[OpenWrt-Devel] dnsmasq strip out the ANswers from the DNS reply.
Hans Dedecker
dedeckeh at gmail.com
Fri Oct 31 04:51:01 EDT 2014
You're hitting the rebind protection filter; see
http://en.wikipedia.org/wiki/DNS_rebinding
Either disable rebind_protection or change the IP addresses returned by
your DNS server in the wan
On Thu, Oct 30, 2014 at 9:32 PM, Kao Kevin <Kevin.Kao at technicolor.com>
wrote:
> Hi,
>
>
>
> While Running tests in an openwrt based IP gateway, we noticed a dns
> problem running openwrt in a gateway.
>
> When DNS proxy ( dnsmasq) forward the DNS reply, the Answer of section was
> extracted.
>
> Please refer to the following tests for the problem description.
>
>
>
> 192.168.42.135 ------------------------ (192.168.42.1 GATEWAY
> 10.10.200.2)------………… (1.1.1.1 DNS server)
>
> 1. The Gateway LAN interface pre-configured as 192.168.42.1. The
> Gateway LAN section is in 192.168.42.0/255.255.255.0 subnet
>
> 2. A LAN Device is assigned IP to 192.168.42.135 from the DHCP
> server in the gateway.
>
> 3. Have Gateway wan link set to network in subnet 10.10.200.xx/
> 255.255.255.0.
>
> 4. Set up a DNS Server in WAN with IP: 1.1.1.1
>
> 5. DHCP server (not in the picture) in the WAN subnet assign Gateway
> wan IP as 10.10.200.2
>
> 6. The LAN client initiates a DNS query. The query has source IP
> 192.168.42.135 and destination IP 192.268.42.1 (in lan.cap message 1)
>
> 7. The Gateway forwards the query to dns server. The forwarded query
> has the source IP 10.10.200.2 and destination 1.1.1.1 (in wan.cap msg 1)
>
> 8. DNS server 1.1.1.1 sends DNS resolution response with resolved
> dns address. The response sends to the Gateway 10.10.200.2. (in wan.cap msg
> 2)
>
> 9. The Gateway forwards the response to the client; but the
> forwarded response does not have the Answer. (in lan.cap msg 2)
>
>
>
> Please review the attached wireshark.
>
>
>
> Questions:
>
> I wonder if this problem is due to:
>
> 1. My tested openwrt is an older version; OR
>
> 2. A simple config problem
>
> 3. The worst case is a S/W problem in dnsmasq that requires code
> modification
>
>
>
> Anyone know the solution or ever see this problem, please gives us a reply.
>
>
>
> Here is the version./release information the openwrt I am using:
>
> The etc/banner file
>
> Release : 14.3
>
> Version: 14.44
>
>
>
> The /etc/openwrt_version file
>
> 12.09.1
>
>
>
> The /etc/openwrt_release file
>
> DISTRIB_REVISION="r42647"
>
>
> ISTRIB_CODENAME="attitude_adjustment"
>
> DISTRIB_TARGET="brcm63xx-arm-tch/HG1XPROTO"
>
> DISTRIB_DESCRIPTION="OpenWrt Attitude Adjustment 12.09.1"
>
>
>
> And the “uci show” related to the dnsmasq
>
> dhcp. at dnsmasq[0]=dnsmasq
>
> dhcp. at dnsmasq[0].domainneeded=1
>
> dhcp. at dnsmasq[0].filterwin2k=0
>
> dhcp. at dnsmasq[0].localise_queries=1
>
> dhcp. at dnsmasq[0].rebind_protection=1
>
> dhcp. at dnsmasq[0].rebind_localhost=1
>
> dhcp. at dnsmasq[0].local=/lan/
>
> dhcp. at dnsmasq[0].expandhosts=1
>
> dhcp. at dnsmasq[0].nonegcache=0
>
> dhcp. at dnsmasq[0].authoritative=1
>
> dhcp. at dnsmasq[0].readethers=1
>
> dhcp. at dnsmasq[0].leasefile=/tmp/dhcp.leases
>
> dhcp. at dnsmasq[0].resolvfile=/tmp/resolv.conf.auto
>
> dhcp. at dnsmasq[0].dhcpscript=/lib/dnsmasq/dhcp-event.sh
>
> dhcp. at dnsmasq[0].domain=qacafe.com
>
> dhcp. at dnsmasq[0].boguspriv=0
>
> dhcp. at dnsmasq[0].strictorder=1
>
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20141031/fcd14f5b/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list