[Dnsmasq-discuss] dnsmasq returning local IP for failed upstream queries

Ben Hoskings ben at hoskings.net
Tue Apr 8 03:57:17 BST 2008 

Hi all,

I've got dnsmasq (version 2.35) running on our office firewall (Debian  
Etch). It's working a treat, except—

Querying a nonexistent record (e.g. a typo in a domain name) resolves  
to the public IP of the firewall.

I ran the digs below from my laptop, which is on the network behind  
the firewall. As they show, google.com resolves properly, and  
google_typo.com returns a blank A record, as expected. However,  
pinging the nonexistent google_typo.com seems to be defaulting to the  
public IP of the firewall, 203.206.161.142 (because that's the box  
running dnsmasq).

I've also included /etc/dnsmasq.conf and /etc/resolv.conf (as it is  
generated by resolvconf when ppp0 comes up).

Can anyone shed any light on this? I expect it's a config problem on  
my part, but I've worked my way through the manpage and some Google  
searches fruitlessly.

Cheers,
Ben Hoskings

-------------------------------------------------------

ben at zaphod ~ $ dig google.com

; <<>> DiG 9.4.1-P1 <<>> google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28910
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		45	IN	A	64.233.187.99
google.com.		45	IN	A	64.233.167.99
google.com.		45	IN	A	72.14.207.99

;; Query time: 14 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Apr  8 12:13:01 2008
;; MSG SIZE  rcvd: 76

ben at zaphod ~ $ dig google_typo.com

; <<>> DiG 9.4.1-P1 <<>> google_typo.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15354
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;google_typo.com.		IN	A

;; AUTHORITY SECTION:
com.			900	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com.  
1207620759 1800 900 604800 900

;; Query time: 252 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Apr  8 12:13:05 2008
;; MSG SIZE  rcvd: 106

ben at zaphod ~ $ ping -c 1 google_typo.com
PING minserve.com.au (203.206.161.142): 56 data bytes
64 bytes from 203.206.161.142: icmp_seq=0 ttl=64 time=1.134 ms

--- minserve.com.au ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.134/1.134/1.134/0.000 ms
ben at zaphod ~ $

-------------------------------------------------------
/etc/resolv.conf:

# OpenDNS
nameserver 208.67.222.222
nameserver 208.67.220.220

-------------------------------------------------------
/etc/dnsmasq.conf:

domain-needed
bogus-priv
filterwin2k
resolv-file=/etc/ppp/resolv.conf
user=dnsmasq
interface=eth1
expand-hosts
domain=swann.minserve.com.au
server=/swann.minserve.com.au/192.168.0.1
local=/swann.minserve.com.au/
dhcp-range=servers,192.168.0.0,static,255.255.0.0,24h
dhcp-range=fixed,192.168.4.0,static,255.255.0.0,24h
dhcp-range=dynamic,192.168.2.2,192.168.2.254,255.255.0.0,24h
read-ethers
dhcp-option=42,0.0.0.0
dhcp-option=40,swann.minserve.com.au
dhcp-option=19,0           # option ip-forwarding off
dhcp-option=44,0.0.0.0     # set netbios-over-TCP/IP nameserver(s) aka  
WINS server(s)
dhcp-option=45,0.0.0.0     # netbios datagram distribution server
dhcp-option=46,8           # netbios node type
dhcp-option=47             # empty netbios scope.
dhcp-lease-max=255
dhcp-authoritative
cache-size=512

More information about the Dnsmasq-discuss mailing list