Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-16398

dnsmasq: bind-dynamic allows second instance of dnsmasq binding same ip and same udp port which cause disruption in service specifically dbus.

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.2.0
    • dnsmasq
    • None
    • Moderate
    • sst_cs_infra_services
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • None

      This issue is reproducible on RH-7.x, RH-8.x and RH-9.x

      By default dnsmasq allow only a single instance to bind tcp/udp port 53 to single instance but with bind-dynamic it allows more and more.

      Note: in RH-9 you have to disable bind-interface in dnsmasq.conf.

      Reprocer steps:

      *** Without bind-dynamic ***

      [root@192 ~]# grep bind /etc/dnsmasq.d/a.conf 
      #bind-dynamic
      [root@192 ~]
      [root@192 ~]# systemctl restart dnsmasq
      [root@192 ~]
      [root@192 ~]# ps -ef | grep dnsmasq
      dnsmasq     2782       1  0 07:51 ?        00:00:00 /usr/sbin/dnsmasq
      root        2784    2515  0 07:51 pts/1    00:00:00 grep --color=auto dnsmasq
      [root@192 ~]

      1. netstat -neopa | grep dnsmasq | grep -w udp
        udp        0      0 127.0.0.1:53            0.0.0.0:*                           0          29667      2834/dnsmasq         off (0.00/0/0)

      [root@192 ~]# dnsmasq -help

      dnsmasq: failed to create listening socket for port 53: Address already in use
      [root@192 ~]

       

      *** with bind-dynamic ***

      You can have multiple different services binding the same ip and the same port.

      This causes disruption for clients. Like in the case of openshift 3.x (rh-7) where some changes (related to openshift internal domain) are pushed via D-BUS.  SDN pushes changes via dbus to X service but when traffic comes to Y service, it doesn't understand that and forwards the traffic to the forwarder causing internal dns resolution failure.

      [root@192 ~]# dnsmasq -help
      [root@192 ~]
      [root@192 ~]# ps -ef | grep dnsmasq
      dnsmasq     2834       1  0 07:53 ?        00:00:00 /usr/sbin/dnsmasq
      dnsmasq     2847       1  0 07:54 ?        00:00:00 dnsmasq -help
      root        2849    2515  0 07:54 pts/1    00:00:00 grep --color=auto dnsmasq
      [root@192 ~]
      [root@192 ~]# netstat -neopa | grep dnsmasq | grep -w udp
      udp        0      0 127.0.0.1:53            0.0.0.0:*                           0          29832      2847/dnsmasq         off (0.00/0/0)
      udp        0      0 127.0.0.1:53            0.0.0.0:*                           0          29667      2834/dnsmasq         off (0.00/0/0)
      [root@192 ~]
      [root@192 ~]# dnsmasq -help
      [root@192 ~]
      [root@192 ~]# netstat -neopa | grep dnsmasq | grep -w udp
      udp        0      0 127.0.0.1:53            0.0.0.0:*                           0          29925      2855/dnsmasq         off (0.00/0/0)
      udp        0      0 127.0.0.1:53            0.0.0.0:*                           0          29832      2847/dnsmasq         off (0.00/0/0)
      udp        0      0 127.0.0.1:53            0.0.0.0:*                           0          29667      2834/dnsmasq         off (0.00/0/0)
      [root@192 ~]
      [root@192 ~]# dnsmasq -help
      [root@192 ~]
      [root@192 ~]# netstat -neopa | grep dnsmasq | grep -w udp
      udp        0      0 127.0.0.1:53            0.0.0.0:*                           0          30000      2861/dnsmasq         off (0.00/0/0)
      udp        0      0 127.0.0.1:53            0.0.0.0:*                           0          29925      2855/dnsmasq         off (0.00/0/0)
      udp        0      0 127.0.0.1:53            0.0.0.0:*                           0          29832      2847/dnsmasq         off (0.00/0/0)
      udp        0      0 127.0.0.1:53            0.0.0.0:*                           0          29667      2834/dnsmasq         off (0.00/0/0)
      [root@192 ~]

       

       

            pemensik@redhat.com Petr Mensik
            rhn-support-rupatel Rupesh Patel
            Petr Mensik Petr Mensik
            rhel-cs-infra-services-qe rhel-cs-infra-services-qe rhel-cs-infra-services-qe rhel-cs-infra-services-qe
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: