[Dnsmasq-discuss] DNS refused when internet is down
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Dec 15 15:01:31 GMT 2020
>>On Mon, Dec 14, 2020 at 06:51:18AM +0100, Duncan Webb wrote:
>>>$ host s3
>>>s3.example.net has address 10.99.0.103
>>>Host s3.example.net not found: 5(REFUSED)
>>>Host s3.example.net not found: 5(REFUSED)
well, if this is the problem, you have already posted the answer below...
>>>dig noes not report an error.
>>>
>>>$ dig +short s3 @10.99.0.1
>>>10.99.0.103
>>>
>>>Also check_dns nagios plugin reports and error that it cannot resolve the
>>>address.
the question is:
how you run check_dns?
...it has syntax a bit different from other check_* monitoring plugins.
>On 14/12/2020 08:25, Geert Stappers wrote:
>>At which device was the `host s3` executed?
>>At which device was the `dig +short s3 @10.99.0.1` executed?
On 14.12.20 11:07, Duncan Webb wrote:
>By device to you mean host? If so then all the requests were executed
>from a workstation 10.99.0.210
>>Why not `host s3 10.99.0.1` for better comparison?
>The "host -d s3" command was also run. When the internet was connected
>this following was seen:
as you can see, if you run "host" without "-t" option, it by default queries
for "a", "aaaa" and "mx" records
the "a" is apparently processes by dnsmasq which returns locally configured
name. the "aaaa" and "mx" queries are forwarded, if possible, otherwise
dnsmasq returns refused.
the "aaaa" can be set by providing ipv6 address of host in /etc/hosts
(I don't know if/how to disable aaaa response for a host)
the "mx" can be worked around by using -e, --selfmx, -L, --localmx options.
you should be able to disable forwarding for a domain by using "--auth-zone"
option, in which case dnsmasq will apparently return NODATA/NXDOMAIN.
>$ host -d s3
>;; QUESTION SECTION:
>;s3.example.net. IN A
>
>;; ANSWER SECTION:
>s3.example.net. 1 IN A 10.99.0.103
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39237
>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;s3.example.net. IN AAAA
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63206
>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;s3.example.net. IN MX
>When disconnected from the internet then this was the result
>$ host -d s3
>;; QUESTION SECTION:
>;s3.example.net. IN A
>
>;; ANSWER SECTION:
>s3.example.net. 1 IN A 10.99.0.103
>Trying "s3.example.net"
>Host s3.example.net not found: 5(REFUSED)
>Trying "s3.example.net"
>Host s3.example.net not found: 5(REFUSED)
>I didn't try the command "host s3 10.99.0.1".
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.
More information about the Dnsmasq-discuss
mailing list