[Dnsmasq-discuss] server forwarding all traffic to parents after a successful PTR query of itself

Simon Kelley simon at thekelleys.org.uk
Wed Feb 17 10:30:29 GMT 2010


Alberto Cuesta-Canada wrote:
> Hi Simon,
>  
> the parents of 250 (my dnsmasq server) have forwarding rules for the 
> dselgrid.local domain, that I run. So I assumed that the queries pushed 
> upstream would be routed down again, and timeout in a loop.

Ahh, that could easily be the problem. If you generate a loop between 
two DNS servers, each forwarding to the other, then the queries can 
easily bounce back-and-forth forever. Dnsmasq will manage this situation 
reasonably well, and manage to server other traffic, but the circulating 
queries will eat bandwidth and CPU.

The logs would seem to show a "strange" query of some sort (dnsmasq 
can't parse a domain-name from the query, hence "forwarded query" rather 
than "forwarded <domain-name>) If such queries can circulate forever 
then you have a problem.


>  
> That said, in the logs I could still see successful PTR and A queries, 
> outnumbered 10 to 1 by forwards. I'm not sure about the behaviour of 
> local queries, I don't remember from yesterday, but I think they worked.
>  
> 94 is a Platform Grid Master, that is a W2K3 machine which runs only one 
> application. It keeps a cache of machines but it doesn't give DNS 
> services, or anything similar. The interesting thing is that the PTR 
> request doesn't always produce this effect. I have enterprise support 
> for that software, so I will ask them.
>  
> dnsmasq is running in a quite complicated setup. We have a XenServer 
> host running a Ubuntu 9.04 VM. I have just 1GB free on that machine and 
> out of disk space scenarios are fatal, so I can't tcpdump. There is a 
> rebuild of it coming in the next two weeks that will give me another 50GB.
>  
> Any idea on what to look for, or any hypothesis of what could be 
> happening should be enough, I can keep investigating and contain it with 
> workarounds for a while.

See above. a loop, possibly only of "odd" queries.

Cheers,

Simon.

>  
> Many thanks,
>  
> *Alberto Cuesta-Canada*
> GaaS Team Lead
> Excelian Ltd.
> +44 (0) 7942633361
> 
> ------------------------------------------------------------------------
> *From:* Simon Kelley [mailto:simon at thekelleys.org.uk]
> *Sent:* Wed 17/02/2010 10:04
> *To:* Alberto Cuesta-Canada
> *Cc:* dnsmasq-discuss at lists.thekelleys.org.uk; Grid Support
> *Subject:* Re: [Dnsmasq-discuss] server forwarding all traffic to 
> parents after a successful PTR query of itself
> 
> It's not clear to me what is going on here. How does the pattern
> continue? Do you just see  "forwarded query to 172.30.48.192" from now
> on until the server is restarted, or do you still see "query[A]...." and
> "query[PTR}...." lines?
> 
> Do queries which get pushed upstream continue to work? How about queries
> which should be answered locally?
> 
> What is 172.30.158.94? Is it running anything that may generate "odd"
> DNS queries? The holy grail would be to able prod that machine to
> reproduce this at will.
> 
> What sort of machine are you running dnsmasq on? Does it have a
> reasonable amount of spare storage so that you could tcpdump all traffic
> to/from port 53,UDP for offline analysis?
> 
> 
> Simon.
> 
> 
> The information contained in this email and any attached files are 
> confidential and intended solely for the addressee(s). The email may be 
> legally privileged or prohibited from disclosure and unauthorised use. 
> If you are not the named addressee you may not use, copy, or disclose 
> this information to any other person. If you received this message in 
> error please notify the sender immediately and delete it from your system.
> 
> Any opinion or views contained in this email message are those of the 
> sender, and do not represent those of the Company in any way and 
> reliance should not be placed upon its contents. Unless otherwise 
> stated, this email message is not intended to be contractually binding. 
> Where an Agreement exists between our respective companies and there is 
> conflict between the contents of this email message and the Agreement 
> then the terms of that Agreement shall prevail.
> 
> Excelian
> 50 Featherstone Street
> London
> EC1Y 8RT
> Tel: +44 (0) 20 7336 9595
> Fax: +44 (0) 20 7336 9596
> www.Excelian.com
> _____________________________________________________________________
> This e-mail has been scanned for viruses by MessageLabs. For further 
> information visit http://www.messagelabs.com
> 
> Excelian subscribes to cleaner and greener methods of working. Help take 
> responsibility for the environment. Please don't print this email unless 
> you absolutely have to.




More information about the Dnsmasq-discuss mailing list