCP *:22 (LISTEN)
sshd 221 root 4u IPv6 120692 0t0 TCP *:22 (LISTEN)
dnsmasq 1485 nobody 5u IPv4 183531 0t0 TCP *:53 (LISTEN)
dnsmasq 1485 nobody 7u IPv6 183533 0t0 TCP *:53 (LISTEN)
root@F-dnsmasq:~# ping www.google.com
PING [www.google.com](http://www.google.com/) (142.250.200.68) 56(84) bytes of data.
64 bytes from [mad07s24-in-f4.1e100.net](http://mad07s24-in-f4.1e100.net/) (142.250.200.68): icmp_seq=1 ttl=114 time=16.5 ms
64 bytes from [mad07s24-in-f4.1e100.net](http://mad07s24-in-f4.1e100.net/) (142.250.200.68): icmp_seq=2 ttl=114 time=19.4 ms
^C
--- [www.google.com](http://www.google.com/) ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 16.468/17.927/19.387/1.459 ms
#1 Bad case
root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
test.foo has no TXT record
test.foo has no SRV record
#2 Good case
#2.1 Installing new package
root@F-dnsmasq:~# l *.deb
dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb dnsmasq_2.80-1.1ubuntu1.6_all.deb
root@F-dnsmasq:~# dpkg -i *.deb
(Reading database ... 32079 files and directories currently installed.)
Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Selecting previously unselected package dnsmasq-utils.
Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
Job for dnsmasq.service failed because the control process exited with error code.
See "systemctl status dnsmasq.service" and "journalctl -xe" for details.
invoke-rc.d: initscript dnsmasq, action "start" failed.
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2022-11-15 11:42:49 UTC; 8ms ago
Process: 1641 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Process: 1642 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=2)
Nov 15 11:42:49 F-dnsmasq systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Nov 15 11:42:49 F-dnsmasq dnsmasq[1641]: dnsmasq: syntax check OK.
Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: dnsmasq: failed to create listening socket for port 53: Address already in use
Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: failed to create listening socket for port 53: Address already in use
Nov 15 11:42:49 F-dnsmasq dnsmasq[1642]: FAILED to start up
Nov 15 11:42:49 F-dnsmasq systemd[1]: dnsmasq.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Nov 15 11:42:49 F-dnsmasq systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Nov 15 11:42:49 F-dnsmasq systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.18) ...
Errors were encountered while processing:
dnsmasq-base-lua_2.80-1.1ubuntu1.6_amd64.deb
root@F-dnsmasq:~# dpkg -l | grep dnsmasq
ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases
#2.2 Testing OK (after killing previous dnsmasq)
root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
test.foo has no SRV record
test.foo has no TXT record
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
test.foo has no TXT record
test.foo has no SRV record
root@F-dnsmasq:~# ps -ef | grep dnsmasq
nobody 1485 1 0 11:33 ? 00:00:00 dnsmasq --server 8.8.8.8
root 1863 390 0 11:44 pts/1 00:00:00 grep --color=auto dnsmasq
root@F-dnsmasq:~# pkill dnsmasq
root@F-dnsmasq:~# dnsmasq --server 8.8.8.8
root@F-dnsmasq:~# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
[ Where problems could occur ]
It correctly changes the program's behaviour in this kind of situation, so users that didn't recognize this as an error can see an increment in their dns cached records, so, in the end, it's not a problem.
[ Other Info ]
The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067
[Original Report]
---------------------------------------------------
We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.
This is already fixed upstream with the following commit [1].
The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix.
[1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10 |
[SRU]
[ Impact ]
Sometimes dnsmasq is incorrectly is returning NODATA instead of NXDOMAIN. This can lead to erroneous actions by clients who need to determine whether a domain name exists or not.
[ Test Plan ]
In a focal VM, install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet.
#0 Disabling systemd-resolved service and enabling resolution through dnsmasq.
# systemctl disable --now systemd-resolved.service
# rm -f /etc/resolv.conf
# cat > /etc/resolv.conf << __EOF__
nameserver 8.8.8.8
__EOF__
# systemctl start dnsmasq.service
#1 Bad case
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
test.foo has no TXT record
test.foo has no SRV record
#2 Good case
#2.1 Installing new package
# ls -1 *.deb
dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq_2.80-1.1ubuntu1.6_all.deb
# dpkg -i *.deb
(Reading database ... 32073 files and directories currently installed.)
Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Selecting previously unselected package dnsmasq-utils.
Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.18) ...
# dpkg -l | grep dnsmasq
ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases
#2.2 Testing OK
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
[ Where problems could occur ]
It correctly changes the program's behaviour in this kind of situation, so users that didn't recognize this as an error can see an increment in their dns cached records, so, in the end, it's not a problem.
[ Other Info ]
The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067
[Original Report]
---------------------------------------------------
We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.
This is already fixed upstream with the following commit [1].
The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix.
[1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10 |
|
2022-11-23 17:31:41 |
Miriam España Acebal |
description |
[SRU]
[ Impact ]
Sometimes dnsmasq is incorrectly is returning NODATA instead of NXDOMAIN. This can lead to erroneous actions by clients who need to determine whether a domain name exists or not.
[ Test Plan ]
In a focal VM, install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet.
#0 Disabling systemd-resolved service and enabling resolution through dnsmasq.
# systemctl disable --now systemd-resolved.service
# rm -f /etc/resolv.conf
# cat > /etc/resolv.conf << __EOF__
nameserver 8.8.8.8
__EOF__
# systemctl start dnsmasq.service
#1 Bad case
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
test.foo has no TXT record
test.foo has no SRV record
#2 Good case
#2.1 Installing new package
# ls -1 *.deb
dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq_2.80-1.1ubuntu1.6_all.deb
# dpkg -i *.deb
(Reading database ... 32073 files and directories currently installed.)
Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Selecting previously unselected package dnsmasq-utils.
Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.18) ...
# dpkg -l | grep dnsmasq
ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases
#2.2 Testing OK
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
[ Where problems could occur ]
It correctly changes the program's behaviour in this kind of situation, so users that didn't recognize this as an error can see an increment in their dns cached records, so, in the end, it's not a problem.
[ Other Info ]
The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067
[Original Report]
---------------------------------------------------
We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.
This is already fixed upstream with the following commit [1].
The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix.
[1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10 |
[SRU]
[ Impact ]
Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN. This can lead to erroneous actions by clients who need to determine whether a domain name exists or not.
[ Test Plan ]
In a focal VM, install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet.
#0 Disabling systemd-resolved service and enabling resolution through dnsmasq.
# systemctl disable --now systemd-resolved.service
# rm -f /etc/resolv.conf
# cat > /etc/resolv.conf << __EOF__
nameserver 8.8.8.8
__EOF__
# systemctl start dnsmasq.service
#1 Bad case
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
test.foo has no TXT record
test.foo has no SRV record
#2 Good case
#2.1 Installing new package
# ls -1 *.deb
dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq_2.80-1.1ubuntu1.6_all.deb
# dpkg -i *.deb
(Reading database ... 32073 files and directories currently installed.)
Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Selecting previously unselected package dnsmasq-utils.
Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.18) ...
# dpkg -l | grep dnsmasq
ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases
#2.2 Testing OK
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
[ Where problems could occur ]
It changes the program's behaviour by classifying as NXDOMAIN what used to be NODATA in some situations, so if a user had a workaround for this (in the form of a script or other kind of automatization) it will probably start to malfunction.
The last rebuilding of the package for Focal was in May, so if any new dependencies or libs have been upgraded on this Ubuntu series this can impact the new rebuild.
[ Other Info ]
The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067
[Original Report]
---------------------------------------------------
We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.
This is already fixed upstream with the following commit [1].
The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix.
[1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10 |
|
2022-11-24 20:05:42 |
Andreas Hasenack |
description |
[SRU]
[ Impact ]
Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN. This can lead to erroneous actions by clients who need to determine whether a domain name exists or not.
[ Test Plan ]
In a focal VM, install dnsmasq (apt install dnsmasq-base) if it wasn't installed yet.
#0 Disabling systemd-resolved service and enabling resolution through dnsmasq.
# systemctl disable --now systemd-resolved.service
# rm -f /etc/resolv.conf
# cat > /etc/resolv.conf << __EOF__
nameserver 8.8.8.8
__EOF__
# systemctl start dnsmasq.service
#1 Bad case
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
test.foo has no TXT record
test.foo has no SRV record
#2 Good case
#2.1 Installing new package
# ls -1 *.deb
dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq_2.80-1.1ubuntu1.6_all.deb
# dpkg -i *.deb
(Reading database ... 32073 files and directories currently installed.)
Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Selecting previously unselected package dnsmasq-utils.
Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.18) ...
# dpkg -l | grep dnsmasq
ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases
#2.2 Testing OK
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
[ Where problems could occur ]
It changes the program's behaviour by classifying as NXDOMAIN what used to be NODATA in some situations, so if a user had a workaround for this (in the form of a script or other kind of automatization) it will probably start to malfunction.
The last rebuilding of the package for Focal was in May, so if any new dependencies or libs have been upgraded on this Ubuntu series this can impact the new rebuild.
[ Other Info ]
The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067
[Original Report]
---------------------------------------------------
We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.
This is already fixed upstream with the following commit [1].
The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix.
[1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10 |
[SRU]
[ Impact ]
Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN. This can lead to erroneous actions by clients who need to determine whether a domain name exists or not.
[ Test Plan ]
In a focal VM, install dnsmasq (apt install dnsmasq) if it wasn't installed yet.
#0 Disabling systemd-resolved service and enabling resolution through dnsmasq.
# systemctl disable --now systemd-resolved.service
# rm -f /etc/resolv.conf
# cat > /etc/resolv.conf << __EOF__
nameserver 8.8.8.8
__EOF__
# systemctl start dnsmasq.service
#1 Bad case
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
Host test.foo. not found: 3(NXDOMAIN)
test.foo has no A record
test.foo has no TXT record
test.foo has no SRV record
#2 Good case
#2.1 Installing new package
# ls -1 *.deb
dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
dnsmasq_2.80-1.1ubuntu1.6_all.deb
# dpkg -i *.deb
(Reading database ... 32073 files and directories currently installed.)
Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Selecting previously unselected package dnsmasq-utils.
Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.18) ...
# dpkg -l | grep dnsmasq
ii dnsmasq 2.80-1.1ubuntu1.6 all Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-base 2.80-1.1ubuntu1.6 amd64 Small caching DNS proxy and DHCP/TFTP server
ii dnsmasq-utils 2.80-1.1ubuntu1.6 amd64 Utilities for manipulating DHCP leases
#2.2 Testing OK
# for i in srv txt aaaa a aaaa a txt srv; do host -t $i test.foo. 127.0.0.1 | tail -n 1; done
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
Host test.foo. not found: 3(NXDOMAIN)
[ Where problems could occur ]
It changes the program's behaviour by classifying as NXDOMAIN what used to be NODATA in some situations, so if a user had a workaround for this (in the form of a script or other kind of automatization) it will probably start to malfunction.
The last rebuilding of the package for Focal was in May, so if any new dependencies or libs have been upgraded on this Ubuntu series this can impact the new rebuild.
[ Other Info ]
The patch is applied upstream and originated from a bug filed on Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067
[Original Report]
---------------------------------------------------
We upgraded our openstack containers which host dnsmasq services from bionic to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.
This is already fixed upstream with the following commit [1].
The Ubuntu dnsmasq 2.80 package should get a backport with a release for the focal packages which includes this bug fix.
[1] https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10 |
|
2022-11-25 12:52:17 |
Andreas Hasenack |
dnsmasq (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
2022-11-25 12:52:19 |
Andreas Hasenack |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2022-11-25 12:52:21 |
Andreas Hasenack |
bug |
|
|
added subscriber SRU Verification |
2022-11-25 12:52:25 |
Andreas Hasenack |
tags |
bitesize server-todo |
bitesize server-todo verification-needed verification-needed-focal |
|
2022-11-25 17:49:06 |
Maximilian Stinsky |
tags |
bitesize server-todo verification-needed verification-needed-focal |
bitesize server-todo verification-done-focal verification-needed |
|
2022-12-05 10:32:55 |
Launchpad Janitor |
dnsmasq (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2022-12-05 10:32:58 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|