[Dnsmasq-discuss] : Dns lookup failures if one of the upstream servers are down (P Elaborate)

Abhishek Patti abhishek.patti at gmail.com
Sun Mar 29 02:40:40 BST 2020


Hi

Apologies for not elaborating it further, so I wanted to know why we are
seeing different behavior what is expected, I was wondering if there is
some additional configuration which I am missing. Expected Behavior which I
think is even though one of the upstream server is down, dnsmasq should get
the results from other two upstream servers

On Sat, Mar 28, 2020 at 11:54 AM <
dnsmasq-discuss-request at lists.thekelleys.org.uk> wrote:

> Send Dnsmasq-discuss mailing list submissions to
>         dnsmasq-discuss at lists.thekelleys.org.uk
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> or, via email, send a message with subject or body 'help' to
>         dnsmasq-discuss-request at lists.thekelleys.org.uk
>
> You can reach the person managing the list at
>         dnsmasq-discuss-owner at lists.thekelleys.org.uk
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Dnsmasq-discuss digest..."
>
>
> Today's Topics:
>
>    1. Re: : Dns lookup failures if one of the upstream servers are
>       down (P Elaborate)
>    2. Re: SOA serial increase (Simon Kelley)
>    3. Re: Nameserver dot (Simon Kelley)
>    4. Re: Fwd: dnsmasq localise-queries + addn-hosts (Simon Kelley)
>    5. Re: NETLINK_NO_ENOBUFS not defined on old platforms (Simon Kelley)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 28 Mar 2020 12:54:11 +0100
> From: P Elaborate <stappers at stappers.nl>
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] : Dns lookup failures if one of the
>         upstream servers are down
> Message-ID: <20200328115411.3sxomstt7iqmn66j at gpm.stappers.nl>
> Content-Type: text/plain; charset=us-ascii
>
> On Thu, Mar 26, 2020 at 07:39:21AM -0700, Abhishek Patti wrote:
> > Hi Everyone
> >
> > We are using dnsmasq version 2.80 and have multiple upstream servers
> > configured, with all-servers flag set. We noticed that if first upstream
> > server fails then we get dns lookup failures even though other upstream
> > servers are working fine.
>
>
> Please elaborate
>
>
> Long version:
> The "it doesn't work as expected" has been seen.
> What not yet has been seen in which way that report
> can improve dnsmasq.
>
> Most likely is http://www.catb.org/~esr/faqs/smart-questions.html
> the way to go.
>
>
>
> ------------------------------
>
> Message: 2
> Date: Sat, 28 Mar 2020 17:01:25 +0000
> From: Simon Kelley <simon at thekelleys.org.uk>
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] SOA serial increase
> Message-ID: <e28912b8-5a4c-b54c-bce0-0150001b537f at thekelleys.org.uk>
> Content-Type: text/plain; charset=utf-8
>
> On 20/03/2020 11:15, William Edwards wrote:
> > Hi Simon!
> >> If you don't explicitly set the serial, then it should start at the
> >> current epoch ?time (ie seconds since 1/1/1970) which avoids the problem
> >> unless you average more than one new DHCP lease per second.
> > After setting 'auth-server', this behaviour has been 'fixed'.
> > Without 'auth-server':
> > --
> > vlan5.hosts.cyberfusion.space. 600 IN ? ?SOA ? ?. . 1 1200 180 1209600
> 600
> > --
> > With 'auth-server':
> > --
> > vlan5.hosts.cyberfusion.space. 600 IN ? ?SOA ? ?
> vlan5.hosts.cyberfusion.space. hostmaster.vlan5.hosts.cyberfusion.space.
> 1584702843 1200 180 1209600 600
> > --
> > So this seems like a combination of 1) possibly some room for
> improvement in docs (there is little mention of serials there at all) and
> 2) working too late at night.
> > William
>
>
> The forthcoming 2.81 release errors in startup is auth-server is not set
> under these circumstances.
>
>
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=08933475abd0580cff747e3d1e0db3865207a200
>
>
> Cheers,
>
> Simon.
>
> >
> > On 20/03/2020 08:18, William Edwards wrote:
> >>
> >> Op 20 mrt. 2020 om 00:39 heeft Simon Kelley <simon at thekelleys.org.uk
> >> <mailto:simon at thekelleys.org.uk>> het volgende geschreven:
> >>
> >>> On 19/03/2020 17:28, William Edwards wrote:
> >>>> Hello,
> >>>>
> >>>> Does dnsmasq increase SOA serial when adding a new DNS record after
> DHCP
> >>>> lease is requested?
> >>>
> >>> Yes.
> >>>
> >>>>
> >>>> I am not sure because docs say '--auth-soa' allows for specifying
> serial.
> >>>
> >>> It does, but it's optional: dnsmasq will generate one for you. If you
> do
> >>> specify a serial, it will still get incremented after a new DHCP lease
> >>> is created.
> >>
> >> Thanks.
> >>
> >> I noticed that serial is reset back to 1 when dnsmasq is restarted. This
> >> would cause the serial to be lower on dnsmasq than its slaves after a
> >> restart, even when DHCP leases are handed out and DNS records are added.
> >>
> >> Is this intentional behaviour?
> >>
> >>>
> >>>
> >>> Cheers,
> >>>
> >>> Simon.
> >>>
> >>>>
> >>>> Met vriendelijke groeten,
> >>>>
> >>>> William Edwards
> >>>> T. 040 - 711 44 96
> >>>> E. wedwards at cyberfusion.nl <mailto:wedwards at cyberfusion.nl>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> Dnsmasq-discuss mailing list
> >>>> Dnsmasq-discuss at lists.thekelleys.org.uk
> >>>> <mailto:Dnsmasq-discuss at lists.thekelleys.org.uk>
> >>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >>>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Dnsmasq-discuss mailing list
> >>> Dnsmasq-discuss at lists.thekelleys.org.uk
> >>> <mailto:Dnsmasq-discuss at lists.thekelleys.org.uk>
> >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >>
> >> _______________________________________________
> >> Dnsmasq-discuss mailing list
> >> Dnsmasq-discuss at lists.thekelleys.org.uk
> >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >>
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
> >
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Sat, 28 Mar 2020 17:55:55 +0000
> From: Simon Kelley <simon at thekelleys.org.uk>
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] Nameserver dot
> Message-ID: <b55f2c65-66d5-94ef-40a2-6c323a9d6ecf at thekelleys.org.uk>
> Content-Type: text/plain; charset=utf-8
>
> On 20/03/2020 14:29, William Edwards wrote:
> >> This sounds like a bug, doing auth DNS without an auth-server statement
> >> is a recent addition, and I probably forgot this effect on secondary
> >> servers. Will take a look in the next day or two.
> >
> > No worries. What's important to me is that only entries in
> 'auth-sec-servers' are returned as NS records, being my public DNS servers.
> > Thanks,
> > William
>
> I just pushed
>
>
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=b43585c34baf0c5eb478aa07423da534b2118536
>
> which addresses this.
>
> If --auth-server is a complete configuration
>
> auth-server=dnsmasq.example.com,eth0
>
> then dnsmasq.example.com will appear in the NS RRset and dnsmasq will
> act as a nameserver for the domain on queries via eth0
>
> IF instead, there's no interface or address specification, then the
> domain will NO LONGER appear in the NS RRset, only the entries in
> auth-sec-servers will. Under these circumstances, the only use made of
> the domain in auth-server is to fill in the MNAME field in the SOA RR,
> so it makes most sense for it to be the name of whichever of the
> auth-sec-servers is acting as "primary".
>
> That seems to make sense.
>
> As a workaround, with 2.80, just pick which of your servers is primary
> and remove it from the --auth-sec-servers list and add it as
> --auth-server. Remember to undo that when you upgrade to 2.81
>
>
> Cheers,
>
> Simon.
>
>
>
>
>
> >
> >
> > On 20/03/2020 08:25, William Edwards wrote:
> >>
> >>> Op 20 mrt. 2020 om 00:23 heeft Simon Kelley <simon at thekelleys.org.uk>
> het volgende geschreven:
> >>>
> >>>> On 19/03/2020 17:23, William Edwards wrote:
> >>>> Hi,
> >>>>
> >>>> I have auth-sec-servers set to:
> >>>> 'auth-sec-servers=nsauth0.cyberfusion.nl,nsauth1.cyberfusion.be,
> nsauth2.cyberfusion.nu,nsauth3.cyberfusion.nl'
> >>>>
> >>>> These nameservers are shown, but I am also getting back an NS record
> >>>> consisting of '.':
> >>>>
> >>>> ---
> >>>> ;; ANSWER SECTION:
> >>>> vlan5.hosts.cyberfusion.space. 600 IN NS nsauth1.cyberfusion.be.
> >>>> vlan5.hosts.cyberfusion.space. 600 IN NS .
> >>>> vlan5.hosts.cyberfusion.space. 600 IN NS nsauth0.cyberfusion.nl.
> >>>> vlan5.hosts.cyberfusion.space. 600 IN NS nsauth2.cyberfusion.nu.
> >>>> vlan5.hosts.cyberfusion.space. 600 IN    NS    nsauth3.cyberfusion.nl
> .
> >>>> --
> >>>>
> >>>> Where does 'NS .' come from?
> >>>
> >>> The --auth-server configuration, probably.  What does that look like?
> >>
> >> I did not specify an ?auth-server? directive. I did so, and now, the
> first NS record indeed is no longer a dot.
> >>
> >> This brings me to the next question: how do I prevent dnsmasq from even
> showing itself in NS records? dnsmasq will not answer queries to the
> internet.
> >>
> >>>
> >>>
> >>> Simon.
> >>>
> >>>
> >>>>
> >>>> Met vriendelijke groeten,
> >>>>
> >>>> William Edwards
> >>>> T. 040 - 711 44 96
> >>>> E. wedwards at cyberfusion.nl
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> Dnsmasq-discuss mailing list
> >>>> Dnsmasq-discuss at lists.thekelleys.org.uk
> >>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >>>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Dnsmasq-discuss mailing list
> >>> Dnsmasq-discuss at lists.thekelleys.org.uk
> >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >> _______________________________________________
> >> Dnsmasq-discuss mailing list
> >> Dnsmasq-discuss at lists.thekelleys.org.uk
