[Dnsmasq-discuss] Connection: REFUSED when attempting lookup.

Paul Randle paul_randle at scs4it.com
Sun Oct 16 19:59:02 BST 2005



> Hi,
> 
> 
> 
> I'm new to dnsmasq and am in the initial stages of trying to set-up
> the following scenario:
> 
> 
> 
> RH 9 with 2xNIC, 1^st IP 10.x.y.212(eth0), 2^nd IP 10.x.y.213(eth1)
> 
> 
> 
> BIND is set-up as a cacheing-only NS bound to 127.0.0.1 only
> (named.conf has listen-on {127.0.0.1;}; in the options section) all
> recursive look-ups are made through 10.x.y.213
> 
> 
> 
> Dnsmasq.conf:
> 
> points to dnsmasq.resolv (containing nameserver 127.0.0.1),
> 
> except-interface=lo,
> 
> listen-address=10.x.y.212,
> 
> no-dhcp-interface=eth0
> 
> bind-interfaces (uncommented).
> 
> 
> 
> Lookups performed locally on the machine resolve names fine, when I 
> attempt the same look-ups from a second machine set with the NS to be
>  10.x.y.212, I receive the message 'connection: REFUSED'
> 
> 
> 
> Ps shows both named and dnsmasq started (confirmed in
> /var/log/messages)
> 
> 
> 
> Netstat -a shows:
> 
> 
> 
> Proto    recv-Q   send-Q  local Address                foreign
> Address State
> 
> 
> 
> tcp        0          0          10.x.y.212:domain         *:*
>  LISTEN
> 
> tcp        0          0          localhost:domain            *:*
>  LISTEN
> 
> udp       0          0          10.x.y.212:domain         *:*
> 
> udp       0          0          localhost:domain            *:*
> 
> 
> 
> Would anyone be able to tell me why in this scenario, when it would 
> appear that dnsmasq is listening correctly, that the connection would
> be refused?
> 
> 
> 

>The first thing to realise is that there's two different REFUSED error 
>conditions that might be happening here, there's ICMP connection 
>refused, which normally happens when trying to connect to a port which 
>has nothing listening on it or is filewalled. You seem to be working on 
>the principle that's the problem, but I think it might not be. There's 
>also a return code in the DNS protocol of REFUSED, meaning the DNS 
>server has got the query, and is refusing to answer it. I think that's 
>what you are seeing.
>
>The only circumstance in which dnsmasq will generate a REFUSED reply is 
>when it has no upstream server available to forward a query to, but it's 
>worth bearing in mind that if dnsmasq _does_ forward the a query, then 
>the upstream nameserver could also return a REFUSED reply, and dnsmasq 
>would send that back to the original requester.
>
>The next thing to do is to look in your log files, dnsmasq logs stuff 
>about it's configuration  at startup, and if you add "log-queries" to 
>/etc/dnsmasq.conf it will also log information about queries as it 
>forwards them. That information should have some clues about what's 
>going on.
>
>
>(Also try running "netstat -ap" as root, that will tell you which of 
>dnsmasq and bind is listening on those ports.)
>
>HTH
>Simon.

Thanks for the info Simon,

I have set-up logging and in sylog.conf put *.debug to a separate file
however when performing a ping to a name (result: could not find host) or an
nslookup to a name (result: no response from server) from a separate machine
I get no entries being added.

Netstat -ap shows the PID of dnsmasq associated with the 10.x.y.212 (both
tcp and udp) entries and PID for named associated with localhost entries.

So it would appear that dnsmasq is either:
 
a). Not responding - I take it that the log would be showing if the query
were received? And that it would show that it refused the connection?
 
Or
 
b). Not receiving the query at all.

Thanks,
Paul.





More information about the Dnsmasq-discuss mailing list