[Dnsmasq-discuss] intermittant failure to resolve

Thu Mar 31 16:57:31 BST 2011

micah anderson wrote:
> Hi,
> 
> On Wed, 30 Mar 2011 21:16:17 +0100, Simon Kelley <simon at thekelleys.org.uk> wrote:
>> Micah Anderson wrote:
>>> I've been having a frustrating issue with resolving a particular domain
>>> through my dnsmasq server. It seems that 60-70% of the time that I
>>> attempt to look up any host in debian.org, I get a failure to
>>> resolve. Trying again three or four times eventually gets a success.
>>>
>>> I've looked elsewhere, debian.org's nameservers seem to be functioning
>>> fine, and other people I know do not have this problem. 
>>>
>>> I decided to try an experiment, I switched from using dnsmasq to using
>>> bind, and the problem went away.
>>>
>>> I dont have a very complicated dnsmasq configuration, its as follows:
>>>
>>> # filter what we send upstream
>>> domain-needed
>>> bogus-priv
>>> filterwin2k
>>> localise-queries
>>> bogus-nxdomain=208.68.143.89
>>> bogus-nxdomain=208.68.143.55
>>>
>>> # allow /etc/hosts and dhcp lookups via *.local
>>> local=/local/
>>> domain=local
>>> expand-hosts
>>> no-negcache
>>> resolv-file=/tmp/resolv.conf.auto
>>>
>>> dhcp-authoritative
>>> dhcp-leasefile=/tmp/dhcp.leases
>>>
>>>
>>> I'd appreciate any debugging suggestions, as I'm at a loss.
>> Start by adding
>>
>> log-queries
>>
>> to your configuration. That should tell you what is happening to the
>> queries and answers (if any).
> 
> Thanks for the suggestion, I added the log-queries and this has given me
> some clues. What seems to be happening is the query gets forwarded and
> then the lookup times out before the response comes back. The response
> actually does come back soon after, and then gets cached. If I look it
> up immediately, i'll get the cached reply, which is good, but the cache
> expires fairly quickly, usually before I actually look up something in
> that domain again.
> 
> Here are exerpts from the log, with some comments inline:
> 
> Jan  9 21:13:48 dnsmasq[854]: query[A] qa.debian.org from 192.168.1.8
> 
> My machine is 192.168.1.8
> 
> Jan  9 21:13:48 dnsmasq[854]: forwarded qa.debian.org to 192.168.0.1
> 
> 192.168.0.1 is the cablemodem/wireless AP
> 
> Jan  9 21:13:48 dnsmasq[854]: query[AAAA] qa.debian.org from 192.168.1.8
> 
> here we are looking up ipv6 AAAA records
> 
> Jan  9 21:13:48 dnsmasq[854]: forwarded qa.debian.org to 192.168.0.1
> 
> also forwarded
> 
> Jan  9 21:13:53 dnsmasq[854]: query[A] qa.debian.org from 192.168.1.8
> 
> it seems like my machine is re-asking for the information
> 
> Jan  9 21:13:53 dnsmasq[854]: forwarded qa.debian.org to 192.168.0.1
> Jan  9 21:13:53 dnsmasq[854]: query[AAAA] qa.debian.org from 192.168.1.8
> Jan  9 21:13:53 dnsmasq[854]: forwarded qa.debian.org to 192.168.0.1
> 
> then forwarded again.
> 
> Jan  9 21:13:58 dnsmasq[854]: query[A] qa.debian.org.local from 192.168.1.8
> Jan  9 21:13:58 dnsmasq[854]: config qa.debian.org.local is <NXDOMAIN>-IPv4
> Jan  9 21:13:58 dnsmasq[854]: query[AAAA] qa.debian.org.local from 192.168.1.8
> Jan  9 21:13:58 dnsmasq[854]: config qa.debian.org.local is <NXDOMAIN>-IPv6
> 
> Here the query again, but now dnsmasq is responding NXDOMAIN... at this
> point my user-land query gets that response and then fails:

No. The resolver has timed out and tried adding a domain ".local" from
its searchlist to the query in an attempt to get an answer. Dnsmasq is
configured to never forward queries for  *.local, so it returns
NXDOMAIN, this is what

local=/local/

in you config does.
> 
> curl: (6) Couldn't resolve host 'qa.debian.org'
> 
> Then, seconds later, a reply comes:
> 
> Jan  9 21:14:07 dnsmasq[854]: reply qa.debian.org is 206.12.19.122
> Jan  9 21:14:13 dnsmasq[854]: reply qa.debian.org is 2607:f8f0:610:4000:216:36ff:fe40:3860
> 

Two suggestions.

1) Get a better upstream nameserver, those delays are crazy. Maybe use
the Google namesevers.

2) Increase the timeout in you resolver configuration, see "man
resolv.conf" for details on doing this.

HTH

Simon.

> micah
> 