[Dnsmasq-discuss] "random" problem with name resolution

Stefano Bridi stefano.bridi at gmail.com
Fri Jul 24 09:54:10 BST 2009 

Hi all, first of all thanks for the wonderful tool!
I have a problem with the dns part of dnsmasq: sometimes does not
resolve hostnames.
The machine on which dnsmasq run is a Debian Lenny firewall between
lan,dmz,internet and some other private network with some openVPN
tunnel on board... version of dnsmasq is 2.45-1

The firewall itself is configured to resolve the name asking to
dnsmasq. (127.0.0.1)

The dnsmasq.conf is:
###########################################
no-resolv
server=/ctn.mydomain.tld/CTN.MYDOMAIN.TLD DNS SERVER
server=ISP DNS 1
server=ISP DNS 2
server=ISP DNS 3
no-dhcp-interface=eth2
no-dhcp-interface=eth3
no-hosts
addn-hosts=/etc/hosts.dnsmasq
expand-hosts
domain=mydomain.tld
dhcp-range=..........
dhcp-host=.............
dhcp-host=.............
dhcp-host=.............
dhcp-host=.............
dhcp-option=3,0.0.0.0
dhcp-option=42,0.0.0.0
dhcp-option=44,LAN WINS SERVER
dhcp-authoritative
cache-size=4096
no-negcache
log-queries
log-async
query-port=0
###########################################
where "CTN.MYDOMAIN.TLD DNS SERVER" "ISP DNS *" "LAN WINS SERVER" are
the correct value.
Usually all works fine but sometimes the dnsmasq doesn't resolve some
hostname and in the logs I find:
...
Jul 20 13:33:14 fw00 dnsmasq[15606]: query[A] pmi.mydomain.tld from 10.x.x.249
Jul 20 13:33:14 fw00 dnsmasq[15606]: forwarded pmi.mydomain.tld to ISP DNS 1
Jul 20 13:33:14 fw00 dnsmasq[15606]: forwarded pmi.mydomain.tld to ISP DNS 2
Jul 20 13:33:14 fw00 dnsmasq[15606]: forwarded pmi.mydomain.tld to ISP DNS 3
Jul 20 13:33:14 fw00 dnsmasq[15606]: reply pmi.mydomain.tld is <CNAME>
...
while some seconds (in this case minutes) after It works.
...
Jul 20 13:35:07 fw00 dnsmasq[15606]: query[A] pmi.mydomain.tld from 10.x.x.249
Jul 20 13:35:07 fw00 dnsmasq[15606]: forwarded pmi.mydomain.tld to ISP DNS 1
Jul 20 13:35:07 fw00 dnsmasq[15606]: reply pmi.mydomain.tld is <CNAME>
Jul 20 13:35:07 fw00 dnsmasq[15606]: reply web002.mydomain.tld is x.x.x.228
...

Obviously the network connection is always on and there are no other
known problem.

The problem seems to manifest only with hostname with
domain=mydomain.tld or other domain hosted on the same public dns
server. Checking with dig the server that before had problems I see
something like this:

# dig pmi.mydomain.tld

; <<>> DiG 9.5.1-P2 <<>> pmi.mydomain.tld
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16903
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;pmi.mydomain.tld.              IN      A

;; ANSWER SECTION:
pmi.mydomain.tld.       3600    IN      CNAME   web002.mydomain.tld.
web002.mydomain.tld.    86400   IN      A       x.x.x.228

;; AUTHORITY SECTION:
mydomain.tld.           8400    IN      NS      ns00.mydomain.tld.
mydomain.tld.           8400    IN      NS      ns02.mydomain.tld.

;; ADDITIONAL SECTION:
ns00.mydomain.tld.      86400   IN      A       x.x.x.4
ns02.mydomain.tld.      8400    IN      A       y.y.y.148

;; Query time: 24 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul 24 10:21:39 2009
;; MSG SIZE  rcvd: 141

Where SERVER: 127.0.0.1#53(127.0.0.1) is the dnsmasq

Could be a problem the different TTL ?

any idea?

thanks
stef

P.S.:
At the moment I'm trying to "patch" with dnsmasq that ask to a
dedicated pdnsd that act as a recursive dns cache server. In the
eventuality that this sandwich setup solve the problem... In your
opinion can I gain other advantage/problem?

More information about the Dnsmasq-discuss mailing list