[Dnsmasq-discuss] DNS refused when internet is down

Matus UHLAR - fantomas uhlar at fantomas.sk
Wed Dec 2 13:45:04 GMT 2020


>>>>>On 11/25/2020 9:31 AM, Duncan Webb wrote:
>>>>>>When the internet is down for some external reason nslookup 
>>>>>>is returning
>>>>>>"Connection to DNS 10.0.0.1 was refused" when looking up a 
>>>>>>host on the
>>>>>>LAN that has its IP from DHCP. Both DHCP and DNS are 
>>>>>>provided by dnsmasq.
>>>>>>
>>>>>>Is this the expected behaviour or a misconfiguration?
>>
>>>>On Wed, Nov 25, 2020 at 10:44:34AM +0100, john doe wrote:
>>>>>No, this is not the expected behavior.
>>
>>>On 26/11/2020 08:31, Geert Stappers wrote:
>>>>Also my first impression, on second thought: "It could be" ...
>>
>>>>>We can not say
>>>>>where the issue lies with the little information you have provided.
>>
>>>>So please make your problem an interesting challenge for the ML ;-)
>>
>>On 01.12.20 09:32, Duncan Webb wrote:
>>>The problem can be reproduced by disconnecting the cable to the 
>>>ADSL router. As soon as the cable is removed then a nslookup will 
>>>return a "Connection to DNS 10.0.0.1 was refused" reply for every 
>>>query.

>On 01/12/2020 10:24, Matus UHLAR - fantomas wrote:
>>which server does 10.0.0.1 belong to?  apparently not to your router, as
>>I don't see this address as argument to --listen-address.

On 01.12.20 10:52, Duncan Webb wrote:
>Sorry this was a typo should have been 10.99.0.1 (can't pull that 
>cable out at the moment to get the exact message)

is 10.99.0.1 your external IP address?

I guess you'll need the exact error message.

Also you should use "host" instead of "nslookup", because there are
different nslookup implementations, when some provide non-sensical error
messages (might be your case).

>>>I would expect that hosts on the LAN that have been provided an IP 
>>>address from the dnsmasq DHCP server to resolve.
>>
>>hosts on the lan should be resolved by dnsmasq, but unreachable address
>>can't resolve them.
>>
>>>The configuration is all on the command line and this is
>>>
>>>/usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts
>>>--listen-address=192.168.0.254 --listen-address=10.99.2.1
>>>--listen-address=10.99.0.1 --listen-address=10.99.128.1
>>>--listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces
>>>--server=/example.net/10.99.0.1 --server=/opcase.private/10.99.130.1
>>>--server=/130.99.10.in-addr.arpa/10.99.130.1
>>>--server=/opcase1.private/10.99.144.1
>>>--server=/144.99.10.in-addr.arpa/10.99.144.1 --dns-forward-max=5000
>>>--cache-size=10000 --local-ttl=1
>>>--conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf
>>>
>>>I don't think that the options 
>>>--server=/opcase.private/10.99.130.1 where the server is offline 
>>>could be causing this but for completeness both the servers 
>>>10.99.130.1 and 10.99.144.1 are offline.
>>>
>>>The --conf-dir directory has no .conf files.
>>>
>>>The firewall is OPNsense which based on BSD and I don't think this 
>>>is relevant to this specific problem.

btw,
the firewall may cause different behaviour when the external link is down.
but for now get proper message from proper command.

>>>example.net is not the real domain. The contents of 
>>>/var/etc/dnsmasq-hosts contains lines like this:
>>>
>>>10.99.0.201 w1.example.net w1
>>>10.99.0.202 w2.example.net w2
>>>10.99.0.203 w3.example.net w3
>>>
>>>It is these addresses that I would expect to be resolved.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901



More information about the Dnsmasq-discuss mailing list