[Dnsmasq-discuss] "random" problem with name resolution
Stefano Bridi
stefano.bridi at gmail.com
Fri Jul 24 09:54:10 BST 2009
Hi all, first of all thanks for the wonderful tool!
I have a problem with the dns part of dnsmasq: sometimes does not
resolve hostnames.
The machine on which dnsmasq run is a Debian Lenny firewall between
lan,dmz,internet and some other private network with some openVPN
tunnel on board... version of dnsmasq is 2.45-1
The firewall itself is configured to resolve the name asking to
dnsmasq. (127.0.0.1)
The dnsmasq.conf is:
###########################################
no-resolv
server=/ctn.mydomain.tld/CTN.MYDOMAIN.TLD DNS SERVER
server=ISP DNS 1
server=ISP DNS 2
server=ISP DNS 3
no-dhcp-interface=eth2
no-dhcp-interface=eth3
no-hosts
addn-hosts=/etc/hosts.dnsmasq
expand-hosts
domain=mydomain.tld
dhcp-range=..........
dhcp-host=.............
dhcp-host=.............
dhcp-host=.............
dhcp-host=.............
dhcp-option=3,0.0.0.0
dhcp-option=42,0.0.0.0
dhcp-option=44,LAN WINS SERVER
dhcp-authoritative
cache-size=4096
no-negcache
log-queries
log-async
query-port=0
###########################################
where "CTN.MYDOMAIN.TLD DNS SERVER" "ISP DNS *" "LAN WINS SERVER" are
the correct value.
Usually all works fine but sometimes the dnsmasq doesn't resolve some
hostname and in the logs I find:
...
Jul 20 13:33:14 fw00 dnsmasq[15606]: query[A] pmi.mydomain.tld from 10.x.x.249
Jul 20 13:33:14 fw00 dnsmasq[15606]: forwarded pmi.mydomain.tld to ISP DNS 1
Jul 20 13:33:14 fw00 dnsmasq[15606]: forwarded pmi.mydomain.tld to ISP DNS 2
Jul 20 13:33:14 fw00 dnsmasq[15606]: forwarded pmi.mydomain.tld to ISP DNS 3
Jul 20 13:33:14 fw00 dnsmasq[15606]: reply pmi.mydomain.tld is <CNAME>
...
while some seconds (in this case minutes) after It works.
...
Jul 20 13:35:07 fw00 dnsmasq[15606]: query[A] pmi.mydomain.tld from 10.x.x.249
Jul 20 13:35:07 fw00 dnsmasq[15606]: forwarded pmi.mydomain.tld to ISP DNS 1
Jul 20 13:35:07 fw00 dnsmasq[15606]: reply pmi.mydomain.tld is <CNAME>
Jul 20 13:35:07 fw00 dnsmasq[15606]: reply web002.mydomain.tld is x.x.x.228
...
Obviously the network connection is always on and there are no other
known problem.
The problem seems to manifest only with hostname with
domain=mydomain.tld or other domain hosted on the same public dns
server. Checking with dig the server that before had problems I see
something like this:
# dig pmi.mydomain.tld
; <<>> DiG 9.5.1-P2 <<>> pmi.mydomain.tld
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16903
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;pmi.mydomain.tld. IN A
;; ANSWER SECTION:
pmi.mydomain.tld. 3600 IN CNAME web002.mydomain.tld.
web002.mydomain.tld. 86400 IN A x.x.x.228
;; AUTHORITY SECTION:
mydomain.tld. 8400 IN NS ns00.mydomain.tld.
mydomain.tld. 8400 IN NS ns02.mydomain.tld.
;; ADDITIONAL SECTION:
ns00.mydomain.tld. 86400 IN A x.x.x.4
ns02.mydomain.tld. 8400 IN A y.y.y.148
;; Query time: 24 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul 24 10:21:39 2009
;; MSG SIZE rcvd: 141
Where SERVER: 127.0.0.1#53(127.0.0.1) is the dnsmasq
Could be a problem the different TTL ?
any idea?
thanks
stef
P.S.:
At the moment I'm trying to "patch" with dnsmasq that ask to a
dedicated pdnsd that act as a recursive dns cache server. In the
eventuality that this sandwich setup solve the problem... In your
opinion can I gain other advantage/problem?
More information about the Dnsmasq-discuss
mailing list