[Dnsmasq-discuss] dnsmasq not providing a response to client
Bill Warren
billwarren at gmail.com
Fri Sep 9 21:10:35 BST 2016
Hi Albert,
I tried installing dnsmasq in a virtualized, fresh FreeBSD installation ... and it is working. I will go through my hardening configurations to see what, if anything, I can isolate as the cause.
to be continued …
> On Sep 8, 2016, at 00:30, Bill Warren <BillWarren at gmail.com> wrote:
>
> Hello Albert,
>
> Thank you so much for the helpful response. This is my first time using tcpdump, so please excuse any novice mistakes.
>
>> On Sep 7, 2016, at 01:54, Albert ARIBAUD <albert.aribaud at free.fr> wrote:
>>
>> Hello Bill,
>>
>> Le Tue, 6 Sep 2016 19:17:56 -0400
>> Bill Warren <billwarren at gmail.com> a écrit:
>>
>>> Greetings from a new user of dnsmasq v.2.76 on FreeBSD v.10.3
>>>
>>> dnsmasq is receiving queries and obtaining responses (confirmed in
>>> --no-daemon mode).
>>
>> Rather than paraphrasing the dnsmasq output, can you copy-paste it,
>> including [a reasonable amount of] the lines which you think are
>> irrelevant? I'm asking this because in your description, you don't
>> indicate what dnsmasq says about the response once it got it from the
>> upstream (I don't think it discards it, but hey, troubleshooting is
>> about checking what you don't think can go wrong).
>>
>
> Here is the output from dnsmasq during the client’s dig query. It was exactly the same when querying from the server (tcpdump later)
>
>> /usr/local/sbin/dnsmasq --no-daemon -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
> dnsmasq: started, version 2.76 cachesize 150
> dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify
> dnsmasq: reading /etc/resolv.conf
> dnsmasq: using nameserver 8.8.8.8#53
> dnsmasq: using nameserver 8.8.4.4#53
> dnsmasq: read /etc/hosts - 2 addresses
> dnsmasq: query[A] www.google.com from 192.168.1.161
> dnsmasq: forwarded www.google.com to 8.8.8.8
> dnsmasq: forwarded www.google.com to 8.8.4.4
> dnsmasq: reply www.google.com is 216.58.219.196
> dnsmasq: query[A] www.google.com from 192.168.1.161
> dnsmasq: cached www.google.com is 216.58.219.196
> dnsmasq: query[A] www.google.com from 192.168.1.161
> dnsmasq: cached www.google.com is 216.58.219.196
>
>>> However, the client never receives a response ...
>>> dig @192.168.1.14 www.google.com
>>> results in
>>> […]
>>> connection timed out; no servers could be reached
>>>
>>> I disabled the pf firewall to ensure it wasn’t filtering traffic, to
>>> no avail.
>>
>> What about the server? Can you try dig on the same machine as dnsmasq
>> is running? Especially considering this:
>>
>>> I cannot figure out why my clients aren’t getting the response from
>>> dnsmasq even though it received and looked-up the query.
>>
>> So it affects several clients. All the more a reason to check whether
>> the dnsmasq server itself can dig its own dnsmasq.
>
> I should have mentioned, I did test this with "host www.google.com 127.0.0.1" on the dnsmasq server, with the same results. I do show the separate tcpdump output below.
>
>>
>>> Any suggestions would be greatly appreciated! I stumbled onto
>>> dnsmasq and think it will be the perfect solution … once I get it
>>> working properly.
>>
>> In addition to trying dig on the server itself, I also suggest doing a
>> tcpdump on the server machine's interface while doing the dig, in order
>> to cross-check whether the server process physically sends the response
>> out.
>>
>
> Below is the output from “sudo tcpdump host 192.168.1.14” on the server (mostly). I needed the host parameter because dnsmasq is in a FreeBSD jail, but I couldn’t run tcpdump from within the jail so I ran it outside the jail. 192.168.1.14 is the jailed dnsmasq server.
