I ran into a wacky problem today, and it *seems* to be dnsmasq's fault.<br><br>Assume (at least) 2 machines: a firewall (running dnsmasq) and any other machine in the network (pointed at the firewall for name resolution). <br>
<br>On the firewall, 'host -v <a href="http://irc.freenode.org">irc.freenode.org</a>' results thusly:<br><br>Trying "<a href="http://irc.freenode.org">irc.freenode.org</a>" <br>
;; Truncated, retrying in TCP mode. <br>Trying "<a href="http://irc.freenode.org">irc.freenode.org</a>" <br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25071 <br>;; flags: qr tc rd ra; QUERY: 1, ANSWER: 24, AUTHORITY: 2, ADDITIONAL: 0 <br><br>;; QUESTION SECTION:<br>
;<a href="http://irc.freenode.org">irc.freenode.org</a>. IN A<br><br>;; ANSWER SECTION:<br><a href="http://irc.freenode.org">irc.freenode.org</a>. 40 IN CNAME <a href="http://chat.freenode.org">chat.freenode.org</a>.<br>
<a href="http://chat.freenode.org">chat.freenode.org</a>. 40 IN CNAME <a href="http://chat.freenode.net">chat.freenode.net</a>.<br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 193.84.18.40 <br>
<a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 207.158.1.150 <br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 207.182.240.74 <br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 208.71.169.36 <br>
<a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 212.117.163.190 <br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 213.92.8.4<br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 213.161.196.11<br>
<a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 213.219.249.66<br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 213.232.93.3<br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 216.155.130.130<br>
<a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 216.165.191.52<br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 82.96.64.4<br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 86.65.39.15<br>
<a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 89.16.176.16<br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 91.199.167.22<br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 92.61.33.10<br>
<a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 128.237.157.136<br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 130.237.188.200<br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 130.239.18.172<br>
<a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 140.211.166.3<br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 140.211.166.4<br><a href="http://chat.freenode.net">chat.freenode.net</a>. 29 IN A 154.35.200.44<br>
<br>;; AUTHORITY SECTION:<br><a href="http://freenode.net">freenode.net</a>. 75094 IN NS <a href="http://auth1.ns.sargasso.net">auth1.ns.sargasso.net</a>.<br><a href="http://freenode.net">freenode.net</a>. 75094 IN NS <a href="http://ns4086.freenode.net">ns4086.freenode.net</a>.<br>
<br>Received 489 bytes from 216.165.129.158#53 in 33 ms<br>Trying "<a href="http://chat.freenode.net">chat.freenode.net</a>"<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22563<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0<br>
<br>;; QUESTION SECTION:<br>;<a href="http://chat.freenode.net">chat.freenode.net</a>. IN AAAA<br><br>;; AUTHORITY SECTION:<br><a href="http://freenode.net">freenode.net</a>. 3257 IN SOA <a href="http://freenode.net">freenode.net</a>. <a href="http://root.freenode.net">root.freenode.net</a>. 2006073158 3600 36002419200 3600<br>
<br>Received 76 bytes from 216.165.129.158#53 in 31 ms<br>Trying "<a href="http://chat.freenode.net">chat.freenode.net</a>"<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39800<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0<br>
<br>;; QUESTION SECTION:<br>;<a href="http://chat.freenode.net">chat.freenode.net</a>. IN MX<br><br>;; AUTHORITY SECTION:<br><a href="http://freenode.net">freenode.net</a>. 3257 IN SOA <a href="http://freenode.net">freenode.net</a>. <a href="http://root.freenode.net">root.freenode.net</a>. 2006073158 3600 36002419200 3600<br>
<br>Received 76 bytes from 216.165.129.158#53 in 32 ms<br><br><br><br><br>OK? Now, on any machine which uses dnsmasq for resolution:<br><br>Trying "<a href="http://irc.freenode.org">irc.freenode.org</a>"<br>;; Truncated, retrying in TCP mode.<br>
Trying "<a href="http://irc.freenode.org">irc.freenode.org</a>"<br>Received 34 bytes from 192.168.1.1#53 in 65 ms<br>Trying "irc.freenode.org.jamponi.site"<br>Host <a href="http://irc.freenode.org">irc.freenode.org</a> not found: 3(NXDOMAIN)<br>
Received 47 bytes from 192.168.1.1#53 in 1 ms<br><br>What's going wrong?<br><br><br>The logs from the firewall with log-queries turned on:<br><br>Apr 16 09:40:28 goblin dnsmasq[7750]: query[A] <a href="http://irc.freenode.org">irc.freenode.org</a> from 192.168.1.2<br>
Apr 16 09:40:28 goblin dnsmasq[7750]: forwarded <a href="http://irc.freenode.org">irc.freenode.org</a> to 216.165.129.158<br>Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://irc.freenode.org">irc.freenode.org</a> is <CNAME><br>
Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.org">chat.freenode.org</a> is <CNAME><br>Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 86.65.39.15<br>
Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 91.199.167.22<br>Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 213.232.93.3<br>
Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 82.96.64.4<br>Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 193.84.18.40<br>
Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 130.239.18.172<br>Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 213.219.249.66<br>
Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 130.237.188.200<br>Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 140.211.166.4<br>
Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 89.16.176.16<br>Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 140.211.166.3<br>
Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 154.35.200.44<br>Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 207.182.240.74<br>
Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 207.158.1.150<br>Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 216.155.130.130<br>
Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 213.161.196.11<br>Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 92.61.33.10<br>
Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 128.237.157.136<br>Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 208.71.169.36<br>
Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 212.117.163.190<br>Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 216.165.191.52<br>
Apr 16 09:40:28 goblin dnsmasq[7750]: reply <a href="http://chat.freenode.net">chat.freenode.net</a> is 213.92.8.4<br><br>-- <br>Jon<br>