[Dnsmasq-discuss] Kind request regarding Dnsmasq's Dns response auto caching feature not working

Joyabrata Ghosh joy.career at gmail.com
Thu Jun 4 11:52:40 BST 2015


Hi All,

Still unable to solve the Dnsmasq Cache Down problem, anything I am very
fundamentally missing in cache configuration for DNS response traffic in
Dnsmasq, when remote queries hit at vEth0 interface via 172.23.23.13 IPv4
address from tun0 tunnel interface at 10.20.0.1, where DNS server is
running at remotely at 172.23.23.10#53.

When "nameserver 127.0.0.1" were added in only locally generated Dns
traffic, Dnsmasq Cache works correctly and some cache were updated, but in
case of remotely generated traffic, which arrived at vEth0 interface from
tun0, Dnsmasq not working on any DNS Response traffic consistently, logs
confirms it.

Any tips/tricks on Dnsmasq Dns Cache working setup would be very very
helpful.

Thanks & Regards,
Joy

*dnsmasq: cache size 300, 0/0 cache insertions re-used unexpired cache
entries.*
*dnsmasq: queries forwarded 0, queries answered locally 0*


/etc/dnsmasq.conf
    561 log-facility=/var/log/dnsmasq.log
    562 log-queries
    563 log-dhcp
    564 no-daemon
    565 interface=vEth0
    566 interface=tun0
    567 bind-interfaces
    568 all-servers
    569 cache-size=300
    570 neg-ttl=3600
    571 local-ttl=3600
    572 server=/firepitdoc.app.jayapadhi.com/10.60.70.191
    573 interface-name=firepitdoc.app.jayapadhi.com,vEth0/4
    574 user=root
    575 group=root
    576
    577 server=10.25.25.2
    578 server= 172.23.23.10
    579 addn-hosts=/etc/dnsmasq.hosts
    580 listen-address=172.23.23.13
    581 listen-address=10.20.0.1

root at cfae:/var/log# cat /etc/dnsmasq.hosts
10.60.70.190 blrfirepit.app.jayapadhi.com

root at cfae:/var/log# cat /etc/resolv.conf
domain jayapadhi.com
search jayapadhi.com
nameserver 10.25.25.2
root at cfae:/var/log# cat /etc/host
host.conf    hostname     hosts        hosts.allow  hosts.deny
root at cfae:/var/log# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 xyz

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


/var/log/dnsmasq.log
root at cfae:/var/log# /etc/init.d/dnsmasq restart
 * Restarting DNS forwarder and DHCP server dnsmasq
                                                      dnsmasq: started,
version 2.59 cachesize 300
dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n DHCP TFTP
conntrack IDN
dnsmasq: using nameserver 172.23.23.10#53
dnsmasq: using nameserver 10.25.25.2#53
dnsmasq: using nameserver 10.60.70.191#53 for domain
firepitdoc.app.jayapadhi.com
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 10.25.25.2#53
dnsmasq: using nameserver 172.23.23.10#53
dnsmasq: using nameserver 10.25.25.2#53
dnsmasq: using nameserver 10.60.70.191#53 for domain
firepitdoc.app.jayapadhi.com
dnsmasq: read /etc/hosts - 7 addresses
dnsmasq: read /etc/dnsmasq.hosts - 1 addresses


User defined signal 1
root at cfae:/var/log#
root at cfae:/var/log#
root at cfae:/var/log# dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 10.25.25.2#53
dnsmasq: using nameserver 172.23.23.10#53
dnsmasq: using nameserver 10.25.25.2#53
dnsmasq: using nameserver 10.60.70.191#53 for domain
firepitdoc.app.jayapadhi.com
dnsmasq: time 1433431170
*dnsmasq: cache size 300, 0/0 cache insertions re-used unexpired cache
entries.*
*dnsmasq: queries forwarded 0, queries answered locally 0*
dnsmasq: server 10.60.70.191#53: queries sent 0, retried or failed 0
dnsmasq: server 10.25.25.2#53: queries sent 0, retried or failed 0
dnsmasq: server 172.23.23.10#53: queries sent 0, retried or failed 0
dnsmasq: Host                                     Address
     Flags     Expires
dnsmasq: ip6-loopback                             ::1
     6F I   H
dnsmasq: pep                                      127.0.1.1
     4FRI   H
dnsmasq: blrfirepit.app.jayapadhi.com             10.60.70.190
      4FRI   H
dnsmasq: ip6-mcastprefix                          ff00::
      6FRI   H
dnsmasq: ip6-allrouters                           ff02::2
     6FRI   H
dnsmasq: ip6-localhost                            ::1
     6FRI   H
dnsmasq: localhost                                127.0.0.1
     4FRI   H
dnsmasq: ip6-allnodes                             ff02::1
     6FRI   H
dnsmasq: ip6-localnet                             fe00::
      6FRI   H


