[Dnsmasq-discuss] dnsmasq + dhclient + vpnc = DNS falls over

[Ashton Fagg]

On 11/01/12 16:43, Ashton Fagg wrote:
> Hi all.
>
> I'm currently having a weird problem with an embedded PC. The machine
> is running Voyage Linux 0.5 (quite an old version, based on Debian
> Etch). Currently it's running dnsmasq version 2.35 (unfortunately no
> real way to get a new version running, sorry).
>
> The machine is set up to connect back to our LAN using VPNC. When
> the VPN is disconnected and it's merely just plugged into our LAN in
> the office, dhclient is set up to prepend 127.0.0.1 to the list of
> DNS servers. Looking at /etc/resolv.conf reveals this, 127.0.0.1 with
> the two nameservers which come in via DHCP. When the VPN is
> connected, /etc/resolv.conf gets modified by vpnc to show the DNS
> servers allocated on the tunnel interface.
>
> The issue is that eventually (and we think this has something to do
> with the dhcp lease renewing) the DNS completely falls over and fails
> to resolve anything, with only a reboot bringing it back. I'm not
> sure if this is dnsmasq, vpnc, dhclient or some combination thereof
> and have no idea where to start troubleshooting.
>
> Any help would be greatly appreciated.
>
> Ash

Hi all.

Just an update on this. Thanks to those people who replied off-list with
advice, it's greatly appreciated.

 From there, I managed to get logging etc turned on and have collected
some potentially relevant info. From my observations I'm starting to
think that dnsmasq isn't the issue here, however I'll post here in case
someone who knows more than I do can give me any pointers.

The most common query this box requests is for a server running an SQL
database - let's call it db.organisation.local. DHCP from the ethernet
side gives the search domain as sitename.organisation.local. When it's
field deployed, DHCP is from a 3G modem and the search domain isn't given.

Grepping for dnsmasq in /var/log/syslog shows that when the DNS falls
over, it requests a query for db.organisation.local, and then when that
fails, db.organisation.local.sitename.organisation.local (which
obviously also fails). Pinging the DNS servers on the LAN side (which is
what /etc/resolv.conf shows) fails, even though they should be
accessible even with the VPN connected. Basically, everything fails.
Running dhclient brings everything back up and happy, though. And then
vpnc takes over and it's happy for a while before falling over again. It
doesn't matter what network I'm plugged into, this always happens.

What I think is happening is that the DHCP lease on the ethernet is
interfering with vpnc talking to DNS, and it gets confused as to what
it's connected to and thus, craps out. As such, I'm not really sure
what's at fault so I'll leave it at that here unless somebody has picked
up on something dnsmasq-related that I haven't seen.

What we did to do try and resolve the issue (no pun intended) is we
installed resolvconf to try and help manage /etc/resolv.conf, however
this doesn't seem to have done anything to remedy the issue. Am going to
also try setting a static IP on the ethernet interface (not ideal) and
see if that stops the issue from occurring.

Thanks anyway.

Ashton

-- 
Ashton Fagg (ashton at fagg.id.au)
Web: http://www.fagg.id.au/~ashton/

Keep calm and call Batman.