<div dir="ltr">Hi All,<div><br></div><div>Still unable to solve the Dnsmasq Cache Down problem, anything I am very fundamentally missing in cache configuration for DNS response traffic in Dnsmasq, when remote queries hit at vEth0 interface via 172.23.23.13 IPv4 address from tun0 tunnel interface at 10.20.0.1, where DNS server is running at remotely at 172.23.23.10#53.</div><div><br></div><div>When "nameserver 127.0.0.1" were added in only locally generated Dns traffic, Dnsmasq Cache works correctly and some cache were updated, but in case of remotely generated traffic, which arrived at vEth0 interface from tun0, Dnsmasq not working on any DNS Response traffic consistently, logs confirms it.</div><div><br></div><div>Any tips/tricks on Dnsmasq Dns Cache working setup would be very very helpful.</div><div><br></div><div>Thanks & Regards,</div><div>Joy</div><div><br></div><div><div><b><font color="#990000" style="background-color:rgb(255,229,153)">dnsmasq: cache size 300, 0/0 cache insertions re-used unexpired cache entries.</font></b></div><div><b><font color="#990000" style="background-color:rgb(255,229,153)">dnsmasq: queries forwarded 0, queries answered locally 0</font></b></div></div><div><br></div><div><br></div><div>/etc/dnsmasq.conf<br></div><div><div> 561 log-facility=/var/log/dnsmasq.log</div><div> 562 log-queries</div><div> 563 log-dhcp</div><div> 564 no-daemon</div><div> 565 interface=vEth0</div><div> 566 interface=tun0</div><div> 567 bind-interfaces</div><div> 568 all-servers</div><div> 569 cache-size=300</div><div> 570 neg-ttl=3600</div><div> 571 local-ttl=3600</div><div> 572 server=/<a href="http://firepitdoc.app.jayapadhi.com/10.60.70.191">firepitdoc.app.jayapadhi.com/10.60.70.191</a></div><div> 573 interface-name=<a href="http://firepitdoc.app.jayapadhi.com">firepitdoc.app.jayapadhi.com</a>,vEth0/4</div><div> 574 user=root</div><div> 575 group=root</div><div> 576 </div><div> 577 server=10.25.25.2</div><div> 578 server= 172.23.23.10</div><div> 579 addn-hosts=/etc/dnsmasq.hosts</div><div> 580 listen-address=172.23.23.13</div><div> 581 listen-address=10.20.0.1</div></div><div><br></div><div><div>root@cfae:/var/log# cat /etc/dnsmasq.hosts</div><div>10.60.70.190 <a href="http://blrfirepit.app.jayapadhi.com">blrfirepit.app.jayapadhi.com</a></div></div><div><br></div><div><div>root@cfae:/var/log# cat /etc/resolv.conf </div><div>domain <a href="http://jayapadhi.com">jayapadhi.com</a></div><div>search <a href="http://jayapadhi.com">jayapadhi.com</a></div><div>nameserver 10.25.25.2</div><div>root@cfae:/var/log# cat /etc/host </div><div>host.conf hostname hosts hosts.allow hosts.deny </div><div>root@cfae:/var/log# cat /etc/hosts</div><div>127.0.0.1<span class="" style="white-space:pre"> </span>localhost</div><div>127.0.1.1<span class="" style="white-space:pre"> xyz</span></div><div><br></div><div># The following lines are desirable for IPv6 capable hosts</div><div>::1 ip6-localhost ip6-loopback</div><div>fe00::0 ip6-localnet</div><div>ff00::0 ip6-mcastprefix</div><div>ff02::1 ip6-allnodes</div><div>ff02::2 