[Dnsmasq-discuss] dnsmasq returning local IP for failed upstream
queries
Ben Hoskings
ben at hoskings.net
Tue Apr 8 03:57:17 BST 2008
Hi all,
I've got dnsmasq (version 2.35) running on our office firewall (Debian
Etch). It's working a treat, except—
Querying a nonexistent record (e.g. a typo in a domain name) resolves
to the public IP of the firewall.
I ran the digs below from my laptop, which is on the network behind
the firewall. As they show, google.com resolves properly, and
google_typo.com returns a blank A record, as expected. However,
pinging the nonexistent google_typo.com seems to be defaulting to the
public IP of the firewall, 203.206.161.142 (because that's the box
running dnsmasq).
I've also included /etc/dnsmasq.conf and /etc/resolv.conf (as it is
generated by resolvconf when ppp0 comes up).
Can anyone shed any light on this? I expect it's a config problem on
my part, but I've worked my way through the manpage and some Google
searches fruitlessly.
Cheers,
Ben Hoskings
-------------------------------------------------------
ben at zaphod ~ $ dig google.com
; <<>> DiG 9.4.1-P1 <<>> google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28910
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 45 IN A 64.233.187.99
google.com. 45 IN A 64.233.167.99
google.com. 45 IN A 72.14.207.99
;; Query time: 14 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Apr 8 12:13:01 2008
;; MSG SIZE rcvd: 76
ben at zaphod ~ $ dig google_typo.com
; <<>> DiG 9.4.1-P1 <<>> google_typo.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15354
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;google_typo.com. IN A
;; AUTHORITY SECTION:
com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com.
1207620759 1800 900 604800 900
;; Query time: 252 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Apr 8 12:13:05 2008
;; MSG SIZE rcvd: 106
ben at zaphod ~ $ ping -c 1 google_typo.com
PING minserve.com.au (203.206.161.142): 56 data bytes
64 bytes from 203.206.161.142: icmp_seq=0 ttl=64 time=1.134 ms
--- minserve.com.au ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.134/1.134/1.134/0.000 ms
ben at zaphod ~ $
-------------------------------------------------------
/etc/resolv.conf:
# OpenDNS
nameserver 208.67.222.222
nameserver 208.67.220.220
-------------------------------------------------------
/etc/dnsmasq.conf:
domain-needed
bogus-priv
filterwin2k
resolv-file=/etc/ppp/resolv.conf
user=dnsmasq
interface=eth1
expand-hosts
domain=swann.minserve.com.au
server=/swann.minserve.com.au/192.168.0.1
local=/swann.minserve.com.au/
dhcp-range=servers,192.168.0.0,static,255.255.0.0,24h
dhcp-range=fixed,192.168.4.0,static,255.255.0.0,24h
dhcp-range=dynamic,192.168.2.2,192.168.2.254,255.255.0.0,24h
read-ethers
dhcp-option=42,0.0.0.0
dhcp-option=40,swann.minserve.com.au
dhcp-option=19,0 # option ip-forwarding off
dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka
WINS server(s)
dhcp-option=45,0.0.0.0 # netbios datagram distribution server
dhcp-option=46,8 # netbios node type
dhcp-option=47 # empty netbios scope.
dhcp-lease-max=255
dhcp-authoritative
cache-size=512
More information about the Dnsmasq-discuss
mailing list