<div dir="ltr">Hi All,<div><br></div><div>A small correction on the latest setting without any success till now:<div><br></div><div>/etc/dnsmasq.conf<br></div><div>log-facility=/var/log/dnsmasq.log<br></div><div><div>log-queries</div><div>log-dhcp</div><div>no-daemon</div><div>interface=vEth0</div><div>interface=tun0</div><div>bind-interfaces</div><div>all-servers</div><div>cache-size=300</div><div>neg-ttl=3600</div><div>local-ttl=3600</div><div>server=/<a href="http://firepitdoc.app.jayapadhi.com/172.23.23.10">firepitdoc.app.jayapadhi.com/172.23.23.10</a></div><div>#interface-name=<a href="http://firepitdoc.app.jayapadhi.com">firepitdoc.app.jayapadhi.com</a>,vEth0/4</div><div>user=root</div><div>group=root</div><div>server=172.23.23.10<br></div><div>server=10.25.25.2</div><div>addn-hosts=/etc/dnsmasq.hosts</div><div>listen-address=172.23.23.13</div><div>listen-address=10.20.0.1</div></div><div><br></div><div><br></div><div>/etc/dnsmasq.hosts<br></div><div>10.60.70.191 <a href="http://firepitdoc.app.jayapadhi.com">firepitdoc.app.jayapadhi.com</a><br></div><div><br></div><div><br></div><div class="gmail_extra"><div class="gmail_extra">root@cfae:~# ps aux | grep dnsmasq</div><div class="gmail_extra">root 29658 0.0 0.0 21656 1660 pts/3 S+ 12:13 0:00 vi /etc/dnsmasq.conf</div><div class="gmail_extra">root 29754 0.0 0.0 4404 760 pts/0 S+ 12:14 0:00 /bin/sh /etc/init.d/dnsmasq restart</div><div class="gmail_extra">root 29770 0.0 0.0 27544 1488 pts/0 S+ 12:14 0:00 /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -i vEth0 -2 vEth0 -r /var/run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new</div><div class="gmail_extra">root 29779 0.0 0.0 8080 616 pts/4 S+ 12:14 0:00 grep --color=auto dnsmasq</div><div><br></div><div>root@cfae:~# sudo tcpdump -s 0 -l -n port 53<br></div><div><div>12:15:08.208820 IP 172.23.23.13.60659 > 172.23.23.10.53: 62705+ A? <a href="http://firepitdoc.app.jayapadhi.com">firepitdoc.app.jayapadhi.com</a>. (46)</div><div>12:15:08.211889 IP 172.23.23.10.53 > 172.23.23.13.60659: 62705* 1/0/0 A 10.60.70.191 (62)</div></div><div><div>12:20:55.462247 IP 172.23.23.13.59571 > 172.23.23.10.53: 24925+ A? <a href="http://firepitdoc.app.jayapadhi.com">firepitdoc.app.jayapadhi.com</a>. (46)</div><div>12:20:55.463651 IP 172.23.23.10.53 > 172.23.23.13.59571: 24925* 1/0/0 A 10.60.70.191 (62)</div></div><div><br></div><div><div>Any tips/tricks on Dnsmasq Dns Cache working setup would be very very helpful.</div><div><br></div><div>Thanks & Regards,</div><div>JGhosh</div></div><div><br></div><div class="gmail_quote">On Thu, Jun 4, 2015 at 4:22 PM, Joyabrata Ghosh <span dir="ltr"><<a href="mailto:joy.career@gmail.com" target="_blank">joy.career@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hi All,<div><br></div><div>Still unable to solve the Dnsmasq Cache Down problem, anything I am very fundamentally missing in cache configuration for DNS response traffic in Dnsmasq, when remote queries hit at vEth0 interface via 172.23.23.13 IPv4 address from tun0 tunnel interface at 10.20.0.1, where DNS server is running at remotely at 172.23.23.10#53.</div><div><br></div><div>When "nameserver 127.0.0.1" were added in only locally generated Dns traffic, Dnsmasq Cache works correctly and some cache were updated, but in case of remotely generated traffic, which arrived at vEth0 interface from tun0, Dnsmasq not working on any DNS Response traffic consistently, logs confirms it.</div><div><br></div><div>Any tips/tricks on Dnsmasq Dns Cache working setup would be very very helpful.</div><div><br></div><div>Thanks & Regards,</div><div>Joy</div><div><br></div><div><div><b><font color="#990000" style="background-color:rgb(255,229,153)">dnsmasq: cache size 300, 0/0 cache insertions re-used unexpired cache entries.</font></b></div><span class=""><div><b><font color="#990000" style="background-color:rgb(255,229,153)">dnsmasq: queries forwarded 0, queries answered locally 0</font></b></div></span></div><div><br></div><div><br></div><div>/etc/dnsmasq.conf<br></div><div><div> 561 log-facility=/var/log/dnsmasq.log</div><div> 562 log-queries</div><div> 563 log-dhcp</div><div> 564 no-daemon</div><div> 565 interface=vEth0</div><div> 566 interface=tun0</div><div> 567 bind-interfaces</div><div> 568 all-servers</div><div> 569 cache-size=300</div><div> 570 neg-ttl=3600</div><div> 571 local-ttl=3600</div><div> 572 server=/<a href="http://firepitdoc.app.jayapadhi.com/10.60.70.191" target="_blank">firepitdoc.app.jayapadhi.com/10.60.70.191</a></div><div> 573 interface-name=<a href="http://firepitdoc.app.jayapadhi.com" target="_blank">firepitdoc.app.jayapadhi.com</a>,vEth0/4</div><div> 574 user=root</div><div> 575 group=root</div><div> 576 </div><div> 577 server=10.25.25.2</div><div> 578 server= 172.23.23.10</div><div> 579 addn-hosts=/etc/dnsmasq.hosts</div><div> 580 listen-address=172.23.23.13</div><div> 581 listen-address=10.20.0.1</div></div><div><br></div><div><div>root@cfae:/var/log# cat /etc/dnsmasq.hosts</div><div>10.60.70.190 <a href="http://blrfirepit.app.jayapadhi.com" target="_blank">blrfirepit.app.jayapadhi.com</a></div></div><div><br></div><div><div>root@cfae:/var/log# cat /etc/resolv.conf </div><div>domain <a href="http://jayapadhi.com" target="_blank">jayapadhi.com</a></div><div>search <a href="http://jayapadhi.com" target="_blank">jayapadhi.com</a></div><div>nameserver 10.25.25.2</div><div>root@cfae:/var/log# cat /etc/host </div><div>host.conf hostname hosts hosts.allow hosts.deny </div><div>root@cfae:/var/log# cat /etc/hosts</div><div>127.0.0.1<span style="white-space:pre-wrap"> </span>localhost</div><div>127.0.1.1<span style="white-space:pre-wrap"> xyz</span></div><div><br></div><div># The following lines are desirable for IPv6 capable hosts</div><div>::1 ip6-localhost ip6-loopback</div><div>fe00::0 ip6-localnet</div><div>ff00::0 ip6-mcastprefix</div><div>ff02::1 ip6-allnodes</div><div>ff02::2 ip6-allrouters</div></div><div><br></div><div><br></div><div>/var/log/dnsmasq.log</div><div>root@cfae:/var/log# /etc/init.d/dnsmasq restart<br></div><div><div> * Restarting DNS forwarder and DHCP server dnsmasq dnsmasq: started, version 2.59 cachesize 300</div><div>dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n DHCP TFTP conntrack IDN</div><div>dnsmasq: using nameserver 172.23.23.10#53</div><div>dnsmasq: using nameserver 10.25.25.2#53</div><div>dnsmasq: using nameserver 10.60.70.191#53 for domain <a href="http://firepitdoc.app.jayapadhi.com" target="_blank">firepitdoc.app.jayapadhi.com</a></div><div>dnsmasq: reading /etc/resolv.conf</div><div>dnsmasq: using nameserver 10.25.25.2#53</div><div>dnsmasq: using nameserver 172.23.23.10#53</div><div>dnsmasq: using nameserver 10.25.25.2#53</div><div>dnsmasq: using nameserver 10.60.70.191#53 for domain <a href="http://firepitdoc.app.jayapadhi.com" target="_blank">firepitdoc.app.jayapadhi.com</a></div><span class=""><div>dnsmasq: read /etc/hosts - 7 addresses</div></span><div>dnsmasq: read /etc/dnsmasq.hosts - 1 addresses</div><div><br></div><div><br></div><div>User defined signal 1</div><div>root@cfae:/var/log# </div><div>root@cfae:/var/log# </div><div>root@cfae:/var/log# dnsmasq: reading /etc/resolv.conf</div><div>dnsmasq: using nameserver 10.25.25.2#53</div><div>dnsmasq: using nameserver 172.23.23.10#53</div><div>dnsmasq: using nameserver 10.25.25.2#53</div><div>dnsmasq: using nameserver 10.60.70.191#53 for domain <a href="http://firepitdoc.app.jayapadhi.com" target="_blank">firepitdoc.app.jayapadhi.com</a></div><div>dnsmasq: time <a href="tel:1433431170" value="+911433431170" target="_blank">1433431170</a></div><div><b><font color="#990000" style="background-color:rgb(255,229,153)">dnsmasq: cache size 300, 0/0 cache insertions re-used unexpired cache entries.</font></b></div><span class=""><div><b><font color="#990000" style="background-color:rgb(255,229,153)">dnsmasq: queries forwarded 0, queries answered locally 0</font></b></div></span><div>dnsmasq: server 10.60.70.191#53: queries sent 0, retried or failed 0</div><div>dnsmasq: server 10.25.25.2#53: queries sent 0, retried or failed 0</div><div>dnsmasq: server 172.23.23.10#53: queries sent 0, retried or failed 0</div><span class=""><div>dnsmasq: Host Address Flags Expires</div></span><span class=""><div>dnsmasq: ip6-loopback ::1 6F I H </div><div>dnsmasq: pep 127.0.1.1 4FRI H </div></span><div>dnsmasq: <a href="http://blrfirepit.app.jayapadhi.com" target="_blank">blrfirepit.app.jayapadhi.com</a> 10.60.70.190 4FRI H </div><span class=""><div>dnsmasq: ip6-mcastprefix ff00:: 6FRI H </div><div>dnsmasq: ip6-allrouters ff02::2 6FRI H </div><div>dnsmasq: ip6-localhost ::1 6FRI H </div><div>dnsmasq: localhost 127.0.0.1 4FRI H </div><div>dnsmasq: ip6-allnodes ff02::1 6FRI H </div><div>dnsmasq: ip6-localnet fe00:: 6FRI H </div></span></div><div> </div><div><br></div><div><div>root@cfae:/var/log# iptables-save </div><div># Generated by iptables-save v1.4.12 on Thu Jun 4 11:27:21 2015</div><div>*raw</div><div>:PREROUTING ACCEPT [58811:9140569]</div><div>:OUTPUT ACCEPT [32414:8911344]</div><div>-A PREROUTING -i eth2 -j CT --notrack</div><div>-A PREROUTING -i vEth1 -j CT --notrack</div><div>-A PREROUTING -i eth3 -j CT --notrack</div><div>-A PREROUTING -i lo -j CT --notrack</div><div>-A OUTPUT -o eth2 -j CT --notrack</div><div>-A OUTPUT -o vEth1 -j CT --notrack</div><div>-A OUTPUT -o eth3 -j CT --notrack</div><div>-A OUTPUT -o lo -j CT --notrack</div><div>COMMIT</div><div># Completed on Thu Jun 4 11:27:21 2015</div><div># Generated by iptables-save v1.4.12 on Thu Jun 4 11:27:21 2015</div><div>*nat</div><div>:PREROUTING ACCEPT [2010:128170]</div><div>:INPUT ACCEPT [0:0]</div><div>:OUTPUT ACCEPT [102:7604]</div><div>:POSTROUTING ACCEPT [0:0]</div><div>-A POSTROUTING -o vEth0 -j MASQUERADE</div><div>COMMIT</div><div># Completed on Thu Jun 4 11:27:21 2015</div><div># Generated by iptables-save v1.4.12 on Thu Jun 4 11:27:21 2015</div><div>*filter</div><div>:INPUT ACCEPT [836:53279]</div><div>:FORWARD ACCEPT [14348:3836413]</div><div>:OUTPUT ACCEPT [836:53279]</div><div>-A INPUT -d <a href="http://10.25.25.31/32" target="_blank">10.25.25.31/32</a> -i eth2 -j ACCEPT</div><div>-A INPUT -d <a href="http://172.23.23.13/32" target="_blank">172.23.23.13/32</a> -i vEth0 -j ACCEPT</div><div>-A INPUT -i eth3 -p udp -m udp --dport 1194 -j ACCEPT</div><div>-A INPUT -i eth3 -j DROP</div><div>-A INPUT -d <a href="http://10.40.2.222/32" target="_blank">10.40.2.222/32</a> -i eth3 -j DROP</div><div>-A OUTPUT -s <a href="http://10.25.25.31/32" target="_blank">10.25.25.31/32</a> -o eth2 -j ACCEPT</div><div>-A OUTPUT -s <a href="http://172.23.23.13/32" target="_blank">172.23.23.13/32</a> -o vEth0 -j ACCEPT</div><div>-A OUTPUT -o eth3 -p udp -m udp --sport 1194 -j ACCEPT</div><div>-A OUTPUT -o eth3 -j DROP</div><div>-A OUTPUT -s <a href="http://10.40.2.222/32" target="_blank">10.40.2.222/32</a> -o eth3 -j DROP</div><div>COMMIT</div><div># Completed on Thu Jun 4 11:27:21 2015</div><div>root@cfae:/var/log# </div></div><div><br></div></div><div class=""><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jun 1, 2015 at 12:11 AM, Albert ARIBAUD <span dir="ltr"><<a href="mailto:albert.aribaud@free.fr" target="_blank">albert.aribaud@free.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi Joyabrata,<br>
<br>
Le Sun, 31 May 2015 22:48:42 +0530, Joyabrata Ghosh<br>
<<a href="mailto:joy.career@gmail.com" target="_blank">joy.career@gmail.com</a>> a écrit :<br>
<span><br>
> Hi All,<br>
><br>
> Thanks for quick reply, tried the proposed setting as well, where<br>
> "listen-address=172.20.20.10", the DNS traffic source interface eth0's IPv4<br>
> address as well as "interface=eth0" without any success till now:<br>
><br>
</span>> *Dnsmasq setting: /etc/dnsmasq.conf*<br>
><br>
> log-facility=/var/log/dnsmasq.log<br>
> log-queries<br>
> log-dhcp<br>
> no-daemon<br>
> * listen-address=172.20.20.10*<br>
> port=53<br>
> * interface=eth0*<br>
> * bind-interfaces*<br>
<span>> cache-size=1000<br>
> neg-ttl=3600<br>
><br>
> Anyone please point if anything missing from configuration or invalid<br>
> configuration applied.<br>
<br>
</span>Since you're logging in /var/log/dnsmasq.log, maybe this file contains<br>
information such as warnings or error messages ?<br>
<span><br>
> Thanks & Regards,<br>
> JGhosh<br>
> Networking developer, Bangalore, India<br>
<br>
</span>Amicalement,<br>
<span><font color="#888888">--<br>
Albert.<br>
</font></span></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div></div>