>
>
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on re0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 00:26:13.418521 IP 192.168.1.14.33761 > google-public-dns-a.google.com.domain: 8349+ A? www.google.com. (32)
> 00:26:13.418538 IP 192.168.1.14.33761 > google-public-dns-b.google.com.domain: 8349+ A? www.google.com. (32)
> 00:26:13.529979 ARP, Request who-has 192.168.1.14 tell 192.168.1.1, length 46
> 00:26:13.529983 ARP, Reply 192.168.1.14 is-at d0:50:99:1b:92:f6 (oui Unknown), length 28
> 00:26:13.530774 IP google-public-dns-a.google.com.domain > 192.168.1.14.33761: 8349 1/0/0 A 172.217.2.4 (48)
> 00:26:13.530871 IP google-public-dns-b.google.com.domain > 192.168.1.14.33761: 8349 1/0/0 A 172.217.5.4 (48)
>
>
>> Then, same with digging from a client, but running two tcpdumps: one on
>> the server's physical interface, and one on the client's physical
>> interface.
>>
>
> Below is the tcpdump output from the server while querying from dig on client IP 192.168.1.161.
>
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on re0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 23:43:21.228911 ARP, Request who-has 192.168.1.14 tell 192.168.1.161, length 46
> 23:43:21.228916 ARP, Reply 192.168.1.14 is-at d0:50:99:1b:92:f6 (oui Unknown), length 28
> 23:43:21.230111 IP 192.168.1.161.54740 > 192.168.1.14.domain: 18506+ A? www.google.com. (32)
> 23:43:21.230247 IP 192.168.1.14.8121 > google-public-dns-a.google.com.domain: 22525+ A? www.google.com. (32)
> 23:43:21.230260 IP 192.168.1.14.8121 > google-public-dns-b.google.com.domain: 22525+ A? www.google.com. (32)
> 23:43:21.331268 ARP, Request who-has 192.168.1.14 tell 192.168.1.1, length 46
> 23:43:21.331272 ARP, Reply 192.168.1.14 is-at d0:50:99:1b:92:f6 (oui Unknown), length 28
> 23:43:21.332149 IP google-public-dns-b.google.com.domain > 192.168.1.14.8121: 22525 1/0/0 A 216.58.219.196 (48)
> 23:43:21.332239 IP google-public-dns-a.google.com.domain > 192.168.1.14.8121: 22525 1/0/0 A 216.58.219.228 (48)
> 23:43:26.205531 IP 192.168.1.161.54740 > 192.168.1.14.domain: 18506+ A? www.google.com. (32)
> 23:43:29.839769 IP 192.168.1.1.37858 > 192.168.1.14.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
> 23:43:29.849956 IP 192.168.1.1.36023 > 192.168.1.14.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
> 23:43:31.207126 IP 192.168.1.161.54740 > 192.168.1.14.domain: 18506+ A? www.google.com. (32)
> 23:43:40.539728 IP 192.168.1.1.49200 > 192.168.1.14.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
> 23:43:40.549917 IP 192.168.1.1.46085 > 192.168.1.14.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
> ^C
> 15 packets captured
> 308 packets received by filter
> 0 packets dropped by kernel
>
>
> Below is the output from the client on 192.168.1.161. admittedly, it included a lot of background chatter from other applications, but I was careful to exclude only truly unrelated transactions.
>
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on en0, link-type EN10MB (Ethernet), capture size 262144 bytes
> 00:11:00.193420 ARP, Request who-has 192.168.1.14 tell 192.168.1.161, length 28
> 00:11:00.277651 ARP, Reply 192.168.1.14 is-at f4:f2:6d:a1:34:6a (oui Unknown), length 46
> 00:11:00.277686 IP 192.168.1.161.58811 > 192.168.1.14.domain: 10137+ A? www.google.com. (32)
> 00:11:05.197627 IP 192.168.1.161.58811 > 192.168.1.14.domain: 10137+ A? www.google.com. (32)
> 00:11:10.198629 IP 192.168.1.161.58811 > 192.168.1.14.domain: 10137+ A? www.google.com. (32)
>
> 230 packets captured
> 280 packets received by filter
> 0 packets dropped by kernel
>
>
>> (Ideally, you should either copy-paste tcpdump output here if it's
>> short enough (but complete enough!), or write the dumps to files through
>> option -w or stdout redirection and make the files available somewhere,
>> providing just the URLs.)
>>
>> Amicalement,
>> --
>> Albert.
>
> Warm regards,
> Bill
More information about the Dnsmasq-discuss
mailing list