[Dnsmasq-discuss] Struggling with multiple nameservers

Harry Moyes boss at northfrost.com
Tue Jan 7 19:10:42 GMT 2020 

I now have a functional set up. Exactly what was the issue with the 
pihole derivative of dnsmasq, is still not not entirely clear.

I suspect that the compiled in options used in the pihole derivative 
differ from the set compiled into the Debian/raspbian version of 
dnsmasq, that I matched when I compiled the version of dnsmasq2.80.

dnsmasq very usefully reports the compiled in options with the -v flag.

The pihole derivative has lost that rather useful feature, so exactly 
what options it has been complied with is hard to tell.

The config we have eventually arrived at gives correct behaviour for 
both versions of dnsmasq and the pihole derivative.

However what is also clear is that the issue was not related to dnsmasq 
in any way, so sorry for disturbing the list.

Harry

On 01/01/2020 21:54, Harry Moyes wrote:
> 
> 
> On 01/01/2020 16:30, Geert Stappers wrote:
>> On Wed, Jan 01, 2020 at 03:36:33PM +0000, Harry Moyes wrote:
>>> I have a Raspberry Pi configured with two dummy interfaces in 
>>> addition to
>>> the default Ethernet interface.
>>>
>>> I have a workable configuration on the pi with unbound and NSD on the 
>>> two
>>> virtual interfaces, and dnsmasq on the Ethernet and loopback interfaces.
>>>
>>> Workable that is with this package loaded. (present default raspbian 
>>> default
>>> install)
>>>
>>> dnsmasq/stable,now2.76-5+rpt1+deb9u1 all[installed] dnsmasq-
>>> base/stable,now2.76-5+rpt1+deb9u1 armhf [installed,automatic]
>>>
>>> and this config fragment:
>> Why only a fragment?
>>
> Brevity ?
> 
> netadmin at namepi:/etc/dnsmasq.d $ ls
> 01-pihole.conf  02-pihole.conf  README
> netadmin at namepi:
> 
> This config is the standard config installed by pihole-FTL
> 
> netadmin at namepi:/etc/dnsmasq.d $ cat 01-pihole.conf
> # Pi-hole: A black hole for Internet advertisements
> # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
> # Network-wide ad blocking via your own hardware.
> #
> # Dnsmasq config for Pi-hole's FTLDNS
> #
> # This file is copyright under the latest version of the EUPL.
> # Please see LICENSE file for your rights under this license.
> 
> ############################################################################### 
> 
> #      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. 
>       #
> # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT 
> UPDATE #
> #      #
> #        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:      #
> #                      /etc/pihole/setupVars.conf      #
> #      #
> #        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE      #
> #                    WITHIN /etc/dnsmasq.d/yourname.conf      #
> ############################################################################### 
> 
> 
> addn-hosts=/etc/pihole/gravity.list
> addn-hosts=/etc/pihole/black.list
> addn-hosts=/etc/pihole/local.list
> 
> 
> localise-queries
> 
> 
> no-resolv
> 
> 
> 
> cache-size=10000
> 
> log-queries
> log-facility=/var/log/pihole.log
> local-ttl=2
> log-async
> netadmin at namepi:
> 
> netadmin at namepi:/etc/dnsmasq.d $ cat 02-pihole.conf
> # Pi-hole: A black hole for Internet advertisements
> # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
> # Network-wide ad blocking via your own hardware.
> #
> # Dnsmasq config for Pi-hole's FTLDNS
> #
> # This file is copyright under the latest version of the EUPL.
> # Please see LICENSE file for your rights under this license.
> 
> ############################################################################### 
> 
> #        This file contains additional directives for pihole-FTL      #
> # to integrate with the unbound and NSD nameservers also active on this 
> Pi    #
> #      #
> #        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:      #
> #                      /etc/pihole/setupVars.conf      #
> ############################################################################### 
> 
> 
> bind-interfaces
> listen-address=172.25.25.146
> listen-address=127.0.0.1
> server=192.168.55.9
> no-dhcp-interface=eth0
> no-dhcp-interface=dummy0
> no-dhcp-interface=dummy1
> netadmin at namepi:
> 
> 
> This config works with the standard raspbian package.
> 
> netadmin at namepi:/etc/dnsmasq.d $ dnsmasq -v
> Dnsmasq version 2.76  Copyright (c) 2000-2016 Simon Kelley
> Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua 
> TFTP conntrack ipset auth DNSSEC loop-detect inotify
> 
> This software comes with ABSOLUTELY NO WARRANTY.
> Dnsmasq is free software, and you are welcome to redistribute it
> under the terms of the GNU General Public License, version 2 or 3.
> netadmin at namepi:/etc/dnsmasq.d $
> 
> It allows three nameservers to co-exist in the same Pi on three separate
> interfaces. Nameserving functions correctly.
> 
> 
> My problem is that pihole-FTL does not work with this configuration.
> even though the interface and port are free, it errors out and refuses 
> to bind. In effect it's ignoring the bind-interfaces directive, trying 
> to bind port 53 on all interfaces, and erroring out, even though the
> interface and port it is assigned to is available.
> 
> I'm trying to establish if this change in behaviour has occurred in 
> mainline dnsmasq, or in the pihole-FTL fork.
> 
>>> bind-interfaces
>>> listen-address=172.25.25.146
>> } listen-address=127.0.0.1
>> } server=192.168.55.9
>>> no-dhcp-interface=eth0
>>> no-dhcp-interface=dummy0
>>> no-dhcp-interface=dummy1
>>>
>>> This setup is fully functional and does all I ask.
>>>
>>> **However**
>>>
>>> I'm actually trying to run pihole-FTL on the Pi, rather than dnsmasq
>>> directly, which I'm told, includes a locally derived version of 
>>> dnsmasq 2.8.
>>
>> Hopefully is 2.8 a typo.  Because dnsmasq is meanwhile at version 2.80
>>
> It is a typo. The code for pihole-FTL is derived from dnsmasq 2.80
>>
>>> That derivative version appears to ignore the bind-interfaces 
>>> directive, and
>>> thus fails to bind the name server ports, even though the specified
>>> interfaces are free.
>>
>> That seems to be the problem. But I fail to see what the problem is.
>> Most likely due incomplete information on the desired configuration.
>>
>>
>>> The developers of that derivative are convinced that functionally their
>>> derivative imports 2.8 in its entirety,simply adds additional monitoring
>>> hooks.
>>>
>>> I'm obviously not expecting assistance with the pihole-FTP but I'd 
>>> really
>>> appreciate any hints of changes intentional or otherwise, that may 
>>> affect
>>> the behaviour of "mainline" dnsmasq with respect its behaviour 
>>> binding the
>>> wildcard interface, that may have taken place between 2.76 and 2.8 to 
>>> try to
>>> understand where the change in behaviour comes from.
>>>
>>> I'm pretty much convinced I need to build and test a mainline version of
>>> dnsmasq 2.8 from source, to localise where the issue is coming from,
>>> but I thought I'd respectfully ask here in case someone here can 
>>> point me in
>>> the right direction.
>>
> 
> I've built a version of dnsmasq v 2.80. It presently does not have the 
> correct compile options ATM. I'm trying to work out how to configure the 
> correct compile options.
> 
>> Euh?
>> Please be aware that your right direction hasn't to be my right 
>> direction.
>>
>>
>> Advice: Make a follow-up posting which describes the wanted
>> configuration, plus working and NON-working parts.
>>
>>
>> Groeten
>> Geert Stappers
>>
> Harry
>

More information about the Dnsmasq-discuss mailing list