search

lixingcong / dnsmasq-regex

dnsmasq with regex match module(libpcre v8.45, the older version)
66 stars 15 forks source link

DNS query through TCP gets REFUSED #2

Closed warking closed 4 years ago

warking commented 4 years ago

dnsmasq.conf snippet:

server=/:.keyword.:/1.1.1.1

dig a.keyword.com

OK

dig a.keyword.com +tcp

gets REFUSED query response.

lixingcong commented 4 years ago

Cannot re-produce.

Please check your DNS upstream server if got TCP RESET by firewall.

My step:

make and install

git clone https://github.com/lixingcong/dnsmasq-regex
cd dnsmasq-regex
bash ./update_submodule.sh
make

edit the config file

vi /tmp/test.conf

# Content below
port=30000
server=/:.*google.*:/1.1.1.1

run dnsmasq without daemon

./dnsmasq/src/dnsmasq -d -C /tmp/test.conf

dig with UDP and TCP ok

$ dig @127.0.0.1 -p30000 www.google.com

; <<>> DiG 9.11.3-1ubuntu1.10-Ubuntu <<>> @127.0.0.1 -p30000 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58197
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         299     IN      A       172.217.163.228

;; Query time: 80 msec
;; SERVER: 127.0.0.1#30000(127.0.0.1)
;; WHEN: Sun Dec 08 10:39:16 CST 2019
;; MSG SIZE  rcvd: 59

$ dig @127.0.0.1 -p30000 www.google.com +tcp

; <<>> DiG 9.11.3-1ubuntu1.10-Ubuntu <<>> @127.0.0.1 -p30000 www.google.com +tcp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4627
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         597     IN      A       172.217.163.228

;; Query time: 0 msec
;; SERVER: 127.0.0.1#30000(127.0.0.1)
;; WHEN: Sun Dec 08 10:39:19 CST 2019
;; MSG SIZE  rcvd: 59
lixingcong commented 4 years ago

Please provide your tcpdump result. If your TCP DNS query got RESET, a [R.] flag would show.

tcpdump -i any host 1.1.1.1 and port 53
warking commented 4 years ago

I believe that your second tcp dns query was from dnsmasq cache directly since you tried udp query first with the exact same domain name.

Usually, tcp dns query should take longer than udp.

My experiment shows that any tcp dns queries DO NOT match the regex get responses. It doesn't work only if the domain name matches the regex. That's why I opened the issue.

On Sun, Dec 8, 2019, 10:56 Lixingcong notifications@github.com wrote:

Please provide your tcpdump result. If your TCP DNS query got RESET, a [R.] flag would shown.

tcpdump -i any host 1.1.1.1 and port 53

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/lixingcong/dnsmasq-regex/issues/2?email_source=notifications&email_token=AAA7V42OAIBQPCVANNNHPC3QXRO6FA5CNFSM4JXOXYO2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGGUSVA#issuecomment-562907476, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA7V4ZOJM3ERYU3W22MDGLQXRO6FANCNFSM4JXOXYOQ .

lixingcong commented 4 years ago

Yes, you are right. It's a bug.

I checked and confirmed that TCP queries DO NOT match the regex rules.

lixingcong commented 4 years ago

Thanks for your feedback and fixed via db08d19dfec923bae7a1436fc844ca6ae9d493a7