[Dnsmasq-discuss] intermittant failure to resolve
Simon Kelley
simon at thekelleys.org.uk
Thu Mar 31 16:57:31 BST 2011
micah anderson wrote:
> Hi,
>
> On Wed, 30 Mar 2011 21:16:17 +0100, Simon Kelley <simon at thekelleys.org.uk> wrote:
>> Micah Anderson wrote:
>>> I've been having a frustrating issue with resolving a particular domain
>>> through my dnsmasq server. It seems that 60-70% of the time that I
>>> attempt to look up any host in debian.org, I get a failure to
>>> resolve. Trying again three or four times eventually gets a success.
>>>
>>> I've looked elsewhere, debian.org's nameservers seem to be functioning
>>> fine, and other people I know do not have this problem.
>>>
>>> I decided to try an experiment, I switched from using dnsmasq to using
>>> bind, and the problem went away.
>>>
>>> I dont have a very complicated dnsmasq configuration, its as follows:
>>>
>>> # filter what we send upstream
>>> domain-needed
>>> bogus-priv
>>> filterwin2k
>>> localise-queries
>>> bogus-nxdomain=208.68.143.89
>>> bogus-nxdomain=208.68.143.55
>>>
>>> # allow /etc/hosts and dhcp lookups via *.local
>>> local=/local/
>>> domain=local
>>> expand-hosts
>>> no-negcache
>>> resolv-file=/tmp/resolv.conf.auto
>>>
>>> dhcp-authoritative
>>> dhcp-leasefile=/tmp/dhcp.leases
>>>
>>>
>>> I'd appreciate any debugging suggestions, as I'm at a loss.
>> Start by adding
>>
>> log-queries
>>
>> to your configuration. That should tell you what is happening to the
>> queries and answers (if any).
>
> Thanks for the suggestion, I added the log-queries and this has given me
> some clues. What seems to be happening is the query gets forwarded and
> then the lookup times out before the response comes back. The response
> actually does come back soon after, and then gets cached. If I look it
> up immediately, i'll get the cached reply, which is good, but the cache
> expires fairly quickly, usually before I actually look up something in
> that domain again.
>
> Here are exerpts from the log, with some comments inline:
>
> Jan 9 21:13:48 dnsmasq[854]: query[A] qa.debian.org from 192.168.1.8
>
> My machine is 192.168.1.8
>
> Jan 9 21:13:48 dnsmasq[854]: forwarded qa.debian.org to 192.168.0.1
>
> 192.168.0.1 is the cablemodem/wireless AP
>
> Jan 9 21:13:48 dnsmasq[854]: query[AAAA] qa.debian.org from 192.168.1.8
>
> here we are looking up ipv6 AAAA records
>
> Jan 9 21:13:48 dnsmasq[854]: forwarded qa.debian.org to 192.168.0.1
>
> also forwarded
>
> Jan 9 21:13:53 dnsmasq[854]: query[A] qa.debian.org from 192.168.1.8
>
> it seems like my machine is re-asking for the information
>
> Jan 9 21:13:53 dnsmasq[854]: forwarded qa.debian.org to 192.168.0.1
> Jan 9 21:13:53 dnsmasq[854]: query[AAAA] qa.debian.org from 192.168.1.8
> Jan 9 21:13:53 dnsmasq[854]: forwarded qa.debian.org to 192.168.0.1
>
> then forwarded again.
>
> Jan 9 21:13:58 dnsmasq[854]: query[A] qa.debian.org.local from 192.168.1.8
> Jan 9 21:13:58 dnsmasq[854]: config qa.debian.org.local is <NXDOMAIN>-IPv4
> Jan 9 21:13:58 dnsmasq[854]: query[AAAA] qa.debian.org.local from 192.168.1.8
> Jan 9 21:13:58 dnsmasq[854]: config qa.debian.org.local is <NXDOMAIN>-IPv6
>
> Here the query again, but now dnsmasq is responding NXDOMAIN... at this
> point my user-land query gets that response and then fails:
No. The resolver has timed out and tried adding a domain ".local" from
its searchlist to the query in an attempt to get an answer. Dnsmasq is
configured to never forward queries for *.local, so it returns
NXDOMAIN, this is what
local=/local/
in you config does.
>
> curl: (6) Couldn't resolve host 'qa.debian.org'
>
> Then, seconds later, a reply comes:
>
> Jan 9 21:14:07 dnsmasq[854]: reply qa.debian.org is 206.12.19.122
> Jan 9 21:14:13 dnsmasq[854]: reply qa.debian.org is 2607:f8f0:610:4000:216:36ff:fe40:3860
>
Two suggestions.
1) Get a better upstream nameserver, those delays are crazy. Maybe use
the Google namesevers.
2) Increase the timeout in you resolver configuration, see "man
resolv.conf" for details on doing this.
HTH
Simon.
> micah
>
More information about the Dnsmasq-discuss
mailing list