[Dnsmasq-discuss] AAAA requests: long delay or SERVFAIL

martin f krafft madduck at madduck.net
Tue Dec 16 21:32:47 GMT 2014 

Hey,

I am using dnsmasq from libvirt, like so:

  dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
    --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper

The configuration file is included below. Basically, this is a DHCP
server and DNS forwarder, but I've also configured it to turn DHCP
leases into DNS records, using the --domain keyword.

This works splendidly and OMG did I rejoice to see how wonderfully
easy this was to set up and just get it working.

However, there's an issue relating to nonexistent RRs for the hosts
configured by DHCP, as exemplified by a call to /usr/bin/host:

  % host red.virt
  red.virt has address 192.168.122.60
  Host red.virt not found: 2(SERVFAIL)
  Host red.virt not found: 2(SERVFAIL)

This is because host queries the DNS server for A, AAAA, and MX all
at once.

It's obvious that dnsmasq does not know about AAAA or MX for the
host in this setup. However, why is it returning SERVFAIL?

Moreover, this is not consistently the case. At other times, I get
timeouts when asking for these RRs:

  % dig @192.168.122.1 aaaa green.virt

*** 5–10 seconds later ***

  ; <<>> DiG 9.9.5-7-Debian <<>> @192.168.122.1 aaaa green.virt
  ; (1 server found)
  ;; global options: +cmd
  ;; connection timed out; no servers could be reached

Am I doing something wrong?

I thought that the correct behaviour for a DNS server when asked
about a record it does not have is to respond with NOERROR,
AUTHORITY:1 and ANSWER:0.

==> /var/lib/libvirt/dnsmasq/default.conf:
  strict-order
  domain=virt
  expand-hosts
  pid-file=/var/run/libvirt/network/default.pid
  except-interface=lo
  bind-dynamic
  interface=virbr0
  dhcp-range=192.168.122.2,192.168.122.254
  dhcp-no-override
  dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
  dhcp-lease-max=253
  dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
  addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts

-- 
@martinkrafft | http://madduck.net/ | http://two.sentenc.es/
 
"when in doubt, parenthesize. at the very least it will let some
 poor schmuck bounce on the % key in vi."
                                                         -- larry wall
 
spamtraps: madduck.bogus at madduck.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: digital_signature_gpg.asc
Type: application/pgp-signature
Size: 1107 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20141216/61d6dfcc/attachment.sig>

More information about the Dnsmasq-discuss mailing list