[Dnsmasq-discuss] local domain added when forwarding to upstream DNS servers

Simon Kelley simon at thekelleys.org.uk
Tue May 5 14:31:58 BST 2009 

Lixus Zoran wrote:
> Hi,
> 
>>> That is surprising me, this querie not even gets forwarded to the upsteam server.
> 
> That is exact the bug I am complaining about.
> 
>  
>> Yes, puzzling. Try adding 'log-queries' to your /etc/dnsmasq.conf and 
>> see what gets logged when you repeat this.
> 
> 
> # nslookup lists.thekelleys.org.uk.
> Server:         127.0.0.1
> Address:        127.0.0.1#53
> ** server can't find lists.thekelleys.org.uk: REFUSED
> 
> This gets logged to /var/log/messages with log-queries enabled.
> 
>   May  4 16:14:28 mydesktop dnsmasq[8385]: query[A] lists.thekelleys.org.uk from 127.0.0.1
>   May  4 16:14:28 mydesktop dnsmasq[8385]: query[A] lists.thekelleys.org.uk from 127.0.0.1
> 
> This is what goes over the wire:
> # tshark -i any port 53
> 
>   4.827968    127.0.0.1 -> 127.0.0.1    DNS Standard query A lists.thekelleys.org.uk
>   4.828089    127.0.0.1 -> 127.0.0.1    DNS Standard query response, Refused
>   4.828383    127.0.0.1 -> 127.0.0.1    DNS Standard query A lists.thekelleys.org.uk
>   4.828448    127.0.0.1 -> 127.0.0.1    DNS Standard query response, Refused
> 
> 
> So it's very clear that dnsmasq is not forwarding to the upstream server
> instead it "refuses" the querie.
> 
> I believe it's a bug.
> 
> I ran "strace -f -p <pid of dnamasq>" while running the nslookup, not sure if this is of any help:
> 
> 8385  select(7, [3 4 5 6], [], [], NULL) = 1 (in [4])
> 8385  time(NULL)                        = 1241447007
> 8385  stat64("/etc/resolvconf/resolv.conf.d/upstream", {st_mode=S_IFREG|0644, st_size=24, ...}) = 0
> 8385  stat64("/var/run/dnsmasq/resolv.conf", {st_mode=S_IFREG|0644, st_size=21, ...}) = 0
> 8385  recvmsg(4, {msg_name(16)={sa_family=AF_INET, sin_port=htons(51220), sin_addr=inet_addr("127.0.0.1")}, msg_iov(1)=[{"\206\343\1\0\0\1\0\0\0\0\0\0\5lists\nthekelleys\3or"..., 1280}], msg_controllen=24, {cmsg_len=24, cmsg_level=SOL_IP, cmsg_type=, ...}, msg_flags=0}, 0) = 41
> 8385  ioctl(4, SIOCGIFNAME, {ifr_index=1, ifr_name="lo"}) = 0
> 8385  time(NULL)                        = 1241447007
> 8385  stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2309, ...}) = 0
> 8385  write(8, "<31>May  4 16:23:27 dnsmasq[8385"..., 83) = 83
> 8385  sendmsg(4, {msg_name(16)={sa_family=AF_INET, sin_port=htons(51220), sin_addr=inet_addr("127.0.0.1")}, msg_iov(1)=[{"\206\343\201\205\0\1\0\0\0\0\0\0\5lists\nthekelleys\3o"..., 41}], msg_controllen=24, {cmsg_len=24, cmsg_level=SOL_IP, cmsg_type=, ...}, msg_flags=0}, 0) = 41
> 8385  select(7, [3 4 5 6], [], [], NULL) = 1 (in [4])
> 8385  time(NULL)                        = 1241447007
> 8385  recvmsg(4, {msg_name(16)={sa_family=AF_INET, sin_port=htons(41764), sin_addr=inet_addr("127.0.0.1")}, msg_iov(1)=[{"\310\267\1\0\0\1\0\0\0\0\0\0\5lists\nthekelleys\3or"..., 1280}], msg_controllen=24, {cmsg_len=24, cmsg_level=SOL_IP, cmsg_type=, ...}, msg_flags=0}, 0) = 41
> 8385  ioctl(4, SIOCGIFNAME, {ifr_index=1, ifr_name="lo"}) = 0
> 8385  time(NULL)                        = 1241447007
> 8385  stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2309, ...}) = 0
> 8385  write(8, "<31>May  4 16:23:27 dnsmasq[8385"..., 83) = 83
> 8385  sendmsg(4, {msg_name(16)={sa_family=AF_INET, sin_port=htons(41764), sin_addr=inet_addr("127.0.0.1")}, msg_iov(1)=[{"\310\267\201\205\0\1\0\0\0\0\0\0\5lists\nthekelleys\3o"..., 41}], msg_controllen=24, {cmsg_len=24, cmsg_level=SOL_IP, cmsg_type=, ...}, msg_flags=0}, 0) = 41
> 8385  select(7, [3 4 5 6], [], [], NULL <unfinished ...>
> 
>

The only circumstances in which dnsmasq will return REFUSED wand not 
forward the query is when is  has no upstream server to forward to.

You seem to have both /etc/resolvconf/resolv.conf.d/upstream and 
/var/run/dnsmasq/resolv.conf set as resolv files but you don't mention 
the second one in your initial post. Is it possible that 
/var/run/dnsmasq/resolv.conf has a later modification time than 
/etc/resolvconf/resolv.conf.d/upstream  and is empty? That would cause 
dnsmasq to have an empty set of upstream servers, and behave in the way 
you are seeing.

Each time it reads a resolv-file dnsmasq logs the name of the file and 
the current set of servers, so it should be possible to se what's 
happening from the log.

Cheers,

Simon.

More information about the Dnsmasq-discuss mailing list