Project

General

Profile

Actions
Copy link

Bug #13655

closed

DNS Forwarder (``dnsmasq``) is using an invalid combination of options when "Query DNS servers sequentially" is enabled

Added by Flole Systems about 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
DNS Forwarder
Target version:
2.7.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

dnsmasq is always getting the --all-servers option added in https://github.com/pfsense/pfsense/blob/29e534800a56f21bd00061fbef7b2357a5962384/src/etc/inc/services.inc#L2636. That causes a weird case when --strict-order is enabled, so --all-servers should be put into an `else` in https://github.com/pfsense/pfsense/blob/29e534800a56f21bd00061fbef7b2357a5962384/src/etc/inc/services.inc#L2617 or be turned into a separate option.

Currently we tell dnsmasq to query all servers simulteanously but also in strict order, so we give it two contradicting config options. It is weird that dnsmasq allows this, but we shouldn't do it. Effectively the code seems to give --all-servers precedence over --strict-order, so it queries all servers at the same time even though I enabled strict order mode in pfSense, breaking that feature.

The relevant code piece in dnsmasq is in
https://github.com/imp/dnsmasq/blob/770bce967cfc9967273d0acfb3ea018fb7b17522/src/forward.c#L333

Actions
Copy link

Also available in: Atom PDF