[Bug 1785383] Re: missing EDNS0 record confuses systemd-resolved

Paride Legovini 1785383 at bugs.launchpad.net
Wed Oct 6 13:34:33 UTC 2021 

The MP got reviewed and the dnsmasq upload is currently waiting in the
Bionic unapproved queue.

Being a format 1.0 package the diff [1] looks huge at first glance, but
the real changes are actually very limited (those in the MP).

[1]
https://launchpadlibrarian.net/560828569/dnsmasq_2.79-1ubuntu0.5.diff.gz

** Merge proposal linked:
   https://code.launchpad.net/~paride/ubuntu/+source/dnsmasq/+git/dnsmasq/+merge/409149

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1785383

Title:
  missing EDNS0 record confuses systemd-resolved

Status in systemd:
  Fix Released
Status in dnsmasq package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in dnsmasq source package in Bionic:
  In Progress
Status in systemd source package in Bionic:
  Fix Released
Status in dnsmasq source package in Focal:
  Fix Released
Status in systemd source package in Focal:
  Fix Released
Status in dnsmasq source package in Groovy:
  Fix Released
Status in systemd source package in Groovy:
  Fix Released
Status in dnsmasq source package in Hirsute:
  Fix Released
Status in systemd source package in Hirsute:
  Fix Released
Status in dnsmasq source package in Impish:
  Fix Released
Status in systemd source package in Impish:
  Fix Released

Bug description:
  [Impact]

  dnsmasq 2.79 and below omits EDNS0 OPT records [1] when returning an
  empty answer for a domain it is authoritative for. systemd-resolved
  seems to get confused by this in certain circumstances; when using the
  stub resolver and requesting an address for which there are no AAAA
  records, there can sometimes be a five second hang in resolution.

  [1] https://en.wikipedia.org/wiki/Extension_Mechanisms_for_DNS

  [Test Plan]

  Test case for bionic:

  -----------------------------------------
  IFACE=dummy0
  SUBNET=10.0.0

  ip link add $IFACE type dummy
  ifconfig $IFACE ${SUBNET}.1/24
  dnsmasq -h -R -d -C /dev/null -2 $IFACE -z -i $IFACE -I lo --host-record=test.test,${SUBNET}.1 --server=/test/ &

  dig -t a test.test @10.0.0.1 | grep EDNS
  # returns "; EDNS ..."
  dig -t aaaa test.test @10.0.0.1 | grep EDNS
  # again, should return "; EDNS ..." but doesn't.
  # does so with the -proposed package.
  -----------------------------------------

  [Where problems could occur]

  Problems may occur in case a client queries dnsmasq and relies on
  EDNS0 not being available for behaving correctly. This covers cases
  where the software querying dnsmasq is buggy or misconfigured.

  [Development Fix]

  Fixed upstream in dnsmasq >= 2.80.

  [Stable Fix]

  Partial cherry-pick of upstream commit
  http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1682d15a744880b0398af75eadf68fe66128af78

  The cherry-pick is partial because half if it is already in the
  package .diff we have in Bionic.

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1785383/+subscriptions

More information about the foundations-bugs mailing list