[Dnsmasq-discuss] intermittant failure to resolve

Micah Anderson micah at riseup.net
Thu Mar 31 17:08:46 BST 2011


Hi,

On Wed, 30 Mar 2011 21:16:17 +0100, Simon Kelley <simon at thekelleys.org.uk> wrote:
> Micah Anderson wrote:
> > I've been having a frustrating issue with resolving a particular domain
> > through my dnsmasq server. It seems that 60-70% of the time that I
> > attempt to look up any host in debian.org, I get a failure to
> > resolve. Trying again three or four times eventually gets a success.
> > 
> > I've looked elsewhere, debian.org's nameservers seem to be functioning
> > fine, and other people I know do not have this problem. 
> > 
> > I decided to try an experiment, I switched from using dnsmasq to using
> > bind, and the problem went away.
> > 
> > I dont have a very complicated dnsmasq configuration, its as follows:
> > 
> > # filter what we send upstream
> > domain-needed
> > bogus-priv
> > filterwin2k
> > localise-queries
> > bogus-nxdomain=208.68.143.89
> > bogus-nxdomain=208.68.143.55
> > 
> > # allow /etc/hosts and dhcp lookups via *.local
> > local=/local/
> > domain=local
> > expand-hosts
> > no-negcache
> > resolv-file=/tmp/resolv.conf.auto
> > 
> > dhcp-authoritative
> > dhcp-leasefile=/tmp/dhcp.leases
> > 
> > 
> > I'd appreciate any debugging suggestions, as I'm at a loss.
>
> Start by adding
> 
> log-queries
> 
> to your configuration. That should tell you what is happening to the
> queries and answers (if any).

Thanks for the suggestion, I added the log-queries and this has given me
some clues. What seems to be happening is the query gets forwarded and
then the lookup times out before the response comes back. The response
actually does come back soon after, and then gets cached. If I look it
up immediately, i'll get the cached reply, which is good, but the cache
expires fairly quickly, usually before I actually look up something in
that domain again.

Here are exerpts from the log, with some comments inline:

Jan  9 21:13:48 dnsmasq[854]: query[A] qa.debian.org from 192.168.1.8

My machine is 192.168.1.8

Jan  9 21:13:48 dnsmasq[854]: forwarded qa.debian.org to 192.168.0.1

192.168.0.1 is the cablemodem/wireless AP

Jan  9 21:13:48 dnsmasq[854]: query[AAAA] qa.debian.org from 192.168.1.8

here we are looking up ipv6 AAAA records

Jan  9 21:13:48 dnsmasq[854]: forwarded qa.debian.org to 192.168.0.1

also forwarded

Jan  9 21:13:53 dnsmasq[854]: query[A] qa.debian.org from 192.168.1.8

it seems like my machine is re-asking for the information

Jan  9 21:13:53 dnsmasq[854]: forwarded qa.debian.org to 192.168.0.1
Jan  9 21:13:53 dnsmasq[854]: query[AAAA] qa.debian.org from 192.168.1.8
Jan  9 21:13:53 dnsmasq[854]: forwarded qa.debian.org to 192.168.0.1

then forwarded again.

Jan  9 21:13:58 dnsmasq[854]: query[A] qa.debian.org.local from 192.168.1.8
Jan  9 21:13:58 dnsmasq[854]: config qa.debian.org.local is <NXDOMAIN>-IPv4
Jan  9 21:13:58 dnsmasq[854]: query[AAAA] qa.debian.org.local from 192.168.1.8
Jan  9 21:13:58 dnsmasq[854]: config qa.debian.org.local is <NXDOMAIN>-IPv6

Here the query again, but now dnsmasq is responding NXDOMAIN... at this
point my user-land query gets that response and then fails:

curl: (6) Couldn't resolve host 'qa.debian.org'

Then, seconds later, a reply comes:

Jan  9 21:14:07 dnsmasq[854]: reply qa.debian.org is 206.12.19.122
Jan  9 21:14:13 dnsmasq[854]: reply qa.debian.org is 2607:f8f0:610:4000:216:36ff:fe40:3860

micah

ps. (sorry to Simon for the duplicate, I had to resend to get this to go to
the list)




More information about the Dnsmasq-discuss mailing list