> >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >>
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
> >
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
>
>
>
>
> ------------------------------
>
> Message: 4
> Date: Sat, 28 Mar 2020 17:59:21 +0000
> From: Simon Kelley <simon at thekelleys.org.uk>
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] Fwd: dnsmasq localise-queries +
>         addn-hosts
> Message-ID: <9bc61a6f-fce2-f97a-c6d5-6d711208c307 at thekelleys.org.uk>
> Content-Type: text/plain; charset=utf-8
>
> On 19/03/2020 21:47, Jake Howard wrote:
> > Hello!
> >
> > Is `localise-queries` meant to work against entries added via?
> > `addn-hosts`? Querying a record returns both IPs, but always in the same?
> > order. The order is correctly fixed when the records are put in?
> > `/etc/hosts` directly.
>
>
> Yes, localise-queries  works with entries added via addn-hosts, but it
> doesn't have anything to do with the order that records appear, so that
> doesn't address your problem. What are you trying to achieve?
>
>
> Simon.
>
>
> >
> > Config:
> >
> > ```
> > localise-queries
> > no-resolv
> > cache-size=10000
> > log-queries
> > log-facility=/var/log/pihole.log
> > local-ttl=2
> > log-async
> > server=8.8.8.8
> > server=8.8.4.4
> > server=1.1.1.1
> > server=1.0.0.1
> > interface=eth0
> > server=/use-application-dns.net/
> >
> > addn-hosts=/etc/vpn-hosts.conf
> > localise-queries
> >
> > ```
> >
> > This is from pihole, but AFAIK that shouldn't make a difference if I'm?
> > modifying the config directly.
> >
> > Would appreciate some input, or being told i'm wrong!
> >
> > Thanks,
> >
> > - Jake Howard
> >
> >
> >
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Sat, 28 Mar 2020 18:13:15 +0000
> From: Simon Kelley <simon at thekelleys.org.uk>
> To: Roy Marples <roy at marples.name>,
>         dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] NETLINK_NO_ENOBUFS not defined on old
>         platforms
> Message-ID: <69804be5-cd9e-9d62-3baf-6f2482eba1f1 at thekelleys.org.uk>
> Content-Type: text/plain; charset=utf-8
>
> On 20/03/2020 02:18, Roy Marples wrote:
> > On 19/03/2020 22:01, Simon Kelley wrote:
> >>
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0506a5ed4e56863627c54aedad30ad61221292ef
> >>
> >>
> >>
> >> should handle both old kernel header files and old kernels, in any
> >> combination.
> >
> > I really dislike this approach because it makes the assumption that no
> > other symbol will take No 5.
>
> Linux is pretty hot on ABI backwards compatibilty, so I doubt that there
> has been any other netlink sockopt with number 5 in the past, or if that
> sockopt disappears in the future any other opt would re-use it. Anyone
> adding sockopts to a private kernel and picks the next free number,
> rather than one at the end of the range or a defined private space needs
> their bumps felt: it's obvious that it's going to clash with the
> mainline kernel. I could #ifdef all the code if NETLINK_NO_ENOBUFS isn't
> defined, and that would only lose us the ability to build against old
> headers and still get the fix on a new enough kernel. It's probably not
> a big loss, but it addresses a problem that seems unlikely.
>
> Note that the code checks the kernel version, so if you build on old
> headers and run on an old kernel, then despite the code assuming sockopt
> 5, it won't call setsockopt(5) when running on the old kernel.
>
>
> This code is Linux-only, so what BSD does doesn't count.
>
> Simon.
>
>
> >
> > Whilst this might be true for generic linux, is it true for customised
> > linux?
> > Or to put it another way I can point to many examples cross BSD where
> > the ioctls differ in number but not name.
> >
> > You might take the view "So what? We just support generic linux.".
> >
> > I have started to take the hard stance with Arch Linux which shipped
> > latest kernel headers and support that on an old LTS kernel. It's not
> > maintainable because I've had 3 instances where dhcpcd used to do this
> > and then promptly crashed on newer kernels because they had customised
> > headers.
> >
> > Modern software should not need this hack. Either #ifdef around it or
> > require userland headers to define it. Don't hardcode it as it's not
> > userlands responsibility to do it.
> >
> > See the similar case where OpenBSD removed a ioctl but let it in the
> > header - even worse!!
> >
> > Roy
> >
>
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
> ------------------------------
>
> End of Dnsmasq-discuss Digest, Vol 178, Issue 32
> ************************************************
>


-- 
abhishek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20200328/5e317ec7/attachment-0001.html>


More information about the Dnsmasq-discuss mailing list