root at cfae:/var/log# iptables-save
# Generated by iptables-save v1.4.12 on Thu Jun  4 11:27:21 2015
*raw
:PREROUTING ACCEPT [58811:9140569]
:OUTPUT ACCEPT [32414:8911344]
-A PREROUTING -i eth2 -j CT --notrack
-A PREROUTING -i vEth1 -j CT --notrack
-A PREROUTING -i eth3 -j CT --notrack
-A PREROUTING -i lo -j CT --notrack
-A OUTPUT -o eth2 -j CT --notrack
-A OUTPUT -o vEth1 -j CT --notrack
-A OUTPUT -o eth3 -j CT --notrack
-A OUTPUT -o lo -j CT --notrack
COMMIT
# Completed on Thu Jun  4 11:27:21 2015
# Generated by iptables-save v1.4.12 on Thu Jun  4 11:27:21 2015
*nat
:PREROUTING ACCEPT [2010:128170]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [102:7604]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o vEth0 -j MASQUERADE
COMMIT
# Completed on Thu Jun  4 11:27:21 2015
# Generated by iptables-save v1.4.12 on Thu Jun  4 11:27:21 2015
*filter
:INPUT ACCEPT [836:53279]
:FORWARD ACCEPT [14348:3836413]
:OUTPUT ACCEPT [836:53279]
-A INPUT -d 10.25.25.31/32 -i eth2 -j ACCEPT
-A INPUT -d 172.23.23.13/32 -i vEth0 -j ACCEPT
-A INPUT -i eth3 -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -i eth3 -j DROP
-A INPUT -d 10.40.2.222/32 -i eth3 -j DROP
-A OUTPUT -s 10.25.25.31/32 -o eth2 -j ACCEPT
-A OUTPUT -s 172.23.23.13/32 -o vEth0 -j ACCEPT
-A OUTPUT -o eth3 -p udp -m udp --sport 1194 -j ACCEPT
-A OUTPUT -o eth3 -j DROP
-A OUTPUT -s 10.40.2.222/32 -o eth3 -j DROP
COMMIT
# Completed on Thu Jun  4 11:27:21 2015
root at cfae:/var/log#


On Mon, Jun 1, 2015 at 12:11 AM, Albert ARIBAUD <albert.aribaud at free.fr>
wrote:

> Hi Joyabrata,
>
> Le Sun, 31 May 2015 22:48:42 +0530, Joyabrata Ghosh
> <joy.career at gmail.com> a écrit :
>
> > Hi All,
> >
> > Thanks for quick reply, tried the proposed setting as well, where
> > "listen-address=172.20.20.10", the DNS traffic source interface eth0's
> IPv4
> > address as well as "interface=eth0" without any success till now:
> >
> > *Dnsmasq setting: /etc/dnsmasq.conf*
> >
> >     log-facility=/var/log/dnsmasq.log
> >     log-queries
> >     log-dhcp
> >     no-daemon
> > *    listen-address=172.20.20.10*
> >     port=53
> > *    interface=eth0*
> > *    bind-interfaces*
> >     cache-size=1000
> >     neg-ttl=3600
> >
> > Anyone please point if anything missing from configuration or invalid
> > configuration applied.
>
> Since you're logging in /var/log/dnsmasq.log, maybe this file contains
> information such as warnings or error messages ?
>
> > Thanks & Regards,
> > JGhosh
> > Networking developer, Bangalore, India
>
> Amicalement,
> --
> Albert.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20150604/b31d7a18/attachment.html>


More information about the Dnsmasq-discuss mailing list