<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Re: [Dnsmasq-discuss] Dnsmasq cache does not fetch new value after cache expired for some record</title>
<meta name="GENERATOR" content="MSHTML 11.00.9600.16412">
<style>
BLOCKQUOTE {
MARGIN-BOTTOM: 0px; MARGIN-LEFT: 2em; MARGIN-TOP: 0px
}
OL {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
UL {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
DIV.FoxDiv20140305105927052045 {
COLOR: #000000
}
P {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
BODY {
FONT-SIZE: 10.5pt; FONT-FAMILY: Microsoft YaHei UI; COLOR: #000000; LINE-HEIGHT: 1.5
}
</style>
</head>
<body style="MARGIN: 10px">
<div>It is repeatable! but I could not found the pattern!</div>
<div> </div>
<div>I didn't find any problem in the last few days, but now it happened again!</div>
<div> </div>
<div> </div>
<div> </div>
<div>The DNS api.m.duoku.com is a CNAME, and the upstream returned the CNAME to my local dnsmasq:</div>
<div> </div>
<div>Is it correct for the upstream to return CNAME to local dnsmasq?</div>
<div> </div>
<div>-----------------------------------------------------------------</div>
<div>
<div># dig api.m.duoku.com </div>
<div> </div>
<div>; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> api.m.duoku.com</div>
<div>;; global options: printcmd</div>
<div>;; Got answer:</div>
<div>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 573</div>
<div>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0</div>
<div> </div>
<div>;; QUESTION SECTION:</div>
<div>;api.m.duoku.com. IN A</div>
<div> </div>
<div>;; ANSWER SECTION:</div>
<div>api.m.duoku.com. 0 IN CNAME gYVm2f8f533a.api.m.duoku.com.</div>
<div> </div>
<div>;; AUTHORITY SECTION:</div>
<div>duoku.com. 3600 IN SOA dns21.hichina.com. hostmaster.hichina.com. 2014022536 10800 2000 691200 50000</div>
<div> </div>
<div>;; Query time: 1091 msec</div>
<div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div>
<div>;; WHEN: Wed Mar 5 10:55:29 2014</div>
<div>;; MSG SIZE rcvd: 121</div>
</div>
<div> </div>
<div> </div>
<div>--------------------------------------------------------</div>
<div> </div>
<div>But when I do it again, it returned NXDOMAIN from dnsmasq,:</div>
<div> </div>
<div>--------------------------------------------</div>
<div>
<div># dig api.m.duoku.com</div>
<div> </div>
<div>; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> api.m.duoku.com</div>
<div>;; global options: printcmd</div>
<div>;; Got answer:</div>
<div>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55686</div>
<div>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0</div>
<div> </div>
<div>;; QUESTION SECTION:</div>
<div>;api.m.duoku.com. IN A</div>
<div> </div>
<div>;; Query time: 0 msec</div>
<div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div>
<div>;; WHEN: Wed Mar 5 10:55:30 2014</div>
<div>;; MSG SIZE rcvd: 33</div>
</div>
<div> </div>
<div> </div>
<div>-------------------------------------------------------------</div>
<div> </div>
<div>From the query log:</div>
<div> </div>
<div>
<div># grep api.m.duoku.com /var/log/dnsmasq.log | grep '^Mar 5'</div>
<div>Mar 5 10:55:28 dnsmasq[1513]: query[A] api.m.duoku.com from 127.0.0.1</div>
<div>Mar 5 10:55:28 dnsmasq[1513]: forwarded api.m.duoku.com to 58.83.143.47</div>
<div>Mar 5 10:55:29 dnsmasq[1513]: reply api.m.duoku.com is NXDOMAIN-IPv4</div>
<div>Mar 5 10:55:30 dnsmasq[1513]: query[A] api.m.duoku.com from 127.0.0.1</div>
<div>Mar 5 10:55:30 dnsmasq[1513]: cached api.m.duoku.com is NXDOMAIN-IPv4</div>
<div>Mar 5 10:55:32 dnsmasq[1513]: query[A] api.m.duoku.com from 127.0.0.1</div>
<div>Mar 5 10:55:32 dnsmasq[1513]: cached api.m.duoku.com is NXDOMAIN-IPv4</div>
<div>Mar 5 10:55:33 dnsmasq[1513]: query[A] api.m.duoku.com from 127.0.0.1</div>
<div>Mar 5 10:55:33 dnsmasq[1513]: cached api.m.duoku.com is NXDOMAIN-IPv4</div>
<div>Mar 5 10:55:34 dnsmasq[1513]: query[A] api.m.duoku.com from 127.0.0.1</div>
<div>Mar 5 10:55:34 dnsmasq[1513]: cached api.m.duoku.com is NXDOMAIN-IPv4</div>
<div>Mar 5 10:55:54 dnsmasq[1513]: query[A] api.m.duoku.com from 127.0.0.1</div>
<div>Mar 5 10:55:54 dnsmasq[1513]: cached api.m.duoku.com is NXDOMAIN-IPv4</div>
<div>Mar 5 10:59:10 dnsmasq[1513]: api.m.duoku.com 4F NX Wed Mar 5 11:55:29 2014</div>
</div>
<div> </div>
<div>-----------------------------</div>
<div> </div>
<div>Give dnsmasq a SIGUSR1, and found it really cached api.m.duoku.com as NXDOMAIN:</div>
<div> </div>
<div> </div>
<div> </div>
<div>Mar 5 10:59:10 dnsmasq[1513]: api.m.duoku.com 4F NX Wed Mar 5 11:55:29 2014
</div>
<div> </div>
<div> </div>
<div> </div>
<div>----------------------------------------------------</div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<hr style="HEIGHT: 1px; WIDTH: 210px" align="left" color="#b5c4df" size="1">
<div><span>
<div style="FONT-SIZE: 10.5pt; FONT-FAMILY: Microsoft YaHei UI; COLOR: #000000; LINE-HEIGHT: 1.5">
<div style="FONT-SIZE: 10pt; FONT-FAMILY: verdana; MARGIN: 10px">
<div style="FONT-FAMILY: 微软雅黑">JasonHu/胡文峰</div>
<div style="FONT-FAMILY: 微软雅黑">Mail: <a style="MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px" href="mailto:JasonHu@boyaa.com">
JasonHu@boyaa.com</a></div>
<div style="FONT-FAMILY: 微软雅黑">深圳市东方博雅科技有限公司</div>
<div style="FONT-FAMILY: 微软雅黑">Boyaa Interactive</div>
<div style="FONT-FAMILY: 微软雅黑">--------------------------------</div>
</div>
</div>
</span></div>
<div> </div>
<div style="BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; BORDER-BOTTOM: medium none; PADDING-BOTTOM: 0cm; PADDING-TOP: 3pt; PADDING-LEFT: 0cm; BORDER-LEFT: medium none; PADDING-RIGHT: 0cm">
<div style="FONT-SIZE: 12px; FONT-FAMILY: tahoma; BACKGROUND: #efefef; COLOR: #000000; PADDING-BOTTOM: 8px; PADDING-TOP: 8px; PADDING-LEFT: 8px; PADDING-RIGHT: 8px">
<div><b>From:</b> <a href="mailto:dnsmasq-discuss-bounces@lists.thekelleys.org.uk">Dnsmasq-discuss</a></div>
<div><b>Date:</b> 2014-02-28 18:33</div>
<div><b>To:</b> <a href="mailto:dnsmasq-discuss@lists.thekelleys.org.uk">dnsmasq-discuss@lists.thekelleys.org.uk</a></div>
<div><b>Subject:</b> Re: [Dnsmasq-discuss] Dnsmasq cache does not fetch new value after cache expired for some record</div>
</div>
</div>
<div>
<div class="FoxDiv20140305105927052045" style="BACKGROUND-COLOR: white">
<meta name="Generator" content="MS Exchange Server version 14.03.0157.000">
<!-- Converted from text/plain format -->
<p><font size="2">On 27/02/14 06:43, hu jason wrote:<br>
> HI friends:<br>
> I am using dnsmasq as the local dns cache. Everything is OK but we<br>
> found a very strange problem for one DNS records : api.m.duoku.com<br>
> <<a href="http://api.m.duoku.com">http://api.m.duoku.com</a>><br>
><br>
> It is ok to resolv this "api.m.duoku.com <<a href="http://api.m.duoku.com">http://api.m.duoku.com</a>>"<br>
> as dnsmasq starts up. But after the cache expired(the TTL is 3600),<br>
> dnsmasq do not fetch new record result from upstream servers but return<br>
> a NXDOMAIN result:<br>
><br>
> For now, I have only found problem with his DNS record. It works<br>
> fine for other DNS records!<br>
><br>
><br>
> --------------------------------------------------<br>
> # dig api.m.duoku.com <<a href="http://api.m.duoku.com">http://api.m.duoku.com</a>><br>
><br>
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> api.m.duoku.com<br>
> <<a href="http://api.m.duoku.com">http://api.m.duoku.com</a>><br>
> ;; global options: printcmd<br>
> ;; Got answer:<br>
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33100<br>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0<br>
><br>
> ;; QUESTION SECTION:<br>
> ;api.m.duoku.com <<a href="http://api.m.duoku.com">http://api.m.duoku.com</a>>. IN A<br>
><br>
> ;; Query time: 0 msec<br>
> ;; SERVER: 127.0.0.1#53(127.0.0.1)<br>
> ;; WHEN: Thu Feb 27 12:39:21 2014<br>
> ;; MSG SIZE rcvd: 33<br>
><br>
> ---------------------------------------------------------<br>
><br>
> After I restarted dnsmasq using /etc/init.d/dnsmasq, it returned to normal.<br>
> But after the cache expired, I need to restart again!<br>
><br>
> The upstream servers are running Unbound, and they are OK to resolv<br>
> "api.m.duoku.com <<a href="http://api.m.duoku.com">http://api.m.duoku.com</a>>", and I never have to restart<br>
> Unbound for the problelm!<br>
><br>
> So I highly suspend it is the problem of dnsmasq!<br>
><br>
><br>
> ------------------------------------------------------------------<br>
><br>
> $ cat /etc/resolv.dnsmasq.conf<br>
> nameserver 120.132.147.28<br>
> nameserver 58.83.143.47<br>
> nameserver 216.12.201.200<br>
> nameserver 159.253.130.212<br>
> nameserver 208.43.166.72<br>
> nameserver 103.6.152.201<br>
><br>
> ------------------------------------------------------<br>
><br>
> # cat /etc/dnsmasq.conf | grep -v '^#' | sed -e '/^$/d'<br>
> resolv-file=/etc/resolv.dnsmasq.conf<br>
> listen-address=127.0.0.1<br>
> no-dhcp-interface=127.0.0.1<br>
> bind-interfaces<br>
> no-hosts<br>
> <br>
> cache-size=1000<br>
> log-queries<br>
> conf-dir=/etc/dnsmasq.d<br>
><br>
> ----------------------------------------------------<br>
><br>
> # uname -a<br>
> Linux xxxxxxx.boyaa.com <<a href="http://xxxxxxx.boyaa.com">http://xxxxxxx.boyaa.com</a>> 2.6.18-348.1.1.el5 #1<br>
> SMP Tue Jan 22 16:19:19 EST 2013 x86_64 x86_64 x86_64 GNU/Linux<br>
><br>
><br>
><br>
> --------------------------------------------<br>
><br>
> # cat /etc/redhat-release<br>
> CentOS release 5.8 (Final) Tikanga<br>
><br>
> # rpm -qa | grep dnsmasq<br>
> dnsmasq-2.45-1.1.el5_3<br>
><br>
> -----------------------------------------------------<br>
><br>
> So anyone can help this problem?<br>
><br>
> Thank you very much!<br>
><br>
<br>
Is this a one-off occurence, or a repeatable problem? The most likely<br>
explanation is that the TTL expired, and dnsmasq sent the query to an<br>
upstream server which replied with the NXDOMAIN due to some transient<br>
problem with the domain. The NXDOMAIN reply would then be cached by<br>
dnsmasq, so you'd see dnsmasq replying with NXDOMAIN until that record<br>
expired (The TTL for NXDOMAIN is not the same as for extant records, it<br>
comes from the SOA for the zone.)<br>
<br>
If you can repeat this, the best thing to do is turn on dns-query<br>
logging (--log-queries) which should give you information about what's<br>
happening. Once you get to the situation where dnsmasq is returning<br>
NXDOMAIN, send the dnsmasq process SIGUSR1, which will make it dump the<br>
contents of the cache to the log too.<br>
<br>
<br>
Cheers,<br>
<br>
Simon.<br>
<br>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
Dnsmasq-discuss@lists.thekelleys.org.uk<br>
<a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
</font></p>
</div>
</div>
</body>
</html>