Todo #8411
closed
dnsmasq configuration needs changes for 2.79
0%
Description
Looks like host overrides might need some adjustments with dnsmasq 2.79. It is not in builds yet but once master switches to the new quarterly branch it will be there.
From the Change Log
Always return a SERVFAIL answer to DNS queries without the
recursion desired bit set, UNLESS acting as an authoritative
DNS server. This avoids a potential route to cache snooping.
And from FreeBSD-ports UPDATING:
20180319:
AFFECTS: users of dns/dnsmasq
AUTHOR: mandree@FreeBSD.orgNote that with dnsmasq 2.79, some parts of the interface have changed in an
incompatible way versus previous versions. This comprises changed recursion
behaviour, signature support, a change for SIGINT (vs. SIGHUP) behaviour.Note especially that dnsmasq will no longer answer non-recursive queries
unless it is marked authoritative! Be sure to see the manual page for the
various --auth-* options, such as --auth-zone.Please see the CHANGELOG that ships with dnsmasq for details.
Updated by Jim Pingle almost 6 years ago
- Status changed from New to Feedback
Existing behavior in the DNS Forwarder all appears to function as expected. Could use some additional confirmation but I don't think there is anything that needs adjusting based on how this is used in pfSense in a recursive resolver mode, even with host overrides.
Updated by Anonymous almost 6 years ago
On 2.4.4.a.20180705.0032 the host override resolves successfully, but the domain override does not.
Updated by Jim Pingle almost 6 years ago
I can't replicate any problem here. Domain overrides work on the latest snapshot, no changes made. Queries are forwarded to the specified upstream server and the client receives the response.
Updated by Jim Pingle almost 6 years ago
- Status changed from Feedback to Resolved
Confirmed working now.