[Dnsmasq-discuss] dns query from localnetwork are blocked

T o n g mlist4suntong at yahoo.com
Thu Jan 1 19:16:20 GMT 2015 

Hi, 

I following the following to config dnsmasq as DHCP and DNS server
http://sfxpt.wordpress.com/2013/11/30/dnsmasq-installation-
configuration-5/

It works well till Ubuntu 13.10. However, with Ubuntu 14.10, the dns 
query from localnetwork will always timeout. The configurations are 
exactly the same, What could be the problem? 

>From within localnetwork:

~~~
$ dig google.ca

; <<>> DiG 9.9.5-4.3-Ubuntu <<>> google.ca
;; global options: +cmd
;; connection timed out; no servers could be reached

dig @192.168.2.100 maroon

; <<>> DiG 9.9.5-4.3-Ubuntu <<>> @192.168.2.100 maroon
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
~~~

On the DNS sever itself:

~~~
$ dig google.ca @127.0.0.1
...
;; ANSWER SECTION:
google.ca.              299     IN      A       173.194.43.111
...
;; Query time: 50 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)

$ dig @192.168.2.100 maroon
...
;; ANSWER SECTION:
maroon.                 0       IN      A       192.168.2.100

;; Query time: 1 msec
;; SERVER: 192.168.2.100#53(192.168.2.100)
...
~~~

This is the debug output from dnsmasq log:

~~~
Jan  1 13:26:10 maroon dnsmasq[2833]: reply google.ca is 173.194.43.119
Jan  1 13:26:10 maroon dnsmasq[2833]: reply google.ca is 173.194.43.120
    *** DEBUG 2015-01-01 13:26:21-05:00 DEBUG *** 
Jan  1 13:27:42 maroon dnsmasq[2833]: query[A] maroon from 192.168.2.100
Jan  1 13:27:42 maroon dnsmasq[2833]: /etc/dnsmasq.hosts maroon is 
192.168.2.100
    *** DEBUG 2015-01-01 13:28:19-05:00 DEBUG *** 
~~~

All other dns queries from localnetwork did not generate any log entries. 
So, because the local dns query work, I think something is blocking the 
dns queries from localnetwork to reach my local DNS server. What could it 
be? 

I didn't limit the dnsmasq listen address:

~~~
$ grep listen-address /etc/dnsmasq.conf /etc/dnsmasq.d/*
/etc/dnsmasq.conf:#listen-address=
~~~

My /etc/hosts.deny and hosts.allow files are untouched either, and I can 
ping my DNS server, and ssh into its IP address as well. So I think the 
blocking is only at the DNS level since other access are just fine. It is 
not because of iptables rules either:

~~~
$ iptables -L 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
~~~

Now, I've run out of all the possibilities.  
What could be the problem? 

Thanks

More information about the Dnsmasq-discuss mailing list