[Dnsmasq-discuss] dns-loop-detect doesn't appear to be working
Jonathan Knoll
jonathan.knoll at oracle.com
Wed Oct 16 15:23:24 BST 2019
Hey all,
Hopefully I am just misconfiguring something, but when I try to test out
the dns-loop-detect feature and configure two instances of dnsmasq to
forward to each other a loop is formed but is never stopped.
Steps to reproduce:
Prerequisites:
* Two VM based servers on the same network
* Both running dnsmasq as a container using the host network.
* Each has a configuration line to forward "my.fun.domain" to the other
Procedure:
* Run the two containers with the described configuration WITHOUT the dns-loop-detect flag.
The following startup logs were observed:
dnsmasq[10]: started, version 2.80 cachesize 150
dnsmasq[10]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dumpfile
dnsmasq[10]: using nameserver <other server IP>#53 for domain my.fun.domain
dnsmasq[10]: cleared cache
* From one of the servers, query using nslookup:
"nslookup some.my.fun.domain 127.0.0.1"
* Observe both servers forward to each other repeatedly and immediately reach the connection limit.
Truncated logs from one server:
dnsmasq[9]: query[A] some.my.fun.domain from 10.19.166.12
dnsmasq[9]: forwarded some.my.fun.domain to 10.19.166.12
parsed: ['query[A]', 'some.my.fun.domain', 'from', '10.19.166.12']
dnsmasq[9]: query[A] some.my.fun.domain from 10.19.166.12
dnsmasq[9]: forwarded some.my.fun.domain to 10.19.166.12
dnsmasq[9]: Maximum number of concurrent DNS queries reached (max: 150)
Logs from the other server are identical but instead have the opposite server's IP address.
-----
* Stop the two containers, and run again WITH the dns-loop-detect flag in the configuration
The same exact startup logs are observed as before.
* Perform the same nslookup query from one of the servers
"nslookup some.my.fun.domain 127.0.0.1"
* Observe both servers show the exact same behavior as before.
The configuration used:
```
no-resolv
no-hosts
dns-loop-detect
server=/my.fun.domain/<IP of other server>#53
user=root
conf-dir=/etc/dnsmasq.d
```
Any suggestions?
Thanks,
Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20191016/805c9c69/attachment-0001.html>
More information about the Dnsmasq-discuss
mailing list