[Dnsmasq-discuss] DNSmasq config should works but doesn't

Jérémie SYLVAND jsylvand at leadformance.com
Tue Oct 25 08:59:21 BST 2011 

Hello,

After the test which had worked on my machine as server, and other machines
as guests, I had to deploy dnsmasq on our server. I supposed to be ready,
but after the dhcp+dns stop and dnsmasq start, my conf file didn't work.
Our config : We have 2 FAI box (one SDSL, one ADSL), connected to a router,
which is connected to our switch,  on which are connected our machines, and
our dnsmasq server.
My conf file :

################################################################
# Local network configuration file for dnsmasq.
# See /etc/dnsmasq.conf.save for all options with explanations.
################################################################

# Never forward plain names (without a dot or domain part)
#domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv

# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
expand-hosts

# Change this line if you want dns to get its upstream servers from
# somewhere other that /etc/resolv.conf
resolv-file=

# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
no-resolv

# DNS servers
server=89.2.0.1
server=89.2.0.2
server=212.30.96.123
server=213.203.124.147

# Allow the random selection of dns server
all-servers

# Domain name for dnsmasq.
domain=private.information.com

# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=eth0

# Enable the integrated DHCP server from 10.1.0.180
# to 10.1.0.200 with 12h leases-times
dhcp-range=eth0,10.1.0.180,10.1.0.200,12h

# Netmask (option 1)
dhcp-option=1,255.255.255.0

# Gateway (option 3)
dhcp-option=3,10.1.0.254

# DNS Servers (option 6): Main: 10.1.0.1, Second: 10.1.0.254
dhcp-option=6,10.1.0.1,10.1.0.254

# Statics IP Addresses
dhcp-host=<@macOfServer1>,server1,10.1.0.1

###########
# Devices #
###########

# Wireless
dhcp-host=<@mac>,wireless1,10.1.0.3
dhcp-host=<@mac>,wireless2,10.1.0.4

# Printers
dhcp-host=<@mac>,printer1,10.1.0.26
dhcp-host=<@mac>,printer2,10.1.0.27
dhcp-host=<@mac>,printer3,10.1.0.28
dhcp-host=<@mac>,printer4,10.1.0.29
dhcp-host=<@mac>,printer5,10.1.0.30
dhcp-host=<@mac>,printer6,10.1.0.40

# Server2
dhcp-host=<@mac>,server2,10.1.0.50

# VMs
dhcp-host=<@mac>,vm1,10.1.0.70
dhcp-host=<@mac>,vm2,10.1.0.71
dhcp-host=<@mac>,vm3,10.1.0.72

############
# Machines #
############

# Chambery
dhcp-host=<@mac>,privateName,10.1.0.101
dhcp-host=<@mac>,privateName,10.1.0.102
dhcp-host=<@mac>,privateName,10.1.0.103
dhcp-host=<@mac>,privateName,10.1.0.105
dhcp-host=<@mac>,privateName,10.1.0.106
...

# Chambery Wireless
dhcp-host=<@mac>,privateNamew,10.1.0.131
dhcp-host=<@mac>,privateNamew,10.1.0.132
dhcp-host=<@mac>,privateNamew,10.1.0.134
dhcp-host=<@mac>,privateNamew,10.1.0.136
dhcp-host=<@mac>,privateNamew,10.1.0.137
...

# Paris Wireless
#dhcp-host=<@mac>,privateNamew,10.2.0.137
#dhcp-host=<@mac>,privateNamew,10.2.0.138
#dhcp-host=<@mac>,privateNamew,10.2.0.139
#dhcp-host=<@mac>,privateNamew,10.2.0.140
...

# Set the DHCP server to authoritative mode.
dhcp-authoritative

# Set the cachesize here.
cache-size=6000

# For debugging purposes, log each DNS query as it passes through
# dnsmasq (in syslog).
log-queries
# Log lots of extra information about DHCP transactions (in syslog).
log-dhcp
#########################

It should works on the paper, because this kind of config works on my
private test network, but on our internal company config, it doesn't works.
I didn't compare with our dhcp+dns config, but I suppose I forget to provide
something, I don't know what it is.

Have you got an idea ?

Thank you guys.

------------------------------
*Jeremie SYLVAND | System & Network Assistant*
*LEADFORMANCE* *|* 7 Avenue des Ducs de Savoie *|* 73000 CHAMBERY
Tel. : +33 (0)4 79 25 22 22 * |* www.leadformance.com
Leadformance vainqueur aux E-Commerce Awards 2010 catégorie Innovation : voir
la vidéo <http://www.youtube.com/watch?v=u8zJ1B2-Gg4>
Découvrez toutes les fonctions de BRIDGE en 3 min : voir la
vidéo<http://www.leadformance.com/fr/video/highdef.php>
<http://www.leadformance.com/fr/video/highdef.php>
 <http://www.leadformance.com/fr/video/highdef.php>


2011/9/1 Jérémie SYLVAND <jsylvand at leadformance.com>

> IT WORKS !!!
>
> I didn't have seen that machines on my network could effectively go to
> internet (by ip addresses) because my dnsmasq server provided all the conf,
> the gateway too.
> But because my dnsmasq server couldn't go to internet, (but he really
> wanted to forward his dns request it didn't know), all machines couldn't
> resolve a name request.
>
> The problem was simple, when I have fixed my ifconfig on my dsnmasq server,
> I didn't provide the gateway... NOOB !!
>
> Sorry to have loose your time, it was an idiot error.
>
> Regards
>
>  ------------------------------
> *Jeremie SYLVAND | System & Network Assistant*
> *LEADFORMANCE* *|* 7 Avenue des Ducs de Savoie *|* 73000 CHAMBERY
> Tel. : +33 (0)4 79 25 22 22 * |* www.leadformance.com
> Leadformance vainqueur aux E-Commerce Awards 2010 catégorie Innovation : voir
> la vidéo <http://www.youtube.com/watch?v=u8zJ1B2-Gg4>
> Découvrez toutes les fonctions de BRIDGE en 3 min : voir la vidéo<http://www.leadformance.com/fr/video/highdef.php>
> <http://www.leadformance.com/fr/video/highdef.php>
>  <http://www.leadformance.com/fr/video/highdef.php>
>
>
> 2011/8/31 Don Muller <don at djmuller.com>
>
>> Can you ping by address?****
>>
>> ** **
>>
>> *From:* dnsmasq-discuss-bounces at lists.thekelleys.org.uk [mailto:
>> dnsmasq-discuss-bounces at lists.thekelleys.org.uk] *On Behalf Of *Jérémie
>> SYLVAND
>> *Sent:* Tuesday, August 30, 2011 4:36 AM
>> *To:* Frederick C. Damen
>> *Cc:* dnsmasq-discuss at thekelleys.org.uk
>> *Subject:* Re: [Dnsmasq-discuss] DNSmasq forwarding to DNS doesn't works*
>> ***
>>
>> ** **
>>
>> Hello,
>>
>> I can ping my gateway (the box on the same network) but with a ping to the
>> DNS server it told me Network is unreachable.
>> I'm looking for what could make the network unreachable.
>> Thank you.
>>
>> Regards,
>> ****
>> ------------------------------
>>
>> *Jeremie SYLVAND | System & Network Assistant*
>> *LEADFORMANCE* *|* 7 Avenue des Ducs de Savoie *|* 73000 CHAMBERY
>> Tel. : +33 (0)4 79 25 22 22 *|* www.leadformance.com****
>>
>> Leadformance vainqueur aux E-Commerce Awards 2010 catégorie Innovation : voir
>> la vidéo <http://www.youtube.com/watch?v=u8zJ1B2-Gg4>
>> Découvrez toutes les fonctions de BRIDGE en 3 min : voir la vidéo<http://www.leadformance.com/fr/video/highdef.php>
>>  <http://www.leadformance.com/fr/video/highdef.php>****
>>
>>
>>
>> ****
>>
>> 2011/8/26 Frederick C. Damen <fred at damen.org>****
>>
>> from the fedoraserver machine try
>> ping 89.2.0.1
>> traceroute 89.2.0.1
>> telnet 89.2.0.1 53
>> this should tell you if you at least have conectivity;
>> repeat with each upstream dns server IP address.
>>
>> If your (r)syslog log level is set higher than the log-queries then they
>> will not make it to the (r)syslog file.  Try using the
>> --log-facility=/tmp/dnsmasq-queries
>> Then try ping google.com
>>
>> Do not put the IP address of you ethx IP addresses in /etc/resolv.conf.
>>  Every machine can refer to its self as 127.0.0.1.  dnsmasq is smart
>> enough to ignore this address and not use it as an upstream dns server.
>>  I have not seen anything stating that dnsmasq will ignore the ethx IP
>> address as a upstream dns server.  Besides 127.0.0.1 address should
>> always work on the local machine even if your networking is all screwed
>> up.
>>
>> Fred****
>>
>>
>> On 08/26/2011 10:29 AM, Matthias Andree wrote:
>> > Am 26.08.2011 17:15, schrieb Jérémie SYLVAND:
>> >> Hello
>> >>
>> >> Thank you for your answers.
>> >>
>> >> I have tried what you told me, in different thing :
>> >> using resolv.conf with only 127.0.0.1
>> >> with 127.0.0.1 and one of my ISP nameserver
>> >>
>> >> Not using resolv.conf by the line no-resolve in the dnsmasq.conf :
>> >> with and without this line : server=127.0.0.1
>> >> and with all my ISP nameserver addresses
>> >> server=89.2.0.1
>> >> server=89.2.0.2
>> >> server=212.30.96.123
>> >> server=213.203.124.147
>> >> in the dnsmasq.conf
>> >>
>> >> And it still doesn't works
>> >>
>> >> My logs :
>> >>
>> >> # tail -f /var/log/messages
>> >> Aug 26 16:55:23 fedoraserver abrtd: Corrupted or bad crash
>> >> /var/spool/abrt/ccpp-1314370523-6770 (res:2), deleting
>> >> Aug 26 16:58:02 fedoraserver dnsmasq[7256]: exiting on receipt of
>> SIGTERM
>> >> Aug 26 16:58:02 fedoraserver dnsmasq[7293]: started, version 2.52
>> >> cachesize 6000
>> >> Aug 26 16:58:02 fedoraserver dnsmasq[7293]: compile time options: IPv6
>> >> GNU-getopt DBus no-I18N DHCP TFTP
>> >> Aug 26 16:58:02 fedoraserver dnsmasq-dhcp[7293]: DHCP, IP range
>> >> 192.168.0.180 -- 192.168.0.200, lease time 12h
>> >> Aug 26 16:58:02 fedoraserver dnsmasq[7293]: using nameserver
>> >> 213.203.124.147#53
>> >> Aug 26 16:58:02 fedoraserver dnsmasq[7293]: using nameserver
>> >> 212.30.96.123#53
>> >> Aug 26 16:58:02 fedoraserver dnsmasq[7293]: using nameserver
>> 89.2.0.2#53
>> >> Aug 26 16:58:02 fedoraserver dnsmasq[7293]: using nameserver
>> 89.2.0.1#53
>> >> Aug 26 16:58:02 fedoraserver dnsmasq[7293]: read /etc/hosts - 3
>> addresses
>> >
>> > OK, so the nameserver configuration works, but it has not logged any
>> > queries that it would have forwarded so far - check if there are any
>> > further down.
>> >
>> > Please check:
>> >
>> > - if bind-interfaces makes any difference
>> >
>> > - possibly remove the interface configuration tying dnsmasq to eth0 just
>> > to see if it helps
>> >
>> > - your resolv.conf on the fedoraserver should point to the primary eth0
>> > address
>> >
>> > - Firewall configuration
>> >
>> > - /etc/resolv.conf and /etc/host.conf on the clients
>> >
>> > - possibly use wireshark or tcpdump to check port 53 traffic (possibly
>> > check various interfaces)
>> >****
>>
>> > _______________________________________________
>> > Dnsmasq-discuss mailing list
>> > Dnsmasq-discuss at lists.thekelleys.org.uk
>> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss****
>>
>> ** **
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20111025/046da834/attachment.htm

More information about the Dnsmasq-discuss mailing list