[Dnsmasq-discuss] Working: 2.79 Always return a SERVFAIL

B. Cook bcook at poughkeepsieschools.org
Tue Apr 24 14:20:49 BST 2018


I was able to adjust my unbound configuration and get everything working.

forward-zone:
    name: "20.10.in-addr.arpa."
    forward-addr: 172.16.254.241

forward-zone:
    name: "pcsd."
    forward-addr: 172.16.254.241

where 172.16.254.241 is the authoritative dnsmasq 2.79 install (alpine)

(alpine binary)
Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6
no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify

(debian binary)
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP
conntrack ipset auth DNSSEC loop-detect inotify

(unbound alpine binary)
Version 1.7.0
linked libs: libevent 2.1.8-stable (it uses epoll), LibreSSL 2.7.2
linked modules: dns64 respip validator iterator

(unbound debian binary)
Version 1.6.0
linked libs: libevent 2.0.21-stable (it uses epoll), OpenSSL 1.1.0f  25 May
2017
linked modules: dns64 python validator iterator

tl:dr;

I got everything working, needed to adjust the other software
package.. dnsmasq was just fine.


On Mon, Apr 23, 2018 at 11:23 PM, Eliezer Croitoru <eliezer at ngtech.co.il>
wrote:

> Hey,
>
> I encountered a similar issue with Alpine virtual 32bit VM.
> I verified that on Debian and Ubuntu when I compile 2.79 (both 64bit) it
> works fine.
>
> Let me know if you find something.
>
> Eliezer
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
>
>
> -----Original Message-----
> From: Dnsmasq-discuss <dnsmasq-discuss-bounces at lists.thekelleys.org.uk>
> On Behalf Of Simon Kelley
> Sent: Tuesday, April 24, 2018 00:26
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] 2.79 Always return a SERVFAIL
>
> Let's keep this simple:
>
> Can you query dnsmasq version 2.78 (works) and 2.79 (doesn't work) using
> dig, and post the results here. There must be a difference between the two
> replies which is provoking the problem.
>
>
> Cheers,
>
> Simon.
>
>
>
>
>
> On 23/04/18 14:18, B. Cook wrote:
> > Was running a 2.76 machine (debian) made a new machine with 2.79
> > (alpine).
> >
> > this dnsmasq machine is providing dhcp and dns for those dhcp entries
> > and other statically configured entries.
> >
> > the staff is talking to this machine via unbound - I can get graphs
> > with unbound.
> >
> > unbound config:
> >
> >    local-zone: "pcsd." transparent
> >
> >    stub-zone:
> >         name: "pcsd"
> >         stub-addr: 172.16.254.241
> >
> > 254.241 is the dnsmasq machine. with 2.79 dnsmasq serves SERVFAIL with
> > 2.76 it does not.
> >
> > dnsmasq.conf:
> > conf-file=/etc/dnsmasq.d/dnsmasq.dhcp
> >
> > conf-file=/etc/dnsmasq.d/dnsmasq.hosts
> > addn-hosts=/etc/dnsmasq.d/hosts
> >
> >
> > bind-interfaces
> > listen-address=127.0.0.1
> > listen-address=172.16.254.241
> > port=53
> > log-facility=/var/log/dnsmasq.log
> >
> > log-queries
> >
> > local-ttl=300
> > dns-forward-max=8192
> > cache-size=0
> >
> > user=dnsmasq
> > group=nogroup
> >
> > no-hosts
> > no-negcache
> > no-poll
> > no-resolv
> > server=10.20.0.55
> >
> > domain=default.pcsd
> >
> > dnsmasq.hosts:
> > # vi:syntax=dnsmasq
> >
> > local=/pcsd/
> > local=/20.10.in-addr.arpa/
> >
> > addn-hosts=/etc/dnsmasq.d/hosts
> >
> > /etc/dnsmasq.d/hosts:
> > 10.20.8.29 server.intdom.pcsd
> >
> >
> >
> > Again with 2.76 dnsmasq will serve 'server.intdom.pcsd' with 2.79 it
> > returns SERVFAIL from unbound but works with directly queried..
> >
> > Am I trying to do a recursive query with unbound?
> >
> > Or is dnsmasq not set as authoritative?
> >
> > Or am I missing something else?
> >
> > I have since put 2.78 on alpine and things are working as expected.
> >
> > Thanks in advance.
> >
> >
> >
> > This message may contain confidential information and is intended only
> > for the individual(s) named. If you are not an intended recipient you
> > are not authorized to disseminate, distribute or copy this e-mail.
> > Please notify the sender immediately if you have received this e-mail
> > by mistake and delete this e-mail from your system.
> >
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>



-- 
Network Analyst
Poughkeepsie City School District
SMS & Mobile: (202) 810-5827
twitter.com/bcookatpcsd

If you can't explain it simply, you don't understand it well enough.

-- 

This message may contain confidential information and is intended only for 
the individual(s) named. If you are not an intended recipient you are not 
authorized to disseminate, distribute or copy this e-mail. Please notify 
the sender immediately if you have received this e-mail by mistake and 
delete this e-mail from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180424/a096f393/attachment.html>


More information about the Dnsmasq-discuss mailing list