[Dnsmasq-discuss] Why does dnsmasq append a local domain in DNS queries?

Fri Jan 8 12:29:22 GMT 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 01/08/2016 07:46 AM, Ptits de Barbe wrote:
> I believe you've wrongly interpreted the log. Let me describe how do I understand it.
>> 15:45:32.035381 IP 127.0.0.1.18520 > 127.0.2.1.5353: 1536+ A (QM)? dupaa.com. (27)
> Something running on your router sends request to 127.0.2.1:5353. It's dnscrypt there, so that most likely was a dnsmasq request.
>> 15:45:37.040620 IP 127.0.0.1.18520 > 127.0.2.1.5353: 1536+ A (QM)? dupaa.com. (27)
> Same. Have no idea why is there a second same request.
>> 15:45:38.045687 IP 127.0.2.1.5353 > 127.0.0.1.18520: 1536 ServFail 0/0/1 (38)
> dnscrypt responded.
>> 15:45:38.046118 IP 192.168.1.150.6289 > 192.168.1.1.53: 57153+ A? dupaa.com.mhouse.lh. (37)
> And there someone from outside of the router (192.168.1._150_) queries dnsmasq running on router.

Actually there are two instances of dnsmasq. The first one is installed on
my local machine and it acts just as a cache (IP 127.0.0.1). The second
one is installed on my network router (192.168.1.1). So when my machine
make a DNS query, it sends it to the local dnsmasq first. It then checks
the domain of the query and decides where to send the query next. In this
case the domain was "dupaa.com", so it should be delivered to the upstream
DNS server, in this case dnscrypt-proxy, also installed on the local host,
not the router. When it can't resolve the domain, it makes a new query, now
"dupaa.com.mhouse.lh", and it sends it to the network router because the
domain "mhouse.lh" should be answered by the network router, as configured.

This works fine, but only for domains that are valid. The problem concerns
only the domains that can't be answered by the upstream DNS server.

The log above comprise actually of two separate logs. One is from tcpdump
started on local external interface, and the other is started on loopback
(lo) interface, also on local machine, not the router. That's why there
was a space between them.

> To my knowledge, clients always requery their configured DNS with local network suffix appended in case first query wasn't resolved. > This is good, because with small patch dnsmasq will resolve subdomains in local network (like aba.caba.<hostname>).

But when I remove "search mhouse.lh" from the /etc/resolv.conf file, the
problem disappears, and there's no queries that have "mhouse.lh" appended.
So when I try to make a DNS query and the domain can't be resolved by the
upstream DNS server, there's no subsequent query with the local domain
appended. I'm still able to send DNS queries to my network router, but I
have to manually append "mhouse.lh" to the hostname.

> Also, though I don't see further log, I suspect that there were no requests like
That's the full log. I mean, this is what happened after trying to use
"ping dupaa.com".

>> 15:45:32.035381 IP 127.0.0.1.18520 > 127.0.2.1.5353: 1536+ A (QM)? dupaa.com.mhouse.lh. (27)
> meaning dnsmasq correctly filters local network domains and doesn't query upstream servers for them. At least your configuration looks correct.
So dnsmaq has nothing to do with the "dupaa.com.mhouse.lh" query? And it
just passes what it gets from the client? So the client make the request?
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWj6uXAAoJEM0EaBB3G2UgiLsQAL6++3ZzCcSzZdLn/KXa6AwU
72OiMNSNkaSu2UIexRnawLFL17A2ERxTYrdfHrGAZwxgXvnv+Xn0NdpJVwTLbO3B
2Ddn46F1DaMFyoPYIn4RMplkIqjlhnP93/zdZzht9IGeGYBr8WSgUV3t+1Qae58w
vOrve5zDSUiWZJkGXYHLuhvWUSRH09Z6JjMEQzbHVGChx+o4U4Ehm0y/sMduftRN
5M8PjGaMzlVu/sC3ZX94cl+bR4ASBf0klPSJfc3jNFn9hTSexaYOxj1818Igi+Sw
YA9eAh+d4K/dRRMXBFgc543KbdNM1LSKLWfIYJgShuq68M5vXTgfwF782tH3cPIj
QJqn9hbQSAfw579YLjXJLQnWNOd85qi4kXAGTwlhHkifWOVyBU7f7aCnfkE23ony
t5MhKWyQFkvQDsJ5wEuKANbIj5R/0wmWBc1cc3EaQGKjd8cKm8xRhPvJdzHETWcB
5XGftpjGv3qjvOk6yxfNpZsTwyW8ek2gGHdwo9pbnXfOVNpUeqbH9dpd/vCeuMkw
3Iwr9PuuUJFCSaqeVcY23S9rWsXv7DRu3E36u+13xq2a7wcBqobSDPpk1v3VnJ60
F/w9FOh7ZYS2+irQGh0nfD6nlwjClWb2P60YJ2jKyiRZ2eP3N2SsmMoFsgFpa0Y3
OBN8x5iSfocrPOA7lM9C
=+Oxq
-----END PGP SIGNATURE-----