ip6-allrouters</div></div><div><br></div><div><br></div><div>/var/log/dnsmasq.log</div><div>root@cfae:/var/log# /etc/init.d/dnsmasq restart<br></div><div><div> * Restarting DNS forwarder and DHCP server dnsmasq dnsmasq: started, version 2.59 cachesize 300</div><div>dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n DHCP TFTP conntrack IDN</div><div>dnsmasq: using nameserver 172.23.23.10#53</div><div>dnsmasq: using nameserver 10.25.25.2#53</div><div>dnsmasq: using nameserver 10.60.70.191#53 for domain <a href="http://firepitdoc.app.jayapadhi.com">firepitdoc.app.jayapadhi.com</a></div><div>dnsmasq: reading /etc/resolv.conf</div><div>dnsmasq: using nameserver 10.25.25.2#53</div><div>dnsmasq: using nameserver 172.23.23.10#53</div><div>dnsmasq: using nameserver 10.25.25.2#53</div><div>dnsmasq: using nameserver 10.60.70.191#53 for domain <a href="http://firepitdoc.app.jayapadhi.com">firepitdoc.app.jayapadhi.com</a></div><div>dnsmasq: read /etc/hosts - 7 addresses</div><div>dnsmasq: read /etc/dnsmasq.hosts - 1 addresses</div><div><br></div><div><br></div><div>User defined signal 1</div><div>root@cfae:/var/log# </div><div>root@cfae:/var/log# </div><div>root@cfae:/var/log# dnsmasq: reading /etc/resolv.conf</div><div>dnsmasq: using nameserver 10.25.25.2#53</div><div>dnsmasq: using nameserver 172.23.23.10#53</div><div>dnsmasq: using nameserver 10.25.25.2#53</div><div>dnsmasq: using nameserver 10.60.70.191#53 for domain <a href="http://firepitdoc.app.jayapadhi.com">firepitdoc.app.jayapadhi.com</a></div><div>dnsmasq: time 1433431170</div><div><b><font color="#990000" style="background-color:rgb(255,229,153)">dnsmasq: cache size 300, 0/0 cache insertions re-used unexpired cache entries.</font></b></div><div><b><font color="#990000" style="background-color:rgb(255,229,153)">dnsmasq: queries forwarded 0, queries answered locally 0</font></b></div><div>dnsmasq: server 10.60.70.191#53: queries sent 0, retried or failed 0</div><div>dnsmasq: server 10.25.25.2#53: queries sent 0, retried or failed 0</div><div>dnsmasq: server 172.23.23.10#53: queries sent 0, retried or failed 0</div><div>dnsmasq: Host Address Flags Expires</div><div>dnsmasq: ip6-loopback ::1 6F I H </div><div>dnsmasq: pep 127.0.1.1 4FRI H </div><div>dnsmasq: <a href="http://blrfirepit.app.jayapadhi.com">blrfirepit.app.jayapadhi.com</a> 10.60.70.190 4FRI H </div><div>dnsmasq: ip6-mcastprefix ff00:: 6FRI H </div><div>dnsmasq: ip6-allrouters ff02::2 6FRI H </div><div>dnsmasq: ip6-localhost ::1 6FRI H </div><div>dnsmasq: localhost 127.0.0.1 4FRI H </div><div>dnsmasq: ip6-allnodes ff02::1 6FRI H </div><div>dnsmasq: ip6-localnet fe00:: 6FRI H </div></div><div> </div><div><br></div><div><div>root@cfae:/var/log# iptables-save </div><div># Generated by iptables-save v1.4.12 on Thu Jun 4 11:27:21 2015</div><div>*raw</div><div>:PREROUTING ACCEPT [58811:9140569]</div><div>:OUTPUT ACCEPT [32414:8911344]</div><div>-A PREROUTING -i eth2 -j CT --notrack</div><div>-A PREROUTING -i vEth1 -j CT --notrack</div><div>-A PREROUTING -i eth3 -j CT --notrack</div><div>-A PREROUTING -i lo -j CT --notrack</div><div>-A OUTPUT -o eth2 -j CT --notrack</div><div>-A OUTPUT -o vEth1 -j CT --notrack</div><div>-A OUTPUT -o eth3 -j CT --notrack</div><div>-A OUTPUT -o lo -j CT --notrack</div><div>COMMIT</div><div># Completed on Thu Jun 4 11:27:21 2015</div><div># Generated by iptables-save v1.4.12 on Thu Jun 4 11:27:21 2015</div><div>*nat</div><div>:PREROUTING ACCEPT [2010:128170]</div><div>:INPUT ACCEPT [0:0]</div><div>:OUTPUT ACCEPT [102:7604]</div><div>:POSTROUTING ACCEPT [0:0]</div><div>-A POSTROUTING -o vEth0 -j MASQUERADE</div><div>COMMIT</div><div># Completed on Thu Jun 4 11:27:21 2015</div><div># Generated by iptables-save v1.4.12 on Thu Jun 4 11:27:21 2015</div><div>*filter</div><div>:INPUT ACCEPT [836:53279]</div><div>:FORWARD ACCEPT [14348:3836413]</div><div>:OUTPUT ACCEPT [836:53279]</div><div>-A INPUT -d <a href="http://10.25.25.31/32">10.25.25.31/32</a> -i eth2 -j ACCEPT</div><div>-A INPUT -d <a href="http://172.23.23.13/32">172.23.23.13/32</a> -i vEth0 -j ACCEPT</div><div>-A INPUT -i eth3 -p udp -m udp --dport 1194 -j ACCEPT</div><div>-A INPUT -i eth3 -j DROP</div><div>-A INPUT -d <a href="http://10.40.2.222/32">10.40.2.222/32</a> -i eth3 -j DROP</div><div>-A OUTPUT -s <a href="http://10.25.25.31/32">10.25.25.31/32</a> -o eth2 -j ACCEPT</div><div>-A OUTPUT -s <a href="http://172.23.23.13/32">172.23.23.13/32</a> -o vEth0 -j ACCEPT</div><div>-A OUTPUT -o eth3 -p udp -m udp --sport 1194 -j ACCEPT</div><div>-A OUTPUT -o eth3 -j DROP</div><div>-A OUTPUT -s <a href="http://10.40.2.222/32">10.40.2.222/32</a> -o eth3 -j DROP</div><div>COMMIT</div><div># Completed on Thu Jun 4 11:27:21 2015</div><div>root@cfae:/var/log# </div></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jun 1, 2015 at 12:11 AM, Albert ARIBAUD <span dir="ltr"><<a href="mailto:albert.aribaud@free.fr" target="_blank">albert.aribaud@free.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Joyabrata,<br>
<br>
Le Sun, 31 May 2015 22:48:42 +0530, Joyabrata Ghosh<br>
<<a href="mailto:joy.career@gmail.com">joy.career@gmail.com</a>> a écrit :<br>
<span class=""><br>
> Hi All,<br>
><br>
> Thanks for quick reply, tried the proposed setting as well, where<br>
> "listen-address=172.20.20.10", the DNS traffic source interface eth0's IPv4<br>
> address as well as "interface=eth0" without any success till now:<br>
><br>
</span>> *Dnsmasq setting: /etc/dnsmasq.conf*<br>
><br>
> log-facility=/var/log/dnsmasq.log<br>
> log-queries<br>
> log-dhcp<br>
> no-daemon<br>
> * listen-address=172.20.20.10*<br>
> port=53<br>
> * interface=eth0*<br>
> * bind-interfaces*<br>
<span class="">> cache-size=1000<br>
> neg-ttl=3600<br>
><br>
> Anyone please point if anything missing from configuration or invalid<br>
> configuration applied.<br>
<br>
</span>Since you're logging in /var/log/dnsmasq.log, maybe this file contains<br>
information such as warnings or error messages ?<br>
<span class=""><br>
> Thanks & Regards,<br>
> JGhosh<br>
> Networking developer, Bangalore, India<br>
<br>
</span>Amicalement,<br>
<span class="HOEnZb"><font color="#888888">--<br>
Albert.<br>
</font></span></blockquote></div><br></div>