Project

General

Profile

Actions
Copy link

Bug #13655

closed

DNS Forwarder (``dnsmasq``) is using an invalid combination of options when "Query DNS servers sequentially" is enabled

Added by Flole Systems about 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
DNS Forwarder
Target version:
2.7.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

dnsmasq is always getting the --all-servers option added in https://github.com/pfsense/pfsense/blob/29e534800a56f21bd00061fbef7b2357a5962384/src/etc/inc/services.inc#L2636. That causes a weird case when --strict-order is enabled, so --all-servers should be put into an `else` in https://github.com/pfsense/pfsense/blob/29e534800a56f21bd00061fbef7b2357a5962384/src/etc/inc/services.inc#L2617 or be turned into a separate option.

Currently we tell dnsmasq to query all servers simulteanously but also in strict order, so we give it two contradicting config options. It is weird that dnsmasq allows this, but we shouldn't do it. Effectively the code seems to give --all-servers precedence over --strict-order, so it queries all servers at the same time even though I enabled strict order mode in pfSense, breaking that feature.

The relevant code piece in dnsmasq is in
https://github.com/imp/dnsmasq/blob/770bce967cfc9967273d0acfb3ea018fb7b17522/src/forward.c#L333

Actions
Copy link
 #1

Updated by Flole Systems over 1 year ago

Just to update this: This issue is being addressed in upstream dnsmasq now in order to disallow this invalid and misleading option combination. If you don't change the way it's called, future versions of dnsmasq might simply throw an error and refuse to start when they get this invalid option combination.

Actions
Copy link
 #2

Updated by Jim Pingle over 1 year ago

  • Subject changed from dnsmasq get's weird option-combination to DNS Forwarder (``dnsmasq``) is using an invalid combination of options when "Query DNS servers sequentially" is enabled
  • Target version set to 2.7.0
  • Plus Target Version set to 23.05
Actions
Copy link
 #3

Updated by Jim Pingle over 1 year ago

  • Assignee set to Jim Pingle
Actions
Copy link
 #4

Updated by Jim Pingle over 1 year ago

  • Status changed from New to In Progress

Moving that to an else clause is ideal for now since they should be mutually exclusive.

Actions
Copy link
 #5

Updated by Jim Pingle over 1 year ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #6

Updated by Danilo Zrenjanin over 1 year ago

  • Status changed from Feedback to Resolved

Tested the patch against:

23.01-RELEASE (amd64)
built on Fri Feb 10 20:06:33 UTC 2023
FreeBSD 14.0-CURRENT

It fixes the issue. I am marking this ticket resolved.

Actions
Copy link

Also available in: Atom PDF