[Dnsmasq-discuss] dns-loop-detect doesn't appear to be working

Jonathan Knoll jonathan.knoll at oracle.com
Wed Oct 16 15:23:24 BST 2019


Hey all,

Hopefully I am just misconfiguring something, but when I try to test out 
the dns-loop-detect feature and configure two instances of dnsmasq to 
forward to each other a loop is formed but is never stopped.

Steps to reproduce:

Prerequisites:

   * Two VM based servers on the same network

   * Both running dnsmasq as a container using the host network.

   * Each has a configuration line to forward "my.fun.domain" to the other

Procedure:

   * Run the two containers with the described configuration WITHOUT the dns-loop-detect flag.

     The following startup logs were observed:

         dnsmasq[10]: started, version 2.80 cachesize 150

         dnsmasq[10]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dumpfile

         dnsmasq[10]: using nameserver <other server IP>#53 for domain my.fun.domain

         dnsmasq[10]: cleared cache

   * From one of the servers, query using nslookup:

     "nslookup some.my.fun.domain 127.0.0.1"

   * Observe both servers forward to each other repeatedly and immediately reach the connection limit.

     Truncated logs from one server:

           dnsmasq[9]: query[A] some.my.fun.domain from 10.19.166.12

           dnsmasq[9]: forwarded some.my.fun.domain to 10.19.166.12

           parsed: ['query[A]', 'some.my.fun.domain', 'from', '10.19.166.12']

           dnsmasq[9]: query[A] some.my.fun.domain from 10.19.166.12

           dnsmasq[9]: forwarded some.my.fun.domain to 10.19.166.12

           dnsmasq[9]: Maximum number of concurrent DNS queries reached (max: 150)

     Logs from the other server are identical but instead have the opposite server's IP address.

  -----

   * Stop the two containers, and run again WITH the dns-loop-detect flag in the configuration

     The same exact startup logs are observed as before.

   * Perform the same nslookup query from one of the servers

     "nslookup some.my.fun.domain 127.0.0.1"

   * Observe both servers show the exact same behavior as before.

   The configuration used:

       ```

       no-resolv

       no-hosts

       dns-loop-detect

       server=/my.fun.domain/<IP of other server>#53

       user=root

       conf-dir=/etc/dnsmasq.d

       ```

Any suggestions?

Thanks,
Jon

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20191016/805c9c69/attachment-0001.html>


More information about the Dnsmasq-discuss mailing list