[Dnsmasq-discuss] server forwarding all traffic to parents after a successful PTR query of itself
Simon Kelley
simon at thekelleys.org.uk
Wed Feb 17 10:30:29 GMT 2010
Alberto Cuesta-Canada wrote:
> Hi Simon,
>
> the parents of 250 (my dnsmasq server) have forwarding rules for the
> dselgrid.local domain, that I run. So I assumed that the queries pushed
> upstream would be routed down again, and timeout in a loop.
Ahh, that could easily be the problem. If you generate a loop between
two DNS servers, each forwarding to the other, then the queries can
easily bounce back-and-forth forever. Dnsmasq will manage this situation
reasonably well, and manage to server other traffic, but the circulating
queries will eat bandwidth and CPU.
The logs would seem to show a "strange" query of some sort (dnsmasq
can't parse a domain-name from the query, hence "forwarded query" rather
than "forwarded <domain-name>) If such queries can circulate forever
then you have a problem.
>
> That said, in the logs I could still see successful PTR and A queries,
> outnumbered 10 to 1 by forwards. I'm not sure about the behaviour of
> local queries, I don't remember from yesterday, but I think they worked.
>
> 94 is a Platform Grid Master, that is a W2K3 machine which runs only one
> application. It keeps a cache of machines but it doesn't give DNS
> services, or anything similar. The interesting thing is that the PTR
> request doesn't always produce this effect. I have enterprise support
> for that software, so I will ask them.
>
> dnsmasq is running in a quite complicated setup. We have a XenServer
> host running a Ubuntu 9.04 VM. I have just 1GB free on that machine and
> out of disk space scenarios are fatal, so I can't tcpdump. There is a
> rebuild of it coming in the next two weeks that will give me another 50GB.
>
> Any idea on what to look for, or any hypothesis of what could be
> happening should be enough, I can keep investigating and contain it with
> workarounds for a while.
See above. a loop, possibly only of "odd" queries.
Cheers,
Simon.
>
> Many thanks,
>
> *Alberto Cuesta-Canada*
> GaaS Team Lead
> Excelian Ltd.
> +44 (0) 7942633361
>
> ------------------------------------------------------------------------
> *From:* Simon Kelley [mailto:simon at thekelleys.org.uk]
> *Sent:* Wed 17/02/2010 10:04
> *To:* Alberto Cuesta-Canada
> *Cc:* dnsmasq-discuss at lists.thekelleys.org.uk; Grid Support
> *Subject:* Re: [Dnsmasq-discuss] server forwarding all traffic to
> parents after a successful PTR query of itself
>
> It's not clear to me what is going on here. How does the pattern
> continue? Do you just see "forwarded query to 172.30.48.192" from now
> on until the server is restarted, or do you still see "query[A]...." and
> "query[PTR}...." lines?
>
> Do queries which get pushed upstream continue to work? How about queries
> which should be answered locally?
>
> What is 172.30.158.94? Is it running anything that may generate "odd"
> DNS queries? The holy grail would be to able prod that machine to
> reproduce this at will.
>
> What sort of machine are you running dnsmasq on? Does it have a
> reasonable amount of spare storage so that you could tcpdump all traffic
> to/from port 53,UDP for offline analysis?
>
>
> Simon.
>
>
> The information contained in this email and any attached files are
> confidential and intended solely for the addressee(s). The email may be
> legally privileged or prohibited from disclosure and unauthorised use.
> If you are not the named addressee you may not use, copy, or disclose
> this information to any other person. If you received this message in
> error please notify the sender immediately and delete it from your system.
>
> Any opinion or views contained in this email message are those of the
> sender, and do not represent those of the Company in any way and
> reliance should not be placed upon its contents. Unless otherwise
> stated, this email message is not intended to be contractually binding.
> Where an Agreement exists between our respective companies and there is
> conflict between the contents of this email message and the Agreement
> then the terms of that Agreement shall prevail.
>
> Excelian
> 50 Featherstone Street
> London
> EC1Y 8RT
> Tel: +44 (0) 20 7336 9595
> Fax: +44 (0) 20 7336 9596
> www.Excelian.com
> _____________________________________________________________________
> This e-mail has been scanned for viruses by MessageLabs. For further
> information visit http://www.messagelabs.com
>
> Excelian subscribes to cleaner and greener methods of working. Help take
> responsibility for the environment. Please don't print this email unless
> you absolutely have to.
More information about the Dnsmasq-discuss
mailing list