[Dnsmasq-discuss] UDP queries to DNS fail
Simon Kelley
simon at thekelleys.org.uk
Sat Jan 7 10:25:51 GMT 2012
On 07/01/12 01:21, Mike Owens wrote:
> I have an issue that's driving me nuts. I have dnsmasq installed and
> DHCP is working fine. I can make DNS queries over TCP and they work
> fine. Normal DNS requests over UDP fail if done from a remote machine
> but succeed if done locally. First thing I did was check the firewall. I
> have gone so far as to completely remove UFW so that there is no doubt.
> I can get a reply using nc -u -z 192.168.1.100 53 from a remote machine
> and dig +tcp www.yahoo.com <http://www.yahoo.com> @serverip also succeeds.
>
> Config file:
>
> domain-needed
> bogus-priv
> strict-order
> server=192.168.1.100
> interface=eth0
> domain=transpireinc.com <http://transpireinc.com>
> dhcp-range=192.168.1.2,192.168.1.99,255.255.255.0,12h
> dhcp-option=3,192.168.1.1
> dhcp-authoritative
> bogus-nxdomain=64.94.110.11
> log-facility=/var/log/dnsmasq
> log-queries
> log-dhcp
>
>
> netstat -lpn output:
>
> tcp 0 0 0.0.0.0:53 <http://0.0.0.0:53>
> 0.0.0.0:* LISTEN 932/dnsmasq
> tcp6 0 0 :::53 :::*
> LISTEN 932/dnsmasq
> udp 0 0 0.0.0.0:53 <http://0.0.0.0:53>
> 0.0.0.0:* 932/dnsmasq
> udp 0 0 0.0.0.0:67 <http://0.0.0.0:67>
> 0.0.0.0:* 932/dnsmasq
> udp6 0 0 :::53
> :::* 932/dnsmasq
>
>
> Log snippet from today. All the successful queries occurred over TCP:
>
> Jan 6 16:20:08 dnsmasq[823]: started, version 2.57 cachesize 150
> Jan 6 16:20:08 dnsmasq[823]: compile time options: IPv6 GNU-getopt
> DBus I18N DHCP TFTP IDN
> Jan 6 16:20:08 dnsmasq-dhcp[823]: DHCP, IP range 192.168.1.2 --
> 192.168.1.99, lease time infinite
> Jan 6 16:20:08 dnsmasq[823]: using nameserver 192.168.1.100#53
> Jan 6 16:20:08 dnsmasq[823]: reading /var/run/dnsmasq/resolv.conf
> Jan 6 16:20:08 dnsmasq[823]: using nameserver 68.87.85.102#53
> Jan 6 16:20:08 dnsmasq[823]: using nameserver 68.87.69.150#53
> Jan 6 16:20:08 dnsmasq[823]: using nameserver 68.87.64.146#53
> Jan 6 16:20:08 dnsmasq[823]: using nameserver 192.168.1.1#53
> Jan 6 16:20:08 dnsmasq[823]: using nameserver 192.168.1.100#53
> Jan 6 16:20:08 dnsmasq[823]: using nameserver 192.168.1.100#53
> Jan 6 16:20:08 dnsmasq[823]: read /etc/hosts - 12 addresses
> Jan 6 16:20:43 dnsmasq[840]: query[A] debian.org
> <http://debian.org> from 192.168.1.102
> Jan 6 16:20:43 dnsmasq[840]: forwarded debian.org
> <http://debian.org> to 192.168.1.100
> Jan 6 16:20:43 dnsmasq[840]: reply debian.org <http://debian.org>
> is 206.12.19.7
> Jan 6 16:20:43 dnsmasq[840]: reply debian.org <http://debian.org>
> is 128.31.0.51
> Jan 6 16:37:10 dnsmasq[856]: query[A] www.yahoo.com
> <http://www.yahoo.com> from 192.168.1.102
> Jan 6 16:37:10 dnsmasq[856]: forwarded www.yahoo.com
> <http://www.yahoo.com> to 192.168.1.100
> Jan 6 16:37:10 dnsmasq[856]: reply www.yahoo.com
> <http://www.yahoo.com> is <CNAME>
> Jan 6 16:37:10 dnsmasq[856]: reply fp3.wg1.b.yahoo.com
> <http://fp3.wg1.b.yahoo.com> is <CNAME>
> Jan 6 16:37:10 dnsmasq[856]: reply any-fp3-lfb.wa1.b.yahoo.com
> <http://any-fp3-lfb.wa1.b.yahoo.com> is <CNAME>
> Jan 6 16:37:10 dnsmasq[856]: reply any-fp3-real.wa1.b.yahoo.com
> <http://any-fp3-real.wa1.b.yahoo.com> is 72.30.2.43
> Jan 6 16:37:10 dnsmasq[856]: reply any-fp3-real.wa1.b.yahoo.com
> <http://any-fp3-real.wa1.b.yahoo.com> is 98.137.149.56
> Jan 6 16:40:14 dnsmasq[882]: query[A] www.yahoo.com
> <http://www.yahoo.com> from 192.168.1.102
> Jan 6 16:40:14 dnsmasq[882]: forwarded www.yahoo.com
> <http://www.yahoo.com> to 192.168.1.100
> Jan 6 16:40:14 dnsmasq[882]: reply www.yahoo.com
> <http://www.yahoo.com> is <CNAME>
> Jan 6 16:40:14 dnsmasq[882]: reply fp3.wg1.b.yahoo.com
> <http://fp3.wg1.b.yahoo.com> is <CNAME>
> Jan 6 16:40:14 dnsmasq[882]: reply any-fp3-lfb.wa1.b.yahoo.com
> <http://any-fp3-lfb.wa1.b.yahoo.com> is <CNAME>
> Jan 6 16:40:14 dnsmasq[882]: reply any-fp3-real.wa1.b.yahoo.com
> <http://any-fp3-real.wa1.b.yahoo.com> is 98.137.149.56
> Jan 6 16:40:14 dnsmasq[882]: reply any-fp3-real.wa1.b.yahoo.com
> <http://any-fp3-real.wa1.b.yahoo.com> is 72.30.2.43
> Jan 6 17:06:56 dnsmasq[823]: exiting on receipt of SIGTERM
> Jan 6 17:06:58 dnsmasq[932]: started, version 2.57 cachesize 150
> Jan 6 17:06:58 dnsmasq[932]: compile time options: IPv6 GNU-getopt
> DBus I18N DHCP TFTP IDN
> Jan 6 17:06:58 dnsmasq-dhcp[932]: DHCP, IP range 192.168.1.2 --
> 192.168.1.99, lease time 12h
> Jan 6 17:06:58 dnsmasq[932]: using nameserver 192.168.1.100#53
> Jan 6 17:06:58 dnsmasq[932]: reading /var/run/dnsmasq/resolv.conf
> Jan 6 17:06:58 dnsmasq[932]: using nameserver 68.87.85.102#53
> Jan 6 17:06:58 dnsmasq[932]: using nameserver 68.87.69.150#53
> Jan 6 17:06:58 dnsmasq[932]: using nameserver 68.87.64.146#53
> Jan 6 17:06:58 dnsmasq[932]: using nameserver 192.168.1.1#53
> Jan 6 17:06:58 dnsmasq[932]: using nameserver 192.168.1.100#53
> Jan 6 17:06:58 dnsmasq[932]: using nameserver 192.168.1.100#53
> Jan 6 17:06:58 dnsmasq[932]: read /etc/hosts - 12 addresses
> Jan 6 17:07:34 dnsmasq[950]: query[A] www.yahoo.com
> <http://www.yahoo.com> from 192.168.1.102
> Jan 6 17:07:34 dnsmasq[950]: forwarded www.yahoo.com
> <http://www.yahoo.com> to 192.168.1.100
> Jan 6 17:07:34 dnsmasq[950]: reply www.yahoo.com
> <http://www.yahoo.com> is <CNAME>
> Jan 6 17:07:34 dnsmasq[950]: reply fp3.wg1.b.yahoo.com
> <http://fp3.wg1.b.yahoo.com> is <CNAME>
> Jan 6 17:07:34 dnsmasq[950]: reply any-fp3-lfb.wa1.b.yahoo.com
> <http://any-fp3-lfb.wa1.b.yahoo.com> is <CNAME>
> Jan 6 17:07:34 dnsmasq[950]: reply any-fp3-real.wa1.b.yahoo.com
> <http://any-fp3-real.wa1.b.yahoo.com> is 98.137.149.56
> Jan 6 17:07:34 dnsmasq[950]: reply any-fp3-real.wa1.b.yahoo.com
> <http://any-fp3-real.wa1.b.yahoo.com> is 72.30.2.43
>
>
> The only thing keeping this server from going live is this UDP problem.
>
> Thanks
> Mike
>
Is there any possibility that you're looping queries _from_ dnsmasq back
to itself. There's not enough information above to be sure, but the
"using nameserver 192.168.x.y" logs make me suspicious. Especially
"using nameserver 192.168.1.1" Behaviour in those circumstance might fit
the TCP works / UDP doesn't pattern.
Simon.
More information about the Dnsmasq-discuss
